pass4side Cisco CCNP iscw Exam 642-825 v4.13
ISCW - Implementing Secure Converged Wide Area Networks : 642-825 Exam
Exam Number/Code: 642-825
Exam Name: ISCW - Implementing Secure Converged Wide Area Networks
VUE Code: 642-825
Questions Type: Single choice,
Exam : Cisco 642-825
Title :
Implementing Secure Converged
Wide Area Networks (ISCW)
Update : Demo
1. Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration.
Which command needs to be applied to the SOHO77 to complete the configuration?
A. encapsulation aal5snap applied to the PVC.
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC Answer: E
2. Which three techniques should be used to secure management protocols? (Choose three.)
A. Configure SNMP with only readonly community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Synchronize the NTP master clock with an Internet atomic clock.
E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.
Answer: ABC
3. What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches. B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines. E. Enable antispoof measures Answer: AD
4. What is a reason for implementing MPLS in a network? A. MPLS eliminates the need of an IGP in the core.
B. MPLS reduces the required number of BGPenabled devices in the core.
C. Reduces routing table lookup since only the MPLS core routers perform routing table lookups.
D. MPLS eliminates the need for fully meshed connections between BGP enabled devices. Answer: B
5. Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the accesslist for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.
Answer: ABD
6. Which three IPsec VPN statements are true? (Choose three.) A. IKE keepalives are unidirectional and sent every ten seconds.
B. IKE uses the DiffieHellman algorithm to generate symmetrical keys to be used by IPsec peers.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.
D. Main mode is the method used for the IKE phase two security association negotiations.
E. Quick mode is the method used for the IKE phase one security association negotiations.
F. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets. Answer: ABF
7. Which three MPLS statements are true? (Choose three.)
A. Cisco Express Forwarding (CEF) must be enabled as a prerequisite to running MPLS on a Cisco router.
B. Framemode MPLS inserts a 32bit label between the Layer 3 and Layer 4 headers.
C. MPLS is designed for use with framebased Layer 2 encapsulation protocols such as Frame Relay, but
is not supported by ATM because of ATM fixedlength cells.
D. OSPF, EIGRP, ISIS, RIP, and BGP can be used in the control plane. E. The control plane is responsible for forwarding packets.
F. The two major components of MPLS include the control plane and the data plane. Answer: ADF
8. Refer to the exhibit.
What are the two options that are used to provide High Availability IPsec? (Choose two.)
A. RRI
B. IPsec Backup Peerings
C. Dynamic Crypto Map
D. HSRP
E. IPsec Stateful Switchover (SSO) F. Dual Router Mode (DRM) IPsec Answer: AD
9. Refer to the exhibit. What type of security solution will be provided for the inside network?
A. The TCP connection that matches the defined ACL will be reset by the router if the connection does not
complete the threeway handshake within the defined time period.
B. The router will reply to the TCP connection requests. If the threeway handshake completes successfully, the router will establish a TCP connection between itself and the server.
C. The TCP traffic that matches the ACL will be allowed to pass through the router and create a TCP
connection with the server.
D. The router will intercept the traceroute messages. It will validate the connection requests before forwarding the packets to the inside network.
Answer: B
10. Refer to the exhibit.
Which statement about the authentication process is true?
A. The LIST1 list will disable authentication on the console port.
B. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port.
C. All login requests will be authenticated using the group tacacs+ method. D. All login requests will be authenticated using the local database method.
E. The default login authentication will automatically be applied to all login connections.
Answer: A
11. Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a preshared key is used for authentication during the
IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series
concentrators.
F. When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5. Answer: ABC
12. What are three features of the Cisco IOS Firewall feature set? (Choose three.) A. networkbased application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services E. proxy server F. IPS
Answer: BCF
13. Refer to the exhibit.
What does the “26″ in the first two hop outputs indicate?
A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router D. the IPv4 label for the destination router Answer: B
14. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH
protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command
is enabled.
Answer: CE
15. Refer to the exhibit. Which statement is true about the configuration of split tunnels using SDM?
A. Any protected subnets that are entered represent subnets at the end user’s site that will be accessed
without going through the encrypted tunnel.
B. Any protected subnets that are entered represent subnets at the end user’s site that will be accessed through the encrypted tunnel.
C. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed
without going through the encrypted tunnel.
D. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed
through the encrypted tunnel. Answer: D
16. Refer to the exhibit. Which statement is true about the partial MPLS configuration that is shown?
A. The routetarget both 100:2 command sets import and export routetargets for vrf2.
B. The routetarget both 100:2 command changes a VPNv4 route to a IPv4 route.
C. The routetarget import 100:1 command sets import routetargets routes specified by the route map.
D. The routetarget import 100:1 command sets import routetargets for vrf2 that override the other routetarget configuration.
Answer: A
17. Which two mechanisms can be used to detect IPsec GRE tunnel failures? (Choose two).
A. Dead Peer Detection (DPD) B. CDP
C. isakmp keepalives
D. GRE keepalive mechanism
E. The hello mechanism of the routing protocol across the IPsec tunnel
Answer: AE
18. Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the
cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Answer: BD
19. What are three configurable parameters when editing signatures in Security Device Manager (SDM)?
(Choose three.) A. AlarmSeverity
B. AlarmKeepalive
C. AlarmTraits D. EventMedia E. EventAlarm F. EventAction Answer: ACF
20. Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and maninthemiddle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and maninthemiddle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and maninthemiddle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and
Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, maninmiddle attacks and Internet
information queries. Answer: AE
21. Refer to the exhibit.
Which three statements describe the steps that are required to configure an IPsec sitetosite VPN using a
GRE tunnel? (Choose three.)
