Cisco 642-825 Exam Demo, 50% OFF Cisco 642-825 Prep Guide With New Discount

New VCE and PDF– You can prepare Cisco 642-825 exam in an easy way with Cisco 642-825 questions and answers.By training our Cisco 642-825 vce dumps with all the latest questions, you can pass the Cisco 642-825 exam in the first attempt.

QUESTION 65
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)

A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit.
Routers C1 and C2 are customer routers. Routers RTA, RTB, RTC, and RTD are provider routers. The routers are operating with various IOS versions.
Which frame mode MPLS configuration statement is true?

A. After MPLS is enabled, the ip cef command is only required on routers RTA and RTD.
B. Before MPLS is enabled, the ip cef command is only required on routers RTA and RTD .
C. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers RTA and RTD.
D. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers RTA and RTD.
E. Before MPLS is enabled, the ip cef command must be applied to all provider routers.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which three DSL technologies support an analog POTS channel and utilize the entire bandwidth of the copper to carry data? (Choose three.)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
E. VDSL

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 68
What actions can be performed by the Cisco IOS IPS when suspicious activity is detected? (Choose four.)
A. send an alarm to a syslog server or a centralized management interface
B. initiate antivirus software to clean the packet
C. drop the packet
D. reset the connection
E. request packet to be resent
F. deny traffic from the source IP address associated with the connection

Correct Answer: ACDF Section: (none) Explanation Explanation/Reference:
QUESTION 69
Refer to the exhibit.
The SDM IPS Policies wizard is displaying the Select Interfaces window. Which procedure is best for applying IPS rules to interfaces?

A. Apply the IPS rules in the outbound direction on interfaces where outgoing malicious traffic is likely.
B. Apply the IPS rules in the outbound direction on interfaces where incoming malicious traffic is likely.
C. Apply the IPS rules in the inbound direction on interfaces where incoming malicious traffic is likely.
D. Apply the rules in the inbound direction on interfaces where outgoing malicious traffic is likely.
E. Apply the IPS rules both in the inbound and outbound direction on all interfaces.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit.
Which ACL configuration will prevent a DoS TCP SYN attack from a spoofed source into the internal network?

A. R1(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
B. R1(config)# access-list 120 deny ip any host 10.0.0.255 log R1(config)# access-list 120 permit ip any
10.0.0.0 0.0.0.255 log R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
C. R1(config)# access-list 120 deny icmp any any echo log R1(config)# access-list 120 deny icmp any any redirect log R1(config)# access-list 120 permit icmp any
10.0.0.0 0.0.0.255 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
D. R1(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established R1(config)# access-list 120 deny ip any any log R1(config)# interface FastEthernet0/0 R1(config-if)# ip access-group 120 in

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What are the four steps that occur with an IPsec VPN setup?
A. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
B. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Refer to the exhibit. On the basis of the information that is provided, which statement is true?

A. The IOS firewall has allowed an HTTP session between two devices.
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
C. A UDP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
D. Telnet is the only protocol allowed through this IOS firewall configuration.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
What is a recommended practice for secure configuration management?
A. Disable port scan.
B. Use SSH or SSL.
C. Deny echo replies on all edge routers.
D. Enable trust levels.
E. Use secure Telnet.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread.
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C. Extremely large volumes of requests are sent over a network or over the Internet.
D. Data or commands are injected into an existing stream of data. That stream is passed between a client and server application.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which two statements are true about the troubleshooting of VPN connectivity on a Cisco router? (Choose two.)
A. SDM can be used to provide statistical output that is related to IPsec SAs.
B. The debug crypto isakmp command output displays detailed IKE phase 1 and phase 2 negotiation processes.
C. SDM can be used to perform advance troubleshooting.
D. Knowledge of Cisco IOS CLI commands is required.
E. The Monitor Tunnel Operation page in SDM is the primary tool for troubleshooting VPN connectivity.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which action can be taken by Cisco IOS IPS when a packet matches a signature pattern?
A. drop the packet
B. reset the UDP connection
C. block all traffic from the destination address for a specified amount of time
D. perform a reverse path verification to determine if the source of the malicious packet was spoofed
E. forward the malicious packet to a centralized NMS where further analysis can be taken

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which statement about the aaa authentication enable default group radius enable command is true?
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AAA authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 78
Which three DSL technologies support an analog POTS channel and utilize the entire bandwidth of the copper to carry data? (Choose three.)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
E. VDSL

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit. What is the name given to the security zone occupied by the public web server?

