Exam 642-825 study material Made available by Testkingprep.com
Free 642-825 Exam Preparation Questions Exam 642-825: Implementing Secure Converged Wide Area Networks (ISCW)
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Question:1 Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.1.1.0.30 network on interface serial 0/0 to the correct target area on the right.
Answer: Question:2
Identify the recommended steps for worm attack mitigation by dragging and dropping them into the
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
target area in the correct order.
Answer:
Question:3 Study the exhibit carefully. On the basis of the configuration, what will happen to the IPSec VPN between the Remote router and the Head-End router with IP address 172.31.1.100 if receiving no dead-peer detection hello
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
messages for 20 seconds?
A. The IPSec VPN will transition to a peering relationship with the Head-End router at 172.31.1.200, with a down-time determined by the time required to tear-down and build the peerings. B. The IPSec VPN will terminate but will rebuild with the same peer because 3 hello messages have not yet been missed. C. The IPSec VPN will not be affected. D. The IPSec VPN will transition with no down-time to a peering relationship with the Head-End router at 172.31.1.200. Answer: C Question:4 Based on the exhibit below. Which one of these options is the ACL used to mitigate in this configuration?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. ICMP message attacks B. DOS smurf attacks C. Traceroute message attacks D. IP address spoofing attacks Answer: D Question:5 Company is a small export company .This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP. Its network is up and operating normally. As part of its network expansion, Company has decided to connect to the internet by a broadband cable ISP. Your task is to enable this connection by use of the information below. Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0 You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172.16.1.1 Note: Routing to the ISP: Manually configured default route P4S-R# show ip route .... Gateway of last resort is not set 192.168.1.0/27 is subnetted, 7 subnets C 192.168.1.0 is directly connected, Ethernet0/1 D 192.168.1.32 [90/307200] via 192.168.1.2, 00:02:16,Ethernet0/1 D 192.168.1.64 [90/307200] via 192.168.1.2, 00:02:17,Ethernet0/1 D 192.168.1.96 [90/307200] via 192.168.1.2, 00:02:17,Ethernet0/1 D 192.168.1.128 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1 D 192.168.1.192 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1 D 192.168.1.224 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1 P4S-R# show run .... no service password-encryption ! hostname P4S-R ! boot-start-marker boot-end-marker ! no aaa new-model resource policy clock timezone PST 0 ip subnet-zero no ip dhcp use vrf connected www.examways.com - 193 -! interface Ethernet0/0 description link to cable modem no ip address shutdown ! interface Ethernet0/1 description link to corporate nework ip address 192.168.1.1 255.255.255.224 ! interface Ethernet0/2 no ip address ! interface Ethernet0/3 no ip address shutdown ! router eigrp 1 network 192.168.1.0 auto-summary ! line con 0 line vty 0 15 end A. Configuration sequence: P4S-R(config)#int e0/0 P4S-R(config-if)#pppoe enable P4S-R(configif)#pppoe-client dial-pool-number 1 P4S-R(config-if)#no sh P4S-R(config-if)#exit P4S-R(config)#vpdn enable P4S-R(config)#vpdn-group 1 P4S-R(config-vpdn)#request-dialin P4S-R(config-vpdn-reqin)#protocol pppoe P4S-R(config-vpdn-req-in)#exit P4S-R(config-vpdn)#exit P4S-R(config)#dialer-list 1 protocol ip permit P4S-R(config)#int dialer 1 P4S-R(config-if)#encapsulation ppp P4S-R(config-if)#ip address negotiated P4S-R(config-if)#dialer pool 1 P4S-R(config-if)#dialer-group 1 P4S-R(config-if)#ip mtu 1492 P4S-R(config-if)#exit
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer: A Question:6 This exhibit is about firewall implementation, inside users should be permitted to browse the Internet. However, users have indicated that all attempts fail. As a result of troubleshooting, you have determined that the issue is related to the firewall implementation. What corrective action should you take?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. Add the global command line ip inspect name OUTSIDE www. B. Add the global command line ip inspect name INSIDE www. C. Add the ACL command line permit tcp any any eq 80 to INSIDEACL. D. Change the access group on Fa0/0 from the inbound direction to the outbound direction. Answer: D Question:7 Study the exhibit carefully. Which statement best describes this Cisco IOS Firewall configuration?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. OUTSIDEACL permits outbound HTTP sessions; OUTSIDEACL is applied to the inside interface in the inbound direction. B. INSIDEACL permits inbound SMTP and HTTP; INSIDEACL is applied to the outside interface in the inbound direction. C. Outside hosts are allowed to initiate sessions with the SMTP server (200.1.2.1) and HTTP server (200.1.2.2) located in the enterprise DMZ. D. The inspection rules include the generic TCP inspection and are applied to outbound connections on the inside interface and to inbound sessions on the outside interface Answer: C Question:8 Which statement is correct in terms of the exhibit?
