Welcome to download the newest Examwind 642-825 dumps: https://www.pass4itsure.com/642-825.html
When deciding to choose Examwind Cisco 642-825 exam sample questions, you will choose the success in Cisco 642-825 exam. You aren’t planning to purchase a non reusable solution. Cisco 642-825 exam sample questions changes are supplied no cost. It doesn’t matter how shortly you choose grab the specific Cisco 642-825 exam sample questions accreditation, take the real Cisco 642-825 questions qualification, it will be easy just to walk in the screening space as assured as the Certification Administrator. Several Cisco 642-825 study books contain questions at the end of each chapter. Candidates should be able to practice Cisco 642-825 exam sample questions. If you plan for your free using your Flydumps assessment serps, most people ensure making money online within the initial endeavor.
QUESTION 117
Which two features require the use of the SDM Advanced Firewall wizard? (Choose two.)
A. custom rules
B. IP unicast reverse path forwarding
C. DMZ support
D. application security
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Refer to the exhibit. The Basic Firewall wizard has been used to configure a router. What is the purpose of the highlighted access list statement?
A. to prevent spoofing by blocking traffic entering interface Fa0/0 with a source address in the same subnet as interface VLAN10
B. to prevent spoofing by blocking traffic entering Fa0/0 with a source address in the RFC 1918 private address space
C. to establish a DMZ by preventing traffic from interface VLAN10 being sent out interface Fa0/0
D. to establish a DMZ by preventing traffic from interface Fa0/0 being sent out interface VLAN10
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 119
A site requires support for skinny and H.323 voice protocols. How is this configured on an IOS firewall using the SDM?
A. The Basic Firewall wizard is executed and the High Security Application policy is selected.
B. The Advanced Firewall wizard is executed and a custom Application Security policy is selected in place of the default Application Security policies.
C. The Application Security tab is used to create a policy with voice support before the Firewall wizard is run.
D. The Application Security tab is used to modify the SDM_High policy to add voice support prior to the Firewall wizard being run.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Refer to the exhibit. An IOS firewall has been configured to support skinny and H.323. Voice traffic is not passing through the firewall as expected. What needs to be corrected in this configuration?
A. Access list 100 needs to permit skinny and H.323.
B. Access list 101 needs to permit skinny and H.323.
C. The ip inspect Voice in command on interface FastEthernet 0/1 should be applied in the outbound direction.
D. The ip inspect Voice out command should be applied to interface FastEthernet 0/0.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Various configuration parameters are downloaded by a VPN client host during the mode configuration step of the Cisco Easy VPN remote connection process. Which parameter is required?
A. IP address
B. split tunnel attributes
C. Domain Name System (DNS)
D. crypto isakmp client group
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which command displays the settings used by the current IPsec security associations?
A. debug crypto isakmp sa
B. show crypto isakmp sa
C. show crypto isakmp key
D. show crypto ipsec sa
Correct Answer: D Section: (none) Explanation
QUESTION 123
When configuring the Cisco VPN Client, what action is required prior to installing Mutual Group Authentication?
A. Transparent tunneling must be enabled.
B. A valid root certificate must be installed.
C. A group pre-shared secret must be properly configured.
D. The option to “Allow Local LAN Access” must be selected.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Which two statements are true about signatures in a Cisco IOS IPS? (Choose two.)
A. The action of a signature can be enabled on a per-TCP-session basis.
B. Common signatures are hard-coded into the IOS image.
C. IOS IPS signatures are propagated with the SDEE protocol.
D. IOS IPS signatures are stored in the startup config of the router.
E. Selection of an SDF file should be based on the amount of RAM memory available on the router.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Which statement identifies a limitation in the way Cisco IOS Firewall tracks UDP connections versus TCP connections?
A. It cannot track the source IP.
B. It cannot track the source port.
C. It cannot track the destination IP.
D. It cannot track the destination port.
E. It cannot track sequence numbers and flags.
F. It cannot track multicast or broadcast packets.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Refer to the exhibit. What function does the access list serve?
A. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the Internet.
B. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the inside network and has a port number greater than 1024.
C. It allows TCP traffic from the 16.1.1.0/24 network to reach any destination if the request originated from the Internet and has a port number less than 1024.
D. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the inside network.
E. It allows TCP traffic from the 16.1.1.0/24 network to reach any destination if the request originated from the Internet.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Refer to the exhibit. What is the name given to the security zone occupied by the public web server?
A. extended proxy network
B. multiple DMZs
C. ALG
D. DMZ
E. proxy network
F. protected subnet
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which two active response capabilities can be configured on an intrusion detection system (IDS) in response to malicious traffic detection? (Choose two.)
A. the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Refer to the exhibit. Which description is true about the two-interface Cisco IOS firewall configuration?
A. blocks all incoming traffic except ICMP unreachable ‘packet-too-big’ messages that support MTU Path Discovery
B. permits all TCP, UDP, and ICMP traffic when the three types of traffic are initiated from outside the network
C. inspects the inbound packets on the fa0/0 interface and automatically allows the corresponding return traffic
D. blocks all ICMP unreachable ‘packet-too-big’ messages from reaching the inside network
E. inspects all TCP, UDP, and ICMP traffic when the three types of traffic are initiated from outside the network
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 130
What two proactive preventive actions are taken by an intrusion prevention system (IPS) when malicious traffic is detected? (Choose two.)
