Cisco 640-811 Exam, Latest Cisco 640-811 Exam Dumps On Sale

Welcome to download the newest Pass4itsure 200-310 dumps:

Cisco 640-811 exams are taken in computer networking. Android puts its own exam item into the system of Parametric Test Company, and then the testing system of that company makes different pieces of examination paper for registered examinees. The existing knowledge updates very quickly, so Cisco 640-811 exam sample questions updates constantly as the update of its products. You know that certification exams can not increase your work experience. In addition, Cisco 640-811 mainly concerns with technical skills. Our FLYDUMPS Cisco 640-811 exam sample questions are constantly being updated. You can check the quality of our practice test updates by visiting our latest news page or signing up to our newsletter for recent updates and New Releases to our practice exams.

QUESTION 134
Which statement is true when ICMP echo and echo-reply are disabled on edge devices?
A. Pings are allowed only to specific devices.
B. CDP information is not exchanged.
C. Port scans can no longer be run.
D. Some network diagnostic data is lost.
E. Wireless devices need to be physically connected to the edge device.
F. OSPF routing needs the command ip ospf network non-broadcast enabled.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Refer to the exhibit. What is the function of the redistribute commands?

A. to define the MPLS labels to attach to packets by the PE router
B. to define the MPLS labels to attach to packets by the CE router
C. to redistribute routes into the VRF BGP table
D. to redistribute routes into the local IGP routing table
E. to redistribute routes specifically into OSPF
F. to redistribute routes specifically into EIGRP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Refer to the exhibit. What information can be derived from the output of the show ip cef command?

A. IP CEF has not been configured properly to enable MPLS forwarding.
B. The 10.11.11.11 next-hop address is not reachable and will be tagged with an outer label of 17.
C. The 10.11.11.11 destination network is reachable and will be tagged with a IPv4 label of 17.
D. The 10.11.11.11 next-hop address is reachable and will be tagged with an outer label of 17.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Refer to the exhibit. What does the “26” in the first two hop outputs indicate?

A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router
D. the IPv4 label for the destination router

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
What are two ways to mitigate IP spoofing attacks? (Choose two.)
A. Disable ICMP echo.
B. Use RFC 3704 filtering (formerly know as RFC 2827).
C. Use encryption.
D. Configure trust levels.
E. Use NBAR.
F. Use MPLS.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 139
Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread.
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C. Extremely large volumes of requests are sent over a network or over the Internet.
D. Data or commands are injected into an existing stream of data. That stream is passed between a client and server application.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 140
What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches.
B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines.
E. Enable anti-spoof measures

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 141
How can virus and Trojan horse attacks be mitigated?
A. Disable port scan.
B. Deny echo replies on all edge routes.
C. Implement RFC 2827 filtering.
D. Use antivirus software.
E. Enable trust levels.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 142
What are two ways to reduce the risk of an application-layer attack? (Choose two.)
A. Disable port scans.
B. Deny echo replies on all edge routers.
C. Implement RFC 2827 filtering.
D. Use intrusion detection systems (IDS).
E. Read operating system and network log files.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 143
What is a recommended practice for secure configuration management?
A. Disable port scan.
B. Use SSH or SSL.
C. Deny echo replies on all edge routers.
D. Enable trust levels.
E. Use secure Telnet.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 144
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Refer to the exhibit. Which statement is true about the partial MPLS configuration that is shown?

A. The route-target both 100:2 command sets import and export route-targets for vrf2.
B. The route-target both 100:2 command changes a VPNv4 route to a IPv4 route.
C. The route-target import 100:1 command sets import route-targets routes specified by the route map.
D. The route-target import 100:1 command sets import route-targets for vrf2 that override the other route-target configuration.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 146
What three classifications reflect the different approaches used to identify malicious traffic? (Choose three.)
A. platform based
B. signature based
C. policy based
D. regular-expression based
E. symbol based
F. anomaly based

Correct Answer: BCF Section: (none) Explanation Explanation/Reference:
QUESTION 147
Which approach for identifying malicious traffic looks for a fixed sequence of bytes in a single packet or a predefined content?
A. signature based
B. anomaly based
C. honeypot based
D. policy based
E. regular-expression based

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 148
Which Security Device Manager (SDM) feature expedites the deployment of the default intrusion preventions system (IPS) settings and provides configuration steps for interface and traffic flow selection, SDF location, and signature deployment?
A. IPS Edit menu
B. IPS Command wizard
C. IPS Policies wizard
D. IPS Signature Definition File (SDF) menu

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 149
For what purpose does SDM use Security Device Event Exchange (SDEE)?
A. to extract relevant SNMP information
B. to pull event logs from the router
C. to perform application-level accounting
D. to provide a keepalive mechanism

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 150
What are three options for viewing Security Device Event Exchange (SDEE) messages in Security Device Manager (SDM)? (Choose three.)
A. to view SDEE status messages
B. to view SDEE keepalive messages
C. to view all SDEE messages
D. to view SDEE statistics
E. to view SDEE alerts
F. to view SDEE actions

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 151
What are three configurable parameters when editing signatures in Security Device Manager (SDM)? (Choose three.)
A. AlarmSeverity
B. AlarmKeepalive
C. AlarmTraits
D. EventMedia
E. EventAlarm
F. EventAction

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 152
Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect to a headend as defined by the DOCSIS standard?

