Cisco 642-825 PDF Dumps, Provide Discount Cisco 642-825 Certification Exams Are Based On The Real Exam

ATTENTION : Because Cisco 642-825 exam has change recently,Flydumps has updated the Cisco 642-825 exam dumps with all new Cisco 300-101 exam questions and answers, visit flydumps.com to get free Cisco 642-825 PDF and VCE dumps.

QUESTION 50
What are the four steps, in their correct order, to mitigate a worm attack?
A. contain, inoculate, quarantine, and treat
B. inoculate, contain, quarantine, and treat
C. quarantine, contain, inoculate, and treat
D. preparation, identification, traceback, and postmortem
E. preparation, classification, reaction, and treat
F. identification, inoculation, postmortem, and reaction

Correct Answer: A Section: (none) Explanation
QUESTION 51
Which three benefits does IPsec VPNs provide? (Choose three.)
A. Origin authentication
B. Adaptive threat defense
C. Confidentiality
D. Qos
E. Data integrity
F. A fully-meshed topology with low overhead

Correct Answer: ACE Section: (none) Explanation
QUESTION 52
Refer to the exhibit.

When you are using the Quick Setup option of the Site-to-Site VPN wizard on the SDM to configure an IPsec VPN, which three settings can you configure? (Choose three.)
A. Peer identity
B. Crypto map
C. Pre-shared key
D. Transform set priority
E. Source interface and destination IP address
F. Encapsulation security payload

Correct Answer: ACE Section: (none) Explanation
QUESTION 53
Which IPsec VPN term describes a policy contract that specifies how two peers will use IPsec security services to protect network traffic?
A. Encapsulation security payload
B. Transform set
C. Authentication header
D. Security association

Correct Answer: D Section: (none) Explanation
QUESTION 54
Refer to the exhibit.

What command generates the pictured output?
A. Show crypto ipsec transform-set
B. Debug crypto ipsec
C. Show crypto ipsec sa
D. Show crypto map

Correct Answer: C Section: (none) Explanation
QUESTION 55
If an edge Label Switch Router (LSR) is properly configured, which three combinations are possible? (Choose three.)
A. A received lP packet is forwarded based on the lP destination address and the packet is sent as an lP packet.
B. An lP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C. There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D. A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E. A received labeled IP packet is forwarded based upon both the label and the IP address.
F. A received labeled packet is forwarded based on the label. Alter the label is swapped, the newly labeled packet is sent.

Correct Answer: ADF Section: (none) Explanation
QUESTION 56
Which three techniques should be used to secure management protocols? (Choose three.)
A. Configure SNMP with only read-only community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 2827 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Synchronize the NTP master clock with an Internet atomic clock.
E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.

Correct Answer: ABC Section: (none) Explanation
QUESTION 57
Which two management protocols provide security enhancements such as cryptographic authentication and packet encryption of management traffic? (Choose two.)
A. NTP version 3
B. SNMP version 3
C. Syslog version3
D. Telnet version 3
E. TFTP version 3

Correct Answer: AB Section: (none) Explanation
QUESTION 58
Refer to the exhibit.

SDM has been used to configure IPS on the router. While reviewing the Secure Device Event Exchange (SDEE) error messages, you noticed that SDM failed to load a signature definition file (SDF) from the specified URL locations. Which other location, if enabled, could the SDF be loaded from?
A. The RAM of a router
B. The flash memory of a router
C. The startup configuration file of a router
D. The running configuration file of a router
E. The RAM of a PC

Correct Answer: B Section: (none) Explanation
QUESTION 59
Refer to the exhibit.

What is one of the objectives accomplished by the default startup configuration file created by the SDM?
A. Blocks both Telnet and SSH
B. Prevents the router from ever being used as an HTTP server
C. Encrypts all HTTP traffic to prevent man-in-the-middle attacks
D. Enables local logging to support the log monitoring function
E. Requires access authentication by a TACACS+ server

Correct Answer: D Section: (none) Explanation
QUESTION 60
Refer to the exhibit.

What is the exhibited configuration an example of?
A. Authentication Proxy
B. lOS firewall
C. Distributed time-based ACLs
D. Infrastructure protection ACLs
E. Turbo ACLs
F. Reflexive ACLs

Correct Answer: B Section: (none) Explanation
QUESTION 61
Refer to the exhibit.

What does the configuration accomplish?
A. The configuration permits ICMP outbound traffic, denies ICMP inbound traffic, and permits traffic that has been initiated from inside a router that has been synched with an NTP server.
B. The configuration permits ICMP inbound traffic, denies ICMP outbound traffic, and permits traffic that has been initiated from inside a router that has been synched with an NTP server.
C. For the specified protocols, the configuration results in a timeout value of 3600 seconds for authentication of encrypted traffic.
D. The configuration uses NTP synchronization to implement time-based ACLs.
E. The configuration creates temporary openings in the access lists of the firewall. These openings time out alter the specified period of inactivity.
F. The configuration creates temporary openings in the access lists of the firewall. These openings have an absolute timeout value.