A. The router failed to train or successfully initialize because of a Layer 1 issue. B. The router failed to train or successfully initialize because of a PPP negotiation issue. C. The router cannot activate the line because the ISP has not provided the requested IP address.
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
D. The router cannot activate the line because of a Layer 2 authentication issue. Answer: A Question:9 You are a network technician at Company.com, study the exhibit carefully. Which type of attack does the ACL prevent the internal user from successfully launching?
A. TCP SYN DOS attacks B. DOS smurf attack C. Traceroute message attacks D. IP address spoofing attack Answer: D Question:10 Drag and drop the xDSL type on the above to the appropriate xDSL description on the below.
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer:
Question:11 Match the xDSL type on the above to the most appropriate implementation on the below.
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer:
Question:12 Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its description on the below.
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer:
Question:13 Drag the protocols that are used to distribute MPLS labels from the above to the target area on the below.(Not all options will be used)
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer:
Questions: 313 As a network engineer, do you know which three techniques should be used to secure management protocols? (Choose three.) A. Configure SNMP with only read-only community strings. B. Encrypt TFTP and syslog traffic in an IPSec tunnel. C. Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall. D. Use SNMP version 2. Answer: A, B, C Questions: 314 Study the exhibit carefully. The Cisco IOS? IPsec High Availability (IPsec HA) Enhancements feature provides an infrastructure for reliable and secure networks to provide transparent availability of the VPN gateways---that is, Cisco IOS Software-based routers. What are the two options that are used to provide High Availability IPsec? (Choose two.)
A. HSRP B. Dual Router Mode (DRM) IPsec C. IPsec Backup Peerings D. RRI Answer: A, D
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Question:14 Which two steps will be most likely taken by Cisco IOS IPS when a packet in a session matches a signature? A. Drop the packet B. Quartile the packet C. Forward the packet D. Reset the connection Answer: A, D Question:15 On the basis of the information provided in the exhibit, Which configuration option would correctly configure router certways-R to mitigate a range of threats?
A. certways-R(config)# interface Fa0/0 certways-R (config-if)# ip access-group 150 in B. certways-R (config)# interface Fa0/0 certways-R (config-if)# ip access-group 150 out C. certways-R (config)# interface Fa0/1 certways-R (config-if)# ip access-group 150 in D. certways-R (config)# interface Fa0/1 certways-R (config-if)# ip access-group 150 out Answer: C Question:16 Study the exhibit carefully. What conclusion can be made from the output of the debug ppp negotiation command?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. There is an authentication failure. B. There is no PPP response from the remote router. C. Link Control Protocol (LCP) is not opened. D. There are IP Control Protocol (IPCP) failures. E. PPP has set up a functional connection. Answer: E Question:17 The exhibit below shows a PPPoA DSL diagram and partial configuration. You want to allow the router to automatically receive its IP address from the service provider's DSLAM. Which configuration statement or statements do you need to add to SOHO77, and to which interface or interfaces?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. ip address negotiated applied to the ATM0/0 interface B. ip address negotiated applied to the dialer0 interface C. ip nat outside applied to the ATM0 interface D. ip address 0.0.0.0 255.255.255.255 applied to the ATM0/0 interface and ip nat outside applied to the dialer0 interface Answer: B Question:18 Which three descriptions are correct about frame-mode MPLS ? (Choose three.) A. MPLS has three distinct components consisting of the data plane, the forwarding plane, and the control plane. B. The MPLS data plane takes care of forwarding based on either destination addresses or labels.