A. A, D, C, G, E, F, B

B. A, D, E, G, C, F, B
C. C, D, F, G, E, A, B
D. C, D, F, G, A, E, B
E. F, D, C, G, A, E, B
F. F, D, C, G, E, A, B

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 153
Which two statements are true of a typical hybrid fiber coax (HFC) network? (Choose two.)
A. Downstream bandwidth to the subscriber can be up to 7 Mbps.
B. Downstream bandwidth to the subscriber can be up to 17 Mbps.
C. Effective distribution network segments connect between 100 and 2,000 subscribers.
D. Effective distribution network segments connect between 500 and 5,000 subscribers.
E. Upstream bandwidth from the subscriber can be up to 1.5 Mbps.
F. Upstream bandwidth from the subscriber can be up to 2.5 Mbps.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 154
Refer to the exhibit. Box A and Box B identify the two RF paths that a cable modem operates in. Which two sets of statements are true? (Choose two.)

A. Box A identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 50 MHz to 860 MHz.
B. Box A identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 5 MHz to 42 MHz.
C. Box A identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 5 MHz to 42 MHz.
D. Box B identifies the downstream frequencies from the cable operator to the subscriber. The frequencies range from 50 MHz to 860 MHz.
E. Box B identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 5 MHz to 42 MHz.
F. Box B identifies the upstream frequencies from the subscriber to the cable operator. The frequencies range from 50 MHz to 860 MHz.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 155
Refer to the exhibit. The exhibit is a graphical representation of an ADSL connection. Which two sets of statements are true? (Choose two.)

A. Arrow A represents the downstream direction. Data rates up to 1 Mbps are supported.
B. Arrow A represents the downstream direction. Data rates up to 8 Mbps are supported.
C. Arrow A represents the downstream direction. Data rates up to 27 Mbps are supported.
D. Arrow B represents the upstream direction. Data rates up to 1 Mbps are supported.
E. Arrow B represents the upstream direction. Data rates up to 8 Mbps are supported.
F. Arrow B represents the upstream direction. Data rates up to 27 Mbps are supported.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 156
Which statement about DSL is true?
A. Attenuation of signal strength is due to untwisted or poorly twisted wiring.
B. Impedance mismatch is due to a change in wire gauge, which results in a degraded signal.
C. Noise and reflection is due to missing bridge taps, which terminate the cable end connected to the local loop.
D. Shorter local loop distance is due to missing load coils, which are required to condition the line.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which two xDSL statements are true? (Choose two.)
A. ADSL offers downstream rates of up to 1 Mbps and upstream rates of up to 8 Mbps over a maximum distance of 5.6 km (18,000 feet).
B. ADSL offers downstream rates of up to 8 Mbps and upstream rates of up to 1 Mbps over a maximum distance of 5.6 km (18,000 feet).
C. G.SHDSL offers downstream and upstream rates of up to 2.3 Mbps over a maximum distance of 8.52 km (28,000 feet).
D. IDSL offers downstream and upstream rates of up to 1 Mbps over a maximum distance of 5.6 km (18,000 feet).
E. VDSL offers downstream rates of up to 13 Mbps and upstream rates of up to 52 Mbps over a maximum distance of 8.52 km (28,000 feet).
F. VDSL offers downstream rates of up to 52 Mbps and upstream rates of up to 13 Mbps over a maximum distance of 8.52 km (28,000 feet).

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. What action can be taken to correct this problem?

A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, change the MTU value to 1500 by using the ip mtu 1500 command.
C. On the Dialer0 interface, change the pool number to 0 by using the dialer pool 0 command.
D. On the Dialer0 interface, enter the ip address negotiated command.
E. On the Ethernet 0/1 interface, change the pool number to 0 by using the pppoe-client dial-pool-number 0 command.
F. On the Ethernet 0/1 interface, enter the ip address negotiated command.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which statement about an ADSL POTS splitter is true?
A. It forwards voice traffic to the DSLAM in the CO.
B. It is a low-pass microfilter with one end that connects to the ADSL modem, and the other end that connects to the telephone wall jack.
C. It is a passive device that is used to separate the DSL traffic from the POTS traffic.
D. It is an active device that is installed at the customer premise and which filters unused frequencies.
E. It allows only the 0 – 4 kHz frequency range to pass to or from the ASDL modem.
F. It allows only the 20 kHz – 1 MHz frequency range to pass to or from the ASDL modem.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 160
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. What action should be taken to correct this problem?

A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, change the MTU value to 1500 using the ip mtu 1500 command.
C. On the Ethernet 0/1 interface, add the dialer pool-member 0 command.
D. On the Ethernet 0/1 interface, add the dialer pool-member 1 command.
E. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 0 command.
F. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 1 command.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 161
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. Which action would correct this problem?