Correct Answer: E Section: (none) Explanation
QUESTION 62
Refer to the exhibit

What type of security configuration is being verified?
A. TurboACLs
B. Reflexive ACLs
C. Authentication Proxy
D. lOS Firewall
E. Distributed Time-Based ACLs
F. Infrastructure Protection ACLs

Correct Answer: D Section: (none) Explanation
QUESTION 63
Which firewall feature allows per-user policy to be downloaded dynamically to the router from a TACACS+ or RADIUS server using AAA services?
A. Intrusion Prevention System
B. Reflexive ACLs
C. Authentication Proxy
D. Lock-and-Key (dynamic ACLs)
E. Port-to-Application Mapping (RAM)

Correct Answer: C Section: (none) Explanation
QUESTION 64
Which statement describes Reverse Route Injection (RRI)?
A. A static route that points towards the Cisco Easy VPN server is created on the remote client.
B. A static route is created on the Cisco Easy VPN server for the internal IP address of each VPN client.
C. A default route is injected into the route table of the remote client.
D. A default route is injected into the route table of the Cisco Easy VPN server.

Correct Answer: B Section: (none) Explanation QUESTION 65
Which two commands will start services that should be enabled for SDM operations? (Choose two.)
A. ip http secure-server
B. ip http authentication local
C. service password-encryption
D. ip dhcp-client network-discovery
E. service tcp-small-servers

Correct Answer: AB Section: (none) Explanation
QUESTION 66
Which privilege level is required when configuring the SDM?
A. 0
B. 1
C. 8
D. 10
E. 12
F. 15

Correct Answer: F Section: (none) Explanation
QUESTION 67
Which two actions will take place when One-Step Lockdown is implemented? (Choose two.)
A. CDP will be enabled.
B. A banner will be set.
C. Logging will be enabled.
D. Security passwords will be required to be a minimum of 8 characters.
E. Telnet settings will be disabled.

Correct Answer: BC Section: (none) Explanation
QUESTION 68
Refer to the exhibit What does the “Allow Local LAN Access” option enable a Cisco software VPN client to do?

A. allows remote connections tram trusted clients to access local resources
B. allows secured remote clients to access local LAN resources through the VPN connection
C. allows local traffic from trusted resources to pass through the VPN connection
D. allows a user to access the resources on the local LAN when connected through a secure gateway to a central-site VPN device

Correct Answer: D Section: (none) Explanation
QUESTION 69
Which two statements are true about Cisco lOS Firewall? (Choose two.)
A. It enhances security for TCP applications only.
B. It enhances security for TCP and UDP applications.
C. It enhances security for UDP applications only.
D. It is implemented as a per-application process.
E. It is implemented as a per-destination process.

Correct Answer: BD Section: (none) Explanation
QUESTION 70
Refer to the exhibit Of the numbered items in the exhibit, which combination is required to implement only SSH?

A. 1, 3, 5, 6, 7, and 9
B. 5, 6, and 7
C. 5, 6, 7, and 9
D. 1, 4, 5, and 9
E. 2, 3, 5, and 9

Correct Answer: D Section: (none) Explanation
QUESTION 71
Which statement is true about the super view of Role-Based CLI?
A. A CLI view cannot be shared by multiple super views.
B. Any user with level 15 privileges can create or modify views and super views.
C. Commands cannot be directly configured for a super view.
D. The maximum number of CLI views which can exist is limited only by the amount of flash available.

Correct Answer: C Section: (none) Explanation
QUESTION 72
Which HFC cable network statement is true about the downstream data channel to the customer and the upstream data channel to the service provider?
A. The downstream data path is assigned a 30 MHz channel and the upstream data path is assigned a 1 MHz channel.
B. The downstream data path is assigned a fixed bandwidth channel and the upstream data path uses a variable bandwidth channel.
C. Both upstream and downstream data paths are assigned in 6 MHz channels.
D. The upstream data path is assigned a channel in a higher frequency range than the downstream path has.

Correct Answer: C Section: (none) Explanation
QUESTION 73
Which statement about xDSL implementations is true?
A. All xDSL standards operate in higher frequencies than the POTS system and therefore can coexist on the same media.
B. All xDSL standards operate in lower frequencies than the POTS system and can therefore coexist on the same media.
C. The ADSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
D. The HDSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
E. Other than providing higher data rates, HDSL is identical to ADSL.

Correct Answer: C Section: (none) Explanation
QUESTION 74
Which two statements about the Autosecure feature are true? (Choose two.)
A. Auto Secure automatically disables the CDP feature.
B. If you enable AutoSecure, the minimum length of the login and enable passwords is set to 6 characters.
C. The auto secure full command automatically configures the management and forwarding planes without any user interaction.
D. To enable AutoSecure, the auto secure global configuration command must be used.
E. Once AutoSecure has been configured, the user can launch the SDM Web interface to perform a security audit.