A. The IPS shuts down intermediary ports.
B. The IPS invokes SNMP-enabled controls.
C. The IPS sends an alert to the management station.
D. The IPS enables a dynamic access list.
E. The IPS denies malicious traffic.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Refer to the exhibit. Which statement is true about the IOS firewall configuration?
A. Inside users are not permitted to browse the Internet.
B. Outbound HTTP sessions are allowed by the ACL INSIDEACL. INSIDEACL is applied to the outside interface in the inbound direction.
C. Inbound SMTP and HTTP are permitted by the ACL OUTSIDEACL. OUTSIDEACL is applied to the inside interface in the outbound direction.
D. ICMP unreachable ‘packet-too-big’ messages are rejected on all interfaces to prevent DDOS attacks.
E. The TCP inspection will automatically allow return traffic of the outbound HTTP sessions and allow return traffic of the inbound SMTP and HTTP sessions.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 132
What is an MPLS forwarding equivalence class (FEC)?
A. an MPLS label that is attached to packets as a result of all of the packets having the same Layer 3 header
B. a set of packets with the same label that are forwarded to the same next hop
C. the QoS policy that is applied to an MPLS flow
D. the routing policy that is applied to an MPLS flow
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 133
Refer to the exhibit. Which statement is true about the IOS firewall configuration?
A. The inspection rules include the generic TCP inspection and are applied to outbound connections on the inside interface and to inbound sessions on the outside interface.
B. Outbound HTTP sessions are allowed by the ACL OUTSIDEACL that is applied to the inside interface in the inbound direction.
C. Outside hosts are allowed to initiate sessions with the SMTP server (200.1.2.1) and HTTP server
(200.1.2.2) located in the enterprise DMZ.
D. Inbound SMTP and HTTP are permitted by the ACL INSIDEACL that is applied to the outside interface in the inbound direction.
E. Inside users are not permitted to browse the Internet.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which statement is true when ICMP echo and echo-reply are disabled on edge devices?
A. Pings are allowed only to specific devices.
B. CDP information is not exchanged.
C. Port scans can no longer be run.
D. Some network diagnostic data is lost.
E. Wireless devices need to be physically connected to the edge device.
F. OSPF routing needs the command ip ospf network non-broadcast enabled.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Refer to the exhibit. What is the function of the redistribute commands?
A. to define the MPLS labels to attach to packets by the PE router
B. to define the MPLS labels to attach to packets by the CE router
C. to redistribute routes into the VRF BGP table
D. to redistribute routes into the local IGP routing table
E. to redistribute routes specifically into OSPF
F. to redistribute routes specifically into EIGRP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Refer to the exhibit. What information can be derived from the output of the show ip cef command?
A. IP CEF has not been configured properly to enable MPLS forwarding.
B. The 10.11.11.11 next-hop address is not reachable and will be tagged with an outer label of 17.
C. The 10.11.11.11 destination network is reachable and will be tagged with a IPv4 label of 17.
D. The 10.11.11.11 next-hop address is reachable and will be tagged with an outer label of 17.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Refer to the exhibit. What does the “26” in the first two hop outputs indicate?
A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router
D. the IPv4 label for the destination router
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
What are two ways to mitigate IP spoofing attacks? (Choose two.)
A. Disable ICMP echo.
B. Use RFC 3704 filtering (formerly know as RFC 2827).
C. Use encryption.
D. Configure trust levels.
E. Use NBAR.
F. Use MPLS.
Correct Answer: BC Section: (none) Explanation
QUESTION 139
Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread.
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C. Extremely large volumes of requests are sent over a network or over the Internet.
D. Data or commands are injected into an existing stream of data. That stream is passed between a client and server application.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 140
What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches.
B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines.
E. Enable anti-spoof measures
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 141
How can virus and Trojan horse attacks be mitigated?
A. Disable port scan.
B. Deny echo replies on all edge routes.
C. Implement RFC 2827 filtering.
D. Use antivirus software.
E. Enable trust levels.
Correct Answer: D Section: (none) Explanation
QUESTION 142
What are two ways to reduce the risk of an application-layer attack? (Choose two.)
A. Disable port scans.
B. Deny echo replies on all edge routers.
C. Implement RFC 2827 filtering.
D. Use intrusion detection systems (IDS).
E. Read operating system and network log files.
Correct Answer: DE Section: (none) Explanation
QUESTION 143
What is a recommended practice for secure configuration management?
A. Disable port scan.
B. Use SSH or SSL.
C. Deny echo replies on all edge routers.
D. Enable trust levels.
E. Use secure Telnet.
Correct Answer: B Section: (none) Explanation
QUESTION 144
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Refer to the exhibit. Which statement is true about the partial MPLS configuration that is shown?
