Cisco 642-825 Dumps, Helpful Cisco 642-825 Exam Practice PDF For Sale

Welcome to download the newest Flydumps 000-958 VCE dumps: http://www.flydumps.com/000-958.html

You will get full refund if you don’t get the expected mark. We promise you almost 100% guarantee success. Using FLYDUMPS Cisco 642-825 exam sample questions, your self-confidence and proficiency will be enhanced; your knowledge will be strengthened. The FLYDUMPS Cisco 642-825 exam sample questions will be within your grasp very soon after you taking the Cisco 642-825 test. Don’t hesitate to contact FLYDUMPS if you have any questions about the Cisco 642-825 exam. We will resolve your difficulty timely after receiving them. It’s our duty to offer all customers the best after-sale service on Cloudera Certified Specialist in Cisco 642-825. FLYDUMPS provides the examinees with the Cisco 642-825 exam sample questions. You can take a quiz to check out the questions and answers quality of FLYDUMPS Certified Specialist in Cisco 642-825 demo before you purchase it.

QUESTION 91
Which statement is true about convergence in an MPLS network?
A. MPLS convergence will take place at the same time as the routing protocol convergence.
B. MPLS convergence will take place after the routing protocol convergence.
C. MPLS convergence will take place before the routing protocol convergence.
D. MPLS must be reconfigured after the routing protocol convergence.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Which procedure is recommended to protect SNMP from application layer attacks?
A. Configure SNMP with only read-only community strings.
B. Implement RFC 2827 filtering.
C. Use SNMP version 2.
D. Create an access list on the SNMP server.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Refer to the exhibit. What is the result of the ACL configuration that is displayed?

A. Inbound packets to request a TCP session with the 10.10.10.0/24 network are allowed.
B. TCP responses from the outside network for TCP connections that originated on the inside network are allowed.
C. TCP responses from the inside network for TCP connections that originated on the outside network are denied.
D. Any inbound packet with the SYN flag set to be routed is permitted.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 94
Which two statements are true about the Cisco IOS Firewall set? (Choose two.)
A. It protects against denial of service (DoS) attacks
B. An ACL entry is statically created and added to the existing, permanent ACL.
C. Traffic originating within the router is not inspected.
D. Temporary ACL entries are created and persist for the duration of the communication session.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which statement is true about the SDM Basic Firewall wizard?
A. The wizard applies predefined rules to protect the private and DMZ networks.
B. The wizard can configure multiple DMZ interfaces for outside users.
C. The wizard permits the creation of a custom application security policy.
D. The wizard configures one outside interface and one or more inside interfaces.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which three statements about frame-mode MPLS are true? (Choose three.)
A. MPLS has three distinct components consisting of the data plane, the forwarding plane, and the control plane.
B. The control plane is a simple label-based forwarding engine that is independent of the type of routing protocol or label exchange protocol.
C. The CEF FIB table contains information about outgoing interfaces and their corresponding Layer 2 header.
D. The MPLS data plane takes care of forwarding based on either destination addresses or labels.
E. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol (TDP) or MPLS Label Distribution Protocol (LDP).
F. Whenever a router receives a packet that should be CEF-switched, but the destination is not in the FIB, the packet is dropped.

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a pre-shared key is used for authentication during the IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F. When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5.

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which two statements are true about the use of SDM to configure the Cisco Easy VPN feature on a router? TestInside 642-825 (Choose two.)
A. An Easy VPN connection is a connection that is configured between two Easy VPN clients.
B. The Easy VPN server address must be configured when configuring the SDM Easy VPN Server wizard.
C. The SDM Easy VPN Server wizard displays a summary of the configuration before applying the VPN configuration.
D. The SDM Easy VPN Server wizard can be used to configure a GRE over IPSec site-to-site VPN or a dynamic multipoint VPN (DMVPN).
E. The SDM Easy VPN Server wizard can be used to configure user XAuth authentication locally on the router or externally with a RADIUS server.
F. The SDM Easy VPN Server wizard recommends using the Quick setup feature when configuring a dynamic multipoint VPN.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit. Which network threat would the configuration in the exhibit mitigate?