A. The command accesslist 110 permit gre must be configured to specify which traffic will be encrypted.
B. The command accesslist 110 permit ip must be configured to specify which hosts can use the tunnel.
C. The tunnel destination 172.17.63.18 command must be configured on the Tunnel0 interface.
D. The tunnel mode gre command must be configured on the Tunnel0 interface.
E. The tunnel source Ethernet1 command must be configured on the Tunnel0 interface.
F. The tunnel source Tunnel0 command must be configured on the Tunnel0 interface. Answer: ACE
22. Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL B. HDSL C. ADSL D. SDSL
E. G.SHDSL
F. IDSL Answer: B
23. Which three statements are true when configuring Cisco IOS Firewall features using the SDM?
(Choose three.)
A. A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.
B. An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog
box.
C. Custom application policies for email, instant messaging, HTTP, and peertopeer services can be created using the Intermediate Firewall wizard.
D. Only the outside (untrusted) interface is specified in the Basic Firewall Interface Configuration dialog
box.
E. The outside interface that SDM can be launched from is configured in the Configuring Firewall for
Remote Access dialog box.
F. The SDM provides a basic, intermediate, and advanced firewall wizard. Answer: ABE
24. Refer to the exhibit. On the basis of the partial configuration, which two statements are true? (Choose two.)
A. A CBAC inspection rule is configured on router RTA.
B. A named ACL called SDM_LOW is configured on router RTA.
C. A QoS policy has been applied on interfaces Serial 0/0 and FastEthernet 0/1.
D. Interface Fa0/0 should be the inside interface and interface Fa0/1 should be the outside interface.
E. On interface Fa0/0, the ip inspect statement should be incoming.
F. The interface commands ip inspect SDM_LOW in allow CBAC to monitor multiple protocols.
Answer: AF
25. Which three statements about framemode MPLS are true? (Choose three.)
A. MPLS has three distinct components consisting of the data plane, the forwarding plane, and the control plane.
B. The control plane is a simple labelbased forwarding engine that is independent of the type of routing
protocol or label exchange protocol.
C. The CEF FIB table contains information about outgoing interfaces and their corresponding Layer 2
header.
D. The MPLS data plane takes care of forwarding based on either destination addresses or labels.
E. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol (TDP) or
MPLS Label Distribution Protocol (LDP).
F. Whenever a router receives a packet that should be CEFswitched, but the destination is not in the FIB, the packet is dropped.
Answer: DEF
26. What are the four fields in an MPLS label? (Choose four.) A. version
B. experimental
C. label
D. protocol
E. TTL
F. bottomofstack indicator
Answer: BCEF
27. Which statement is true when ICMP echo and echoreply are disabled on edge devices?
A. Pings are allowed only to specific devices. B. CDP information is not exchanged.
C. Port scans can no longer be run.
D. Some network diagnostic data is lost.
E. Wireless devices need to be physically connected to the edge device.
F. OSPF routing needs the command ip ospf network nonbroadcast enabled. Answer: D
28. Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread.
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C. Extremely large volumes of requests are sent over a network or over the Internet.
D. Data or commands are injected into an existing stream of data. That stream is passed between a client and server application.
Answer: B
29. Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect
to a headend as defined by the DOCSIS standard?
A. A, D, C, G, E, F, B
B. A, D, E, G, C, F, B C. C, D, F, G, E, A, B D. C, D, F, G, A, E, B E. F, D, C, G, A, E, B F. F, D, C, G, E, A, B Answer: E
30. Refer to the exhibit.
On the basis of the information that is provided, which two statements are true? (Choose two.)
A. An IPS policy can be edited by choosing the Edit button.
B. Rightclicking on an interface will display a shortcut menu with options to edit an action or to set severity levels.
C. The Edit IPS window is currently in Global Settings view.
D. The Edit IPS window is currently in IPS Policies view. E. The Edit IPS window is currently in Signatures view.
F. To enable an IPS policy on an interface, click on the interface and deselect Disable. Answer: AD
KillTest.com was founded in 2006. The safer,easier way to help you pass any IT
Certification exams . We provide high quality IT Certification exams practice questions and answers(Q&A). Especially Adob e, Apple, Cit rix, Compt ia, EM C,
HP, Hu aW ei, LPI, No rtel, Oracle , SUN, Vmw are and so on. And help you pass any IT Certification exams at the first try.
You can reach us at any of the email addresses listed below. English Customer: Chinese Customer: Sales : sales@Killtest.com sales@Killtest.net
Support: support@Killtest.com support@Killtest.com
“ISCW - Implementing Secure Converged Wide Area Networks”, also known as 642-825 exam, is a Cisco certification.
Preparing for the 642-825 exam? Searching 642-825 Test Questions, 642-825 Practice Exam, 642-825 Dumps?
With the complete collection of questions and answers, Pass4sure has assembled to take you through 172 Q&As to your 642-825 Exam preparation. In the 642-825 exam resources, you will cover every field and category in CCNP helping to ready you for your successful Cisco Certification.
Questions and Answers : 172 Q&As
Updated: April 5th , 2008
Market Price: $99.99
Member Price: $79.99
Free download:pass4sure 642-825 v4.13
Free download:testking 642-825 v4.13
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Related Posts
thanx