A. The route-target both 100:2 command sets import and export route-targets for vrf2.
B. The route-target both 100:2 command changes a VPNv4 route to a IPv4 route.
C. The route-target import 100:1 command sets import route-targets routes specified by the route map.
D. The route-target import 100:1 command sets import route-targets for vrf2 that override the other route-target configuration.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 146
What three classifications reflect the different approaches used to identify malicious traffic? (Choose three.)
A. platform based
B. signature based
C. policy based
D. regular-expression based
E. symbol based
F. anomaly based
Correct Answer: BCF Section: (none) Explanation
QUESTION 147
Which approach for identifying malicious traffic looks for a fixed sequence of bytes in a single packet or a predefined content?
A. signature based
B. anomaly based
C. honeypot based
D. policy based
E. regular-expression based
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 148
Which Security Device Manager (SDM) feature expedites the deployment of the default intrusion preventions system (IPS) settings and provides configuration steps for interface and traffic flow selection, SDF location, and signature deployment?
A. IPS Edit menu
B. IPS Command wizard
C. IPS Policies wizard
D. IPS Signature Definition File (SDF) menu
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 149
For what purpose does SDM use Security Device Event Exchange (SDEE)?
A. to extract relevant SNMP information
B. to pull event logs from the router
C. to perform application-level accounting
D. to provide a keepalive mechanism
Correct Answer: B Section: (none) Explanation
QUESTION 150
What are three options for viewing Security Device Event Exchange (SDEE) messages in Security Device Manager (SDM)? (Choose three.)
A. to view SDEE status messages
B. to view SDEE keepalive messages
C. to view all SDEE messages
D. to view SDEE statistics
E. to view SDEE alerts
F. to view SDEE actions
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: QUESTION 151
What are three configurable parameters when editing signatures in Security Device Manager (SDM)? (Choose three.)
A. AlarmSeverity
B. AlarmKeepalive
C. AlarmTraits
D. EventMedia
E. EventAlarm
F. EventAction
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 152
Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect to a headend as defined by the DOCSIS standard?
A. A, D, C, G, E, F, B
B. A, D, E, G, C, F, B
C. C, D, F, G, E, A, B
D. C, D, F, G, A, E, B
E. F, D, C, G, A, E, B
F. F, D, C, G, E, A, B
Correct Answer: E Section: (none)
Explanation
Explanation/Reference:
QUESTION 153
Which two statements are true of a typical hybrid fiber coax (HFC) network? (Choose two.)
A. Downstream bandwidth to the subscriber can be up to 7 Mbps.
B. Downstream bandwidth to the subscriber can be up to 17 Mbps.
C. Effective distribution network segments connect between 100 and 2,000 subscribers.
D. Effective distribution network segments connect between 500 and 5,000 subscribers.
E. Upstream bandwidth from the subscriber can be up to 1.5 Mbps.
F. Â Â Â Upstream bandwidth from the subscriber can be up to 2.5 Mbps.
Correct Answer: CF Section: (none) Explanation
QUESTION 154
Refer to the exhibit. Box A and Box B identify the two RF paths that a cable modem operates in. Which two sets of statements are true? (Choose two.)
A. Box A identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 50 MHz to 860 MHz.
B. Box A identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 5 MHz to 42 MHz.
C. Box A identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 5 MHz to 42 MHz.
D. Box B identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 50 MHz to 860 MHz.
E. Box B identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 5 MHz to 42 MHz.
F. Â Â Â Box B identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 50 MHz to 860 MHz.
Correct Answer: CD Section: (none) Explanation Explanation/Reference:
QUESTION 155
Refer to the exhibit. The exhibit is a graphical representation of an ADSL connection. Which two sets of statements are true? (Choose two.)
A. Arrow A represents the downstream direction. Data rates up to 1 Mbps are supported.
B. Arrow A represents the downstream direction. Data rates up to 8 Mbps are supported.
C. Arrow A represents the downstream direction. Data rates up to 27 Mbps are supported.
D. Arrow B represents the upstream direction. Data rates up to 1 Mbps are supported.
E. Arrow B represents the upstream direction. Data rates up to 8 Mbps are supported.
F. Arrow B represents the upstream direction. Data rates up to 27 Mbps are supported.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 156
Which statement about DSL is true?
A. Attenuation of signal strength is due to untwisted or poorly twisted wiring.
B. Impedance mismatch is due to a change in wire gauge, which results in a degraded signal.
C. Noise and reflection is due to missing bridge taps, which terminate the cable end connected to the local loop.
D. Shorter local loop distance is due to missing load coils, which are required to condition the line.
Correct Answer: B Section: (none) Explanation
Cisco 642-825 Questions and Answers Products basically comprise of the simulated Cisco 642-825Â exam questions AND their most correct answers,accompanied with a methodical elucidation of the Cisco 642-825 exam answers and the probable wrong answers.The extent to which Cisco 642-825 exam Questions and Answers Products cover their Cisco subject is so thorough,that once you are done with a Cisco product,passing the Cisco 642-825 exam in first attempt should be a piece of cake.
Welcome to download the newest pass4itsure 642-825 dumps: https://www.pass4itsure.com/642-825.html
Cisco 642-825 Q&A, Most Reliable Cisco 642-825 Dump Is Your Best Choice