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
C. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol (TDP) or MPLS Label Distribution Protocol (LDP). D. Whenever a router receives a packet that should be CEF-switched, but the destination is not in the FIB, the packet is dropped. Answer: B, C, D Question:19 In terms of the exhibit below. Router certways-R is unable to establish an ADSL connection with its provider. What action should be taken to correct this problem?
A. On the Dialer0 interface, add the pppoe enable command. B. On the Ethernet 0/1 interface, add the dialer pool-member 0 command. C. On the Ethernet 0/1 interface, add the dialer pool-member 1 command. D. On the Dialer0 interface, change the MTU value to 1500 using the ip mtu 1500 command. E. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 0 command. F. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 1 command. Answer: F Question:20 Refer to the exhibit. On the basis of this show ip cef command output ,What information can be derived ?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. This router will use a PHP label to reach the destination network of 150.1.12.16. B. This router will advertise a label of "19" for the destination network of 150.1.12.16. C. This router will use a label of "21" to reach the destination network of 150.1.12.16. D. This router will advertise a label of "21" for the destination network of 150.1.12.16. Answer: D Question:21 For the following options, based on the exhibit below. What type of high-availability option is being implemented?
A. Hot Standby Router Protocol B. IPsec dead peer detection C. IPsec stateful failover D. backing up a WAN connection with an IPsec VPN Answer: B Question:22 To implement Easy VPN Remote capabilities, which requirement must be met? A. The destination peer must be a Cisco Easy VPN Server or VPN Concentrator supporting Cisco
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Easy VPN Server. B. The source peer must be a Cisco Easy VPN Server or VPN Concentrator supporting Cisco Easy VPN Server. C. The destination peer must be a Cisco Easy VPN Remote device. D. The destination peer must support all available encryption and authentication types. Answer: A Question:23 How to propagate overlapping customer prefixes in an MPLS VPN implementation? A. Separate BGP sessions are established between each customer edge LSR. B. A separate instance of the core IGP is used for each customer. C. Because customers have their own interfaces, distributed CEFs keep the forwarding tables separate. D. A route distinguisher is attached to each customer prefix. Answer: D Question:24 What is the reason for the ping between the P4S-HQ router and the 192.168.1.193 interface on the P4S-Branch2 router failing?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. The default route is missing from the P4S-Branch2 router. B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command. C. The tunnel numbers for the tunnel between the P4S-HQ router and the P4S-Branch2 router do not match. D. The tunnel source is incorrect on the P4S-Branch2 router. It should be serial 2/0. E. The AS number for the EIGRP process on P4S-Branch2 should be 1 and not 11. Answer: E Question:25 For the following statements, what is preventing a successful ping between the P4S-HQ router and the 192.168.1.10 interface on the P4S-Branch3 router?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. The default route is missing from the P4S-Branch3 router. B. The tunnel interface numbers for the tunnel between the P4S-HQ router and the P4S-Branch3 router do not match. C. The tunnel source is incorrect on the P4S-Branch3 router. It should be serial 2/0. D. The IP address on the tunnel interface for the P4S-Branch3 router has wrong IP mask. It should be 255.255.255.252. E. The network statement under router EIGRP on the P4S-Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255. Answer: A Question:26 What is preventing the P4S-HQ router and the P4S-Branch1 router from building up an EIGRP neighbor relationship?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command. B. The tunnel destination address is incorrect on the P4S-HQ router. It should be 10.2.1.1 to match the interface address of the P4S-Branch1 router. C. The tunnel source is incorrect on the P4S-Branch1 router. It should be serial 2/0. D. The default route is missing from the P4S-Branch1 router. E. The tunnel interface numbers for the tunnel between the P4S-HQ router and P4S-Branch1 router do not match. Answer: B Question:27 What is the reason that tunnel 5 on the P4S-HQ router is down when its companion tunnel on the P4SBranch5 router is up?