Correct Answer: AB Section: (none) Explanation
QUESTION 75
Which statement is true about the global configuration command ntp server 198.133.219.25?
A. Entering the command ntp server 198.133.219.26 would replace the original command ntp server
196.133.219.25.
B. The command configures the router to be the NTP time source for a peer located at IP address 198.133.219.25.
C. The command configures the router to provide the date and clock setting for a host located at IP address 198.133.219.25.
D. The command configures the router to synchronize with an NTP time source located at IP address
198.133.219.25.

Correct Answer: D Section: (none) Explanation
QUESTION 76
Which statement is true about a router configured with the ntp trusted-key 10 command?
A. This router only synchronizes to a system that uses this key in its NTP packets.
B. The lOS will not permit ’10’ as an argument to the ntp trusted-key command.
C. This command enables DES encryption of NTP packets.
D. This router will join an NTP multicast group where all routers share the same trusted key.

Correct Answer: A Section: (none) Explanation
QUESTION 77
Which statement about the aaa authentication enable default group radius enable command is true?”
A. lf the radius server returns an error the enable password will be used.
B. It the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AAA authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.

Correct Answer: A Section: (none) Explanation
QUESTION 78
Which command sequence is an example of a correctly configured AAA configuration that uses the local database?
A. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication LOCAL_AUTH
B. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication default
C. RTA(config)# aaa new-model RTA(config)# tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco 123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA(config-line)# login authentication default
D. RTA(config)# aaa new-model RTA(config)#tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco 123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA(config-line)# login authentication LOCAL AUTH

Correct Answer: A Section: (none) Explanation
QUESTION 79
Refer to the exhibit Based on the partial configuration, which two statements are true? (Choose two.)

A. If configured, the enable password could also be used to log into the console port.
B. The local parameter is missing at the end of each aaa authentication LOCAL-AUTH command.
C. The command aaa authentication default should be issued for each line instead of the login authentication LOCAL_AUTH command.
D. This is an example of a self-contained AAA configuration using the local database.
E. To make the configuration more secure, the none parameter should be added to the end of the aaa authentication login LOCAL_AUTH local command.
F. To successfully establish a Telnet session with RTA, a user can enter the username Bob and password cisco.

Correct Answer: DF Section: (none) Explanation
QUESTION 80
Refer to the exhibit.

A network administrator wishes to mitigate network threats. Given that purpose, which two statements about the lOS firewall configuration that is revealed by the output are true?
A. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/0.
B. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/1.
C. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/0.
D. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/1.
E. The configuration excerpt is an example of a CBAC list.
F. The configuration excerpt is an example of a reflexive ACL.

Correct Answer: BE Section: (none) Explanation
QUESTION 81
In an MPLS VPN implementation, how are overlapping customer prefixes propagated?
A. A separate instance of the core lGP is used for each customer.
B. Separate BGP sessions are established between each customer edge LSR.
C. Because customers have their own unique LSPs, address space is kept separate.
D. A route target is attached to each customer prefix.
E. Because customers have their own interfaces, distributed CEFs keep the forwarding tables separate.

Correct Answer: D Section: (none) Explanation
QUESTION 82
Refer to the exhibit

On the basis of the information presented, which configuration change would correct the Secure Shell (SSH) problem?
A. Configure router RTA with the ip domain name domain-name global configuration command.
B. Configure router RTA with the crypto key generate rsa general-keys modulus modulus- number global configuration command.
C. Configure router RTA with the crypto key generate rsa usage-keys modulus modulus-number global configuration command.
D. Configure router RTA with the transport input ssh vty line configuration command.
E. Configure router RTA with the no transport input telnet vty line configuration command.

Correct Answer: D Section: (none) Explanation
QUESTION 83
When configuring a site-to-site IPsec VPN tunnel, which configuration must be the exact reverse of the other IPsec peer?
A. the IPsec transform
B. the crypto ACL
C. the ISAKMP policy
D. the pre-shared key
E. the crypto map

Correct Answer: B Section: (none) Explanation
QUESTION 84
Refer to the exhibit.

A user is unable to initiate an SSH session with RTA. To help troubleshoot the problem, RTA has been configured as indicated in the exhibit. However, a second attempt to initiate an SSH connection to RTA fails to generate debug information on the Syslog server. What configuration change would display the debug information on the Syslog server?
A. Router RTA should be configured with the debug ip packet EXEC command.
B. Router RTA must be configured with the correct Syslog IP address.
C. Router RTA must be configured with the logging buffered informational global configuration command.
D. Router RTA must be configured with the logging monitor debugging global configuration command.
E. Router RTA must be configured with the logging trap debugging global configuration command.

Correct Answer: E Section: (none) Explanation
QUESTION 85
When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Choose two.)
A. MTU size of the GRE tunnel interface
B. GRE tunnel source interface or IP address, and tunnel destination IP address
C. IPSEC mode (tunnel or transport)
D. GRE tunnel interface IP address
E. crypto ACL number

Correct Answer: BD Section: (none) Explanation

We provide Cisco 642-825 help and information on a wide range of issues. Cisco 642-825 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-825 free to send us any questions and we always try our best to keeping our Customers Satisfied.