A. DoS ping attacks
B. DoS TCP SYN attack
C. IP address spoofing attack – inbound
D. IP address spoofing attack – outbound
E. SNMP service filtering attack

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. Given the partial configuration that is shown, what command needs to be added to allow the tunneled traffic to be encrypted?

A. match address 101 applied to the crypto map
B. match address 101 applied to the serial 1/0 interface
C. ip access-group 101 out applied to the serial 1/0 interface
D. ip access-group 101 in applied to the serial 1/0 interface

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which three statements are true when configuring Cisco IOS Firewall features using the SDM? (Choose three.)
A. A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.
B. An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog box.
C. Custom application policies for e-mail, instant messaging, HTTP, and peer-to-peer services can be created using the Intermediate Firewall wizard.
D. Only the outside (untrusted) interface is specified in the Basic Firewall Interface Configuration dialog box.
E. The outside interface that SDM can be launched from is configured in the Configuring Firewall for Remote Access dialog box.
F. The SDM provides a basic, intermediate, and advanced firewall wizard.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 103
What are three features of the Cisco IOS Firewall feature set? (Choose three.)
A. network-based application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services
E. proxy server
F. IPS

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which two statements about an IDS are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS can send TCP resets to the source device.
C. The IDS can send TCP resets to the destination device.
D. The IDS listens promiscuously to all traffic on the network.
E. Default operation is for the IDS to discard malicious traffic.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Which statement about an IPS is true?
A. The IPS is in the traffic path.
B. Only one active interface is required.
C. Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS.
D. When malicious traffic is detected, the IPS will only send an alert to a management station.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A. DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which action can be taken by Cisco IOS IPS when a packet matches a signature pattern?
A. drop the packet
B. reset the UDP connection
C. block all traffic from the destination address for a specified amount of time
D. perform a reverse path verification to determine if the source of the malicious packet was spoofed
E. forward the malicious packet to a centralized NMS where further analysis can be taken

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Refer to the exhibit. Which of the configuration tasks would allow you to do quick deployment of default signatures?

A. Routing
B. NAT
C. Intrusion Prevention
D. NAC
E. Additional Tasks

Correct Answer: C
Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which statement is true about the SDM IPS Policies wizard?
A. In order to configure the IPS, the wizard requires that customized signature files be created.
B. The IPS Policies wizard only allows the use of default signatures which cannot be modified.
C. The IPS Policies wizard can be used to modify, delete, or disable signatures that have been deployed on the router.
D. When initially enabling the IPS Policies wizard, SDM automatically checks and downloads updates of default signatures available from CCO (cisco.com).
E. The wizard verifies whether the command is correct but does not verify available router resources before the signatures are deployed to the router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Refer to the exhibit. What are the ramifications of Fail Closed being enabled under Engine Options?

A. The router will drop all packets that arrive on the affected interface.
B. If the IPS engine is unable to scan data, the router will drop all packets.
C. If the IPS detects any malicious traffic, it will cause the affected interface to close any open TCP connections.
D. The IPS engine is enabled to scan data and drop packets depending upon the signature of the flow.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?

A. alarm
B. drop
C. reset
D. denyFlowInline
E. denyAttackerInline
F. deny-connection-inline

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which statement is correct about Security Device Event Exchange (SDEE) messages?
A. SDEE messages can be viewed in real time using SDM.
B. SDEE messages displayed at the SDM window cannot be filtered.
C. SDEE messages are the SDM version of syslog messages.
D. SDEE specifies the IPS/IDS message exchange format between an IPS/IDS device and IPS the management/monitoring station.
E. For SDEE messages to be viewed, the show ip ips all or show logging commands must be given first.