A. extended proxy network
B. multiple DMZs
C. ALG
D. DMZ
E. proxy network
F. protected subnet

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Refer to the exhibit. ACL 150 was configured on Router RTA to mitigate against a range of common threats. On the basis of the information in the exhibit, which statement is true?

A. ACL 150 will mitigate common threats.
B. Interface Fa0/0 and interface Fa0/1 should have been configured with the IP addresses 10.1.1.1 and 10.2.1.1, respectively.
C. The ip access-group 150 command should have been applied to interface FastEthernet 0/0 in an inbound direction.
D. The ip access-group 150 command should have been applied to interface FastEthernet 0/0 in an outbound direction.
E. The ip access-group 150 command should have been applied to interface FastEthernet 0/1 in an outbound direction.
F. The last statement in ACL 150 should have been access-list 150 permit tcp 10.2.1.0 0.0.0.255 any established.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
Which two statements are correct about mitigating attacks by the use of access control lists (ACLs)? (Choose two.)
A. Extended ACLs on routers should always be placed as close to the destination as possible.
B. Each ACL that is created ends with an implicit permit all statement.
C. Ensure that earlier statements in the ACL do not negate any statements that are found later in the list.
D. Denied packets should be logged by an ACL that traps informational (level 6) messages.
E. IP packets that contain the source address of any internal hosts or networks inbound to a private network should be permitted.
F. More specific ACL statements should be placed earlier in the ACL.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 82
If an edge Label Switch Router (LSR) is properly configured, which three combinations are possible?
(Choose three.)
A. A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B. An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C. There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D. A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E. A received labeled IP packet is forwarded based upon both the label and the IP address.
F. A received labeled packet is forwarded based on the label. After the label is swapped, the newly labeled packet is sent.

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What three features does Cisco Security Device Manager (SDM) offer? (Choose three.)
A. smart wizards and advanced configuration support for NAC policy features
B. single-step mitigation of Distributed Denial of Service (DDoS) attacks
C. one-step router lockdown
D. security auditing capability based upon CERT recommendations
E. multi-layered defense against social engineering
F. single-step deployment of basic and advanced policy settings

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Refer to the exhibit. What statement is true about the interface S1/0 on router R1?

A. Labeled packets can be sent over an interface.
B. MPLS Layer 2 negotiations have occurred.
C. IP label switching has been disabled on this interface.
D. None of the MPLS protocols have been configured on the interface.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 85
What are the four steps that occur with an IPsec VPN setup?
A. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
B. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A. DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. What action should be taken to correct this problem?

A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, change the MTU value to 1500 using the ip mtu 1500 command.
C. On the Ethernet 0/1 interface, add the dialer pool-member 0 command.
D. On the Ethernet 0/1 interface, add the dialer pool-member 1 command.
E. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 0 command.
F. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 1 command.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What are two principles to follow when configuring ACLs with IOS Firewall? (Choose two.)
A. Prevent traffic that will be inspected by IOS Firewall from leaving the network through the firewall.
B. Configure extended ACLs to prevent IOS Firewall return traffic from entering the network through the firewall.
C. Configure an ACL to deny traffic from the protected networks to the unprotected networks.
D. Permit broadcast messages with a source address of 255.255.255.255.
E. Allow traffic that will be inspected by IOS Firewall to leave the network through the firewall.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 90
With MPLS, what is the function of the protocol ID (PID) in a Layer 2 header?
A. It specifies that the bottom-of-stack bit immediately follows.
B. It specifies that the payload starts with a label and is followed by an IP header.
C. It specifies that the receiving router use the top label only.
D. It specifies how many labels immediately follow.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)

A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Which statement identifies a limitation in the way Cisco IOS Firewall tracks UDP connections versus TCP connections?
A. It cannot track the source IP.
B. It cannot track the source port.
C. It cannot track the destination IP.
D. It cannot track the destination port.
E. It cannot track sequence numbers and flags.
F. It cannot track multicast or broadcast packets.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 93
What are three options for viewing Security Device Event Exchange (SDEE) messages in Security Device Manager (SDM)? (Choose three.)
A. to view SDEE status messages
B. to view SDEE keepalive messages
C. to view all SDEE messages
D. to view SDEE statistics
E. to view SDEE alerts
F. to view SDEE actions

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Refer to the exhibit. A network administrator wishes to mitigate network threats. Given that purpose, which two statements about the IOS firewall configuration that is revealed by the output are true? (Choose two.)

A. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/0.
B. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/1.
C. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/0.
D. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/1.
E. The configuration excerpt is an example of a CBAC list.
F. The configuration excerpt is an example of a reflexive ACL.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Refer to the exhibit. Which statement is true about the partial MPLS configuration that is shown?

A. The route-target both 100:2 command sets import and export route-targets for vrf2.
B. The route-target both 100:2 command changes a VPNv4 route to a IPv4 route.
C. The route-target import 100:1 command sets import route-targets routes specified by the route map.
D. The route-target import 100:1 command sets import route-targets for vrf2 that override the other route-target configuration.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which IOS command would display IPS default values that may not be displayed using the show running-config command?
A. show ip ips configuration
B. show ip ips interface
C. show ip ips statistics
D. show ip ips session

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which two actions will take place when One-Step Lockdown is implemented? (Choose two.)
A. CDP will be enabled.
B. A banner will be set.
C. Logging will be enabled.
D. Security passwords will be required to be a minimum of 8 characters.
E. Telnet settings will be disabled.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect to a headend as defined by the DOCSIS standard?

A. A, D, C, G, E, F, B
B. A, D, E, G, C, F, B
C. C, D, F, G, E, A, B
D. C, D, F, G, A, E, B
E. F, D, C, G, A, E, B
F. F, D, C, G, E, A, B

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. What does the “26” in the first two hop outputs indicate?

A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router
D. the IPv4 label for the destination router

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 101
What are the two main features of Cisco IOS Firewall? (Choose two.)
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Refer to the exhibit. Which two statements about the Network Time Protocol (NTP) are true? (Choose two.)

A. Router RTA will adjust for eastern daylight savings time.
B. To enable authentication, the ntp authenticate command is required on routers RTA and RTB.
C. To enable NTP, the ntp master command must be configured on routers RTA and RTB.
D. Only NTP time requests are allowed from the host with IP address 10.1.1.1.
E. The preferred time source located at 130.207.244.240 will be used for synchronization regardless of the other time sources.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Refer to the exhibit. Which two statements are true based on the output of the show crypto isakmp sa command? (Choose two.)

A. All current security associations (SA) are displayed.
B. The settings of the current SAs are displayed.
C. QM_idle indicates an active IPsec SA.
D. QM_idle indicates an inactive IKE SA.
E. QM_idle indicates an active IKE SA.
F. QM_idle indicates an inactive IPsec SA.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which two statements about an IDS are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS can send TCP resets to the source device.
C. The IDS can send TCP resets to the destination device.
D. The IDS listens promiscuously to all traffic on the network.
E. Default operation is for the IDS to discard malicious traffic.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Refer to the exhibit. What are the two options that are used to provide High Availability IPsec? (Choose two.)

A. RRI
B. IPsec Backup Peerings
C. Dynamic Crypto Map
D. HSRP
E. IPsec Stateful Switchover (SSO)
F. Dual Router Mode (DRM) IPsec

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 107
What are two ways to mitigate IP spoofing attacks? (Choose two.)
A. Disable ICMP echo.
B. Use RFC 3704 filtering (formerly know as RFC 2827).
C. Use encryption.
D. Configure trust levels.
E. Use NBAR.
F. Use MPLS.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Refer to the exhibit.
On the basis of the presented information, which configuration was completed on the router CPE?

A. CPE(config)# ip nat inside source list 101 interface Dialer0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
B. CPE(config)# ip nat inside source list 101 interface Dialer0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
C. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
D. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
E. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
F. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Refer to the exhibit. Which ACL configuration will prevent a DoS TCP SYN attack from a spoofed source into the internal network?

A. R1(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
B. R1(config)# access-list 120 deny ip any host 10.0.0.255 log R1(config)# access-list 120 permit ip any
10.0.0.0 0.0.0.255 log R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
C. R1(config)# access-list 120 deny icmp any any echo log R1(config)# access-list 120 deny icmp any any redirect log R1(config)# access-list 120 permit icmp any
10.0.0.0 0.0.0.255 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
D. R1(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established R1(config)# access-list 120 deny ip any any log R1(config)# interface FastEthernet0/0 R1(config-if)# ip access-group 120 in

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, Cisco 642-825 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-825 exam the first time.