TestInside CCNP 642-825
Implementing Secure Converged Wide Area Networks : 642-825 Exam
Exam Number/Code: 642-825
Exam Name: Implementing Secure Converged Wide Area Networks
Questions and Answers: 172 Q&As
Price: $69.00
Update Time: 2008-6-25
“Implementing Secure Converged Wide Area Networks”, also known as 642-825 exam, is a Cisco certification.
Preparing for the 642-825 exam? Searching 642-825 Test Questions, 642-825 Practice Exam, 642-825 Dumps?
Free 642-825 Demo Download
TestInside offers free demo for 642-825 exam ( Implementing Secure Converged Wide Area Networks). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
1. When configuring the Cisco VPN Client with transparent tunneling, what is true about the IPSec over TCP
option?
A. The port number is negotiated automatically.
B. Clients will have access to the secured tunnel and local resources.
C. The port number must match the configuration on the secure gateway.
D. Packets are encapsulated using Protocol 50 (Encapsulating Security Payload, or ESP). Answer:C
2. Refer to the exhibit.
MPLS must be enabled on all routers in the MPLS domain that consists of Cisco routers and equipment of other
vendors. What MPLS distribution protocol(s) should be used on router R2 FastEthernet interface Fa0/0 so that the
Label Information Base (LIB) table is populated across the MPLS domain? A. Only LDP should be enabled on Fa0/0 interface.
B. Only TDP should be enabled on Fa0/0 interface.
C. Both distribution protocols LDP and TDP should be enabled on the Fa0/0 interface.
D. MPLS cannot be enabled in a domain consisting of Cisco and non-Cisco devices. Answer:C
3. Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Answer:AE
4. Which two statements about worms, viruses, or Trojan horses are true? (Choose two.)
A. A Trojan horse has three components: an enabling vulnerability, a propagation mechanism, and a payload.
B. A Trojan horse virus propagates itself by infecting other programs on the same computer. C. A virus cannot spread to a new computer without human assistance.
D. A virus has three components: an enabling vulnerability, a propagation mechanism, and a payload.
E. A worm can spread itself automatically from one computer to the next over an unprotected network.
F. A worm is a program that appears desirable but actually contains something harmful. Answer:CE
5. Which two statements about management protocols are true? (Choose two.)
A. Syslog version 2 or above should be used because it provides encryption of the syslog messages.
B. NTP version 3 or above should be used because these versions support a cryptographic authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for management
packets.
D. SSH, SSL and Telnet are recommended protocols to remotely manage infrastructure devices.
E. TFTP authentication (username and password) is sent in an encrypted format, and no additional encryption is required.
Answer:BC
6. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.
Answer:CE
7. Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment. C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required. Answer:AEF
8. Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?
A. 3DES
B. multipoint GRE C. tunnel
D. transport
Answer:D
9. Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Answer:BD
10. Refer to the exhibit.
Which two statements about the AAA configuration are true? (Choose two.)
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command. Answer:DF
11. Refer to the exhibit.
When you are using the Quick Setup option of the Site-to-Site VPN wizard on the SDM to configure an IPsec
VPN, which three settings can you configure? (Choose three.) A. peer identity
B. crypto map
C. pre-shared key
D. transform set priority
E. source interface and destination IP address F. encapsulation security payload Answer:ACE
12. Refer to the exhibit.
SDM has been used to configure the locations from which the signature definition file (SDF) will be loaded. What
will happen if the SDF files in flash are not available at startup? A. All traffic will flow uninspected or will be dropped.
B. All traffic will be marked as uninspected and will be checked after the signature file is loaded.
C. All traffic will be inspected by the built-in signatures bundled with Cisco IOS Software.
D. All traffic will be inspected by the pre-built signatures bundled in the attack-drop.sdf file. Answer:A
13. Drag each Cisco Easy VPN connection process on the left to its step on the right.
Free download?pass4sure ccnp 642-825
Free download?testking ccnp 642-825
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
[...] Cisco 640-861 CCDA Testinside Cisco 640-863 Designing for Cisco Internetwork Solution Testinside Cisco 642-825 ISCW – Implementing Secure Converged Wide Area Networks Testinside Cisco 642-845 ONT – Optimizing [...]
[...] Cisco 640-861 CCDA Testinside Cisco 640-863 Designing for Cisco Internetwork Solution Testinside Cisco 642-825 ISCW – Implementing Secure Converged Wide Area Networks Testinside Cisco 642-845 ONT – Optimizing [...]
[...] Cisco 640-861 CCDA Testinside Cisco 640-863 Designing for Cisco Internetwork Solution Testinside Cisco 642-825 ISCW – Implementing Secure Converged Wide Area Networks Testinside Cisco 642-845 ONT – Optimizing [...]