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. The IP address on the tunnel interface on P4S-Branch5 is incorrect. It shoud be 192.168.1.16 255.255.255.252. B. The tunnel source for tunnel 5 is incorrect on the P4S-HQ router. It should be serial 2/0. C. The tunnel numbers for tunnel between the P4S-HQ router and the P4S-Branch5 router do not match. D. The tunnel destination address for tunnel 5 is incorrect on the P4S-HQ router. It should be 10.2.5.1 to match the interface address of the P4S-Branch5 router. E. The tunnel interface for tunnel 5 on the P4S-HQ router is in the administrative down state. Answer: B Question:28 What is preventing the 192.168.1.150 network from appearing in the P4S-HQ router's routing table?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. The default route is missing from the P4S-Branch4 router. B. The IP address on the E0/0 interface for the P4S-Branch4 router has the wrong IP mask. It should be 255.255.255.252 C. The network statement under router EIGRP on the P4S-Branch4 router is incorrect. It should be network 192.168.1.0.0.0.255. D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command. E. The IP address on the tunnel interface on P4S-Branch4 is incorrect. It should be 192.168.1.12 255.255.255.252. Answer: C Question:29 Look at the following exhibit carefully, LDP neighbor sessions have been built between P4S-RTB and P4S-RTC. In the process of troubleshooting, it is found that labels are being distributed between the two routers, however LFIB has no label swapping information. Why?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. BGP neighbor sessions have not been established on both routers. B. IP Cisco Express Forwarding has not been enabled on both P4S-RTB and P4S-RTC. C. LDP has been enabled on one router and TDP has been enabled on the other. D. The IGP is summarizing the address space. Answer: B Question:30 CBAC provides advanced traffic filtering functionality and can be used as an integral part of your network firewall. Which two descriptions are correct about the Cisco Classic (CBAC) IOS Firewall set? (Choose two.) A. It can block bulk encryption attacks. B. It can protect against denial of service attacks. C. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session. D. Traffic originating from the router is considered trusted, so it is not inspected. Answer: B, D Question:31 Observe the following exhibit carefully, the output is produced by which Cisco security feature?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. CBAC B. IPS C. SSH D. AutoSecure Answer: D Question:32 Study the following partial configuration displayed carefully, P4S-Host 1 fails to ping P4SServer 1. The network administrator has solved all network problems. What is the issue?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. P4S-R1 has the wrong tunnel source configured under the tunnel interface. B. An encryption algorithm has been configured on P4S-R1 and P4S-R2. C. The tunnel destinations on P4S-R1 and P4S-R2 are not on the same subnet. D. P4S-R2 has the wrong tunnel source configured under the tunnel interface. Answer: D Question:33 Click here to input the answer. Lab
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
Answer: P4S-R1> enable P4S-R1# conf t P4S-R1(config)#aaa new-model P4S-R1(config)#username BDnet1 password Wer#1 P4S-R1(config)#tacacs-server host 10.6.6.254 key training P4SR1(config)#aaa authentication login default local P4S-R1(config)#aaa authentication login vty group tacacs+ P4S-R1(config)#aaa authorization exec vty group tacacs+ P4S-R1(config)#line vty 0 4 P4S-R1(config)#authorization exec vty P4S-R1(config)# login authentication vty P4SR1(config)#end P4S-R1#copy run start Test: P4S-R2#ssh 10.2.1.1 -l cisco Enter password: Cisco123 Question:34 Which statement best describes the configured IPsec transform set according to the following exhibit?
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
A. Only the data field of the packet will be encrypted by the AES algorithm using a 256-bit key. B. Only the data field of the packet will be hashed using SHA. C. Only the address fields of the packet will be hashed using SHA. D. The data field of the packet will be encrypted by the AES algorithm using a 256-bit key, while the address fields of the packet will be hashed using SHA. Answer: D
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html
For complete Exam 642-825 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/642-825.html
http://www.testkingprep.com/
For Latest 642-825 Exam Questions and study guides- visit- http://www.testkingprep.com/642-825.html