A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, add the ip mtu 1496 command.
C. On the ATM0/0 interface, add the dialer pool-member 0 command.
D. On the ATM0/0 interface, add the dialer pool-member 1 command.
E. On the ATM0/0 interface, add the pppoe-client dial-pool-number 0 command.
F. On the ATM0/0 interface, add the pppoe-client dial-pool-number 1 command.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Refer to the exhibit. Which two statements are true about the authentication method used to authenticate users who want privileged access into Router1? (Choose two.)

A. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the router will attempt to authenticate the user using its local database.
B. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the authentication process stops and no other authentication method is attempted.
C. All users will be authenticated using the RADIUS server. If the user authentication fails, the router will attempt to authenticate the user using its local database.
D. All users will be authenticated using the RADIUS server. If the user authentication fails, the authentication process stops and no other authentication method is attempted.
E. The default login authentication method is applied automatically to all lines including console, auxiliary, TTY, and VTY lines.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which three techniques should be used to secure management protocols? (Choose three.)
A. Configure SNMP with only read-only community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Synchronize the NTP master clock with an Internet atomic clock.
E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: QUESTION 164
Refer to the exhibit. Which statement is true about the authentication process?

A. A user attempted to log in to the router via the tty51 port and tried to access the user mode (privilege level 1) using the default list for authentication against the local user database. The user’s access was permitted.
B. A user attempted to log in to the router via the tty51 port and tried to access the user mode (privilege level 1) using the default list for authentication against the local user database. The user’s access was denied.
C. A user attempted to log in to the router via the tty51 port and tried to access the user mode (privilege level 1) using the named list ADMIN. The user’s access was permitted.
D. A user attempted to log in to the router via the tty51 port and tried to access the user mode (privilege level 1) using named list ADMIN. The user’s access was denied.
E. The output “GETPASS” means that the user successfully authenticated.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which IOS firewall feature allows per-user policy to be downloaded dynamically to the router from a TACACS+ or RADIUS server using AAA services?
A. Intrusion Prevention System
B. Reflexive ACLs
C. Authentication Proxy
D. Lock-and-Key (dynamic ACLs)
E. Port-to-Application Mapping (PAM)

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 166
Refer to the exhibit. Which statement about the authentication process is true?

A. The LIST1 list will disable authentication on the console port.
B. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port.
C. All login requests will be authenticated using the group tacacs+ method.
D. All login requests will be authenticated using the local database method.
E. The default login authentication will automatically be applied to all login connections.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 167
In an MPLS VPN implementation, how are overlapping customer prefixes propagated?
A. A separate instance of the core IGP is used for each customer.
B. Separate BGP sessions are established between each customer edge LSR.
C. Because customers have their own unique LSPs, address space is kept separate.
D. A route distinguisher is attached to each customer prefix.
E. Because customers have their own interfaces, distributed CEFs keep the forwarding tables separate.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Refer to the exhibit. What type of security solution will be provided for the inside network?

A. The ACL will block all ICMP echo requests coming from an external host.
B. The ACL will prevent router R1 from forwarding broadcast traffic to the inside LAN network.
C. The ACL will filter all packets whose TCP headers have the SYN flag set.
D. The ACL will allow TCP connections into the inside network, but will reset the connections in case of a TCP SYN attack.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 169
Refer to the exhibit. What type of security solution will be provided for the inside network?

A. The TCP connection that matches the defined ACL will be reset by the router if the connection does not complete the three-way handshake within the defined time period.
B. The router will reply to the TCP connection requests. If the three-way handshake completes successfully, the router will establish a TCP connection between itself and the server.
C. The TCP traffic that matches the ACL will be allowed to pass through the router and create a TCP connection with the server.
D. The router will intercept the traceroute messages. It will validate the connection requests before forwarding the packets to the inside network.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 170
Refer to the exhibit. A network administrator wishes to mitigate network threats. Given that purpose, which two statements about the IOS firewall configuration that is revealed by the output are true? (Choose two.)

A. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/0.
B. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/1.
C. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/0.
D. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/1.
E. The configuration excerpt is an example of a CBAC list.
F. The configuration excerpt is an example of a reflexive ACL.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 171
Drag each Cisco Easy VPN connection process on the left to its step on the right.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Drag each Easy VPN remote connection process on the left to its step on the right.

A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 173
Case 1
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 174
Case 2

A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

You could go through each and every Cisco 642-825 question and answer given in this format thoroughly, and be confident about appearing in your final Cisco 642-825 exam. Once you have gone through the entire Cisco 642-825 practice exam, you could analyze your learning with the self test engine. The FLYDUMPS provide two more forms of study material for Cisco 642-825 exam sample questions. The Cisco 642-825 study guide is meant for those professionals, who do not get enough time to study. FLYDUMPS Cisco 642-825 exam sample questions come with 80 real exam questions and answers for preparing the Cisco 642-825 Test.

Welcome to download the newest Pass4itsure 200-310 dumps: http://www.pass4itsure.com/200-310.html

IBM C2070-448 Exam Dumps, 100% Pass Rate IBM C2070-448 Cert Guaranteed Success