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 114
What is required when configuring IOS Firewall using the CLI?
A. IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. route-map to define the trusted outgoing traffic
D. route-map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Refer to the exhibit. Given the specifications, what is the total bandwidth that is required for a voice call?

A. 9.6 kbps
B. 26.4 kbps
C. 16.1 kbps
D. 105 kbps

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A router interface is configured with an inbound access control list and an inspection rule. How will an inbound packet on this interface be processed?
A. The packet is processed by the inbound ACL. If the packet is dropped by the ACL, it is processed by the inspection rule.
B. The packet is processed by the inbound ACL. If the packet is not dropped by the ACL, it is processed by the inspection rule.
C. The packet is processed by the inspection rule. If the packet matches the inspection rule, the inbound ACL is invoked.
D. The packet is processed by the inspection rule. If the packet does not match the inspection rule, the inbound ACL is invoked.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 117
Which two features require the use of the SDM Advanced Firewall wizard? (Choose two.)
A. custom rules
B. IP unicast reverse path forwarding
C. DMZ support
D. application security

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Refer to the exhibit. The Basic Firewall wizard has been used to configure a router. What is the purpose of the highlighted access list statement?

A. to prevent spoofing by blocking traffic entering interface Fa0/0 with a source address in the same subnet as interface VLAN10
B. to prevent spoofing by blocking traffic entering Fa0/0 with a source address in the RFC 1918 private address space
C. to establish a DMZ by preventing traffic from interface VLAN10 being sent out interface Fa0/0
D. to establish a DMZ by preventing traffic from interface Fa0/0 being sent out interface VLAN10

Correct Answer: A Section: (none) Explanation Explanation/Reference:
QUESTION 119
A site requires support for skinny and H.323 voice protocols. How is this configured on an IOS firewall using the SDM?
A. The Basic Firewall wizard is executed and the High Security Application policy is selected.
B. The Advanced Firewall wizard is executed and a custom Application Security policy is selected in place of the default Application Security policies.
C. The Application Security tab is used to create a policy with voice support before the Firewall wizard is run.
D. The Application Security tab is used to modify the SDM_High policy to add voice support prior to the Firewall wizard being run.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Refer to the exhibit. An IOS firewall has been configured to support skinny and H.323. Voice traffic is not passing through the firewall as expected. What needs to be corrected in this configuration?

A. Access list 100 needs to permit skinny and H.323.
B. Access list 101 needs to permit skinny and H.323.
C. The ip inspect Voice in command on interface FastEthernet 0/1 should be applied in the outbound direction.
D. The ip inspect Voice out command should be applied to interface FastEthernet 0/0.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Various configuration parameters are downloaded by a VPN client host during the mode configuration step of the Cisco Easy VPN remote connection process. Which parameter is required?
A. IP address
B. split tunnel attributes
C. Domain Name System (DNS)
D. crypto isakmp client group

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which command displays the settings used by the current IPsec security associations?
A. debug crypto isakmp sa
B. show crypto isakmp sa
C. show crypto isakmp key
D. show crypto ipsec sa

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
When configuring the Cisco VPN Client, what action is required prior to installing Mutual Group Authentication?
A. Transparent tunneling must be enabled.
B. A valid root certificate must be installed.
C. A group pre-shared secret must be properly configured.
D. The option to “Allow Local LAN Access” must be selected.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 124
Which two statements are true about signatures in a Cisco IOS IPS? (Choose two.)
A. The action of a signature can be enabled on a per-TCP-session basis.
B. Common signatures are hard-coded into the IOS image.
C. IOS IPS signatures are propagated with the SDEE protocol.
D. IOS IPS signatures are stored in the startup config of the router.
E. Selection of an SDF file should be based on the amount of RAM memory available on the router.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Which statement identifies a limitation in the way Cisco IOS Firewall tracks UDP connections versus TCP connections?
A. It cannot track the source IP.
B. It cannot track the source port.
C. It cannot track the destination IP.
D. It cannot track the destination port.
E. It cannot track sequence numbers and flags.
F. It cannot track multicast or broadcast packets.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Refer to the exhibit. What function does the access list serve?

A. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the Internet.
B. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the inside network and has a port number greater than 1024.
C. It allows TCP traffic from the 16.1.1.0/24 network to reach any destination if the request originated from the Internet and has a port number less than 1024.
D. It allows TCP traffic from any destination to reach the 16.1.1.0/24 network if the request originated from the inside network.
E. It allows TCP traffic from the 16.1.1.0/24 network to reach any destination if the request originated from the Internet.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Refer to the exhibit. What is the name given to the security zone occupied by the public web server?

A. extended proxy network
B. multiple DMZs
C. ALG
D. DMZ
E. proxy network
F. protected subnet

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which two active response capabilities can be configured on an intrusion detection system (IDS) in response to malicious traffic detection? (Choose two.)
A. the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Refer to the exhibit. Which description is true about the two-interface Cisco IOS firewall configuration?

A. blocks all incoming traffic except ICMP unreachable ‘packet-too-big’ messages that support MTU Path Discovery
B. permits all TCP, UDP, and ICMP traffic when the three types of traffic are initiated from outside the network
C. inspects the inbound packets on the fa0/0 interface and automatically allows the corresponding return traffic
D. blocks all ICMP unreachable ‘packet-too-big’ messages from reaching the inside network
E. inspects all TCP, UDP, and ICMP traffic when the three types of traffic are initiated from outside the network

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 130
What two proactive preventive actions are taken by an intrusion prevention system (IPS) when malicious traffic is detected? (Choose two.)
A. The IPS shuts down intermediary ports.
B. The IPS invokes SNMP-enabled controls.
C. The IPS sends an alert to the management station.
D. The IPS enables a dynamic access list.
E. The IPS denies malicious traffic.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Refer to the exhibit. Which statement is true about the IOS firewall configuration?

A. Inside users are not permitted to browse the Internet.
B. Outbound HTTP sessions are allowed by the ACL INSIDEACL. INSIDEACL is applied to the outside interface in the inbound direction.
C. Inbound SMTP and HTTP are permitted by the ACL OUTSIDEACL. OUTSIDEACL is applied to the inside interface in the outbound direction.
D. ICMP unreachable ‘packet-too-big’ messages are rejected on all interfaces to prevent DDOS attacks.
E. The TCP inspection will automatically allow return traffic of the outbound HTTP sessions and allow return traffic of the inbound SMTP and HTTP sessions.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 132
What is an MPLS forwarding equivalence class (FEC)?
A. an MPLS label that is attached to packets as a result of all of the packets having the same Layer 3 header
B. a set of packets with the same label that are forwarded to the same next hop
C. the QoS policy that is applied to an MPLS flow
D. the routing policy that is applied to an MPLS flow

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 133
Refer to the exhibit. Which statement is true about the IOS firewall configuration?

A. The inspection rules include the generic TCP inspection and are applied to outbound connections on the inside interface and to inbound sessions on the outside interface.
B. Outbound HTTP sessions are allowed by the ACL OUTSIDEACL that is applied to the inside interface in the inbound direction.
C. Outside hosts are allowed to initiate sessions with the SMTP server (200.1.2.1) and HTTP server
(200.1.2.2) located in the enterprise DMZ.
D. Inbound SMTP and HTTP are permitted by the ACL INSIDEACL that is applied to the outside interface in the inbound direction.
E. Inside users are not permitted to browse the Internet.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Flydumps.com Cisco 642-825  practice test training resources are versatile and highly compatible with Cisco exam formats. We provide up to date resources and comprehensive coverage on Cisco 642-825 exam dumps help you to advance your skills.

Flydumps 000-958 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/000-958.html

http://www.cisco200-120.com/cisco-642-825-dumps-helpful-cisco-642-825-exam-practice-pdf-for-sale.html