642-825 Exam
Implementing Secure Converged Wide Area Networks
- Exam Number/Code : 642-825
- Exam Name : Implementing Secure Converged Wide Area Networks
- Questions and Answers : 134 Q&As
- Update Time: 2010-06-28
- Price:
$ 94.00$ 65.00
Free 642-825 Demo Download
TestInside offers free demo for CCNP 642-825 exam (Implementing Secure Converged Wide Area Networks). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Download 642-825 Exam Pdf Demo
Cisco CCNP 642-825 exam braindumps questions and answers
¡¡
Exam : Cisco 642-825
Title : Implementing Secure Converged Wide Area Networks
1. Which two statements describe the functions and operations of IDS and IPS systems? (Choose two.)
A. A network administrator entering a wrong password would generate a true-negative alarm.
B. A false positive alarm is generated when an IDS/IPS signature is correctly identified.
C. An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.
D. Cisco IDS works inline and stops attacks before they enter the network.
E. Cisco IPS taps the network traffic and responds after an attack.
F. Profile-based intrusion detection is also known as "anomaly detection".
Answer: BF
2. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.
Answer: CE
3. Which two Network Time Protocol (NTP) statements are true? (Choose two.)
A. A stratum 0 time server is required for NTP operation.
B. NTP is enabled on all interfaces by default, and all interfaces receive NTP packets.
C. NTP operates on IP networks using User Datagram Protocol (UDP) port 123.
D. The ntp server global configuration is used to configure the NTP master clock to which other peers synchronize themselves.
E. The show ntp status command displays detailed association information of all NTP peers.
F. Whenever possible, configure NTP version 5 because it automatically provides authentication and encryption services.
Answer: BC
4. Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Answer: BD
5. Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL
Answer: B
6. Refer to the exhibit. What statement is true about the interface S1/0 on router R1?
A. Labeled packets can be sent over an interface.
B. MPLS Layer 2 negotiations have occurred.
C. IP label switching has been disabled on this interface.
D. None of the MPLS protocols have been configured on the interface.
Answer: D
7. Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Answer: AEF
8. Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two.)
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.
Answer: DF
9. What are the two main features of Cisco IOS Firewall? (Choose two.)
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy
Answer: DE
10. Refer to the exhibit. On the basis of the partial configuration, which two statements are true? (Choose two.)
A. A CBAC inspection rule is configured on router RTA.
B. A named ACL called SDM_LOW is configured on router RTA.
C. A QoS policy has been applied on interfaces Serial 0/0 and FastEthernet 0/1.
D. Interface Fa0/0 should be the inside interface and interface Fa0/1 should be the outside interface.
E. On interface Fa0/0, the ip inspect statement should be incoming.
F. The interface commands ip inspect SDM_LOW in allow CBAC to monitor multiple protocols.
Answer: AF
11. Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Answer: AE
12. Which IOS command would display IPS default values that may not be displayed using the show running-config command?
A. show ip ips configuration
B. show ip ips interface
C. show ip ips statistics
D. show ip ips session
Answer: A
13. Which two statements about packet sniffers or packet sniffing are true? (Choose two.)
A. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be used.
B. Packet sniffers can only work in a switched Ethernet environment.
C. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
Answer: CD
14. Which two network attack statements are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of UDP and TCP SYN flooding, ICMP echo-request floods, and ICMP directed broadcasts.
C. DoS attacks can be reduced through the use of access control configuration, encryption, and RFC 2827 filtering.
D. DoS attacks can consist of IP spoofing and DDoS attacks.
E. IP spoofing can be reduced through the use of policy-based routing.
F. IP spoofing exploits known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
Answer: AD
Click Online chat to talk with us , get more informations about Cisco CCNP 642-825 practice exam study guides questions and answers!
Exam Description
It is well known that 642-825 exam test is the hot exam of Cisco certification. TestInside offer you all the Q&A of the 642-825 real test . It is the examination of the perfect combination and it will help you pass 642-825 exam at the first time!
Why choose TestInside 642-825 braindumps
Quality and Value for the 642-825 Exam
100% Guarantee to Pass Your 642-825 Exam
Downloadable, Interactive 642-825 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
TestInside 642-825 Exam Features
Quality and Value for the 642-825 Exam
TestInside Practice Exams for Cisco 642-825 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-825 Exam
If you prepare for the exam using our TestInside testing engine, we guarantee your success in the first attempt. If you do not pass the CCNP 642-825 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Cisco 642-825 Downloadable, Printable Exams (in PDF format)
Our Exam 642-825 Preparation Material provides you everything you will need to take your 642-825 Exam. The 642-825 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
642-825 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-825 Exam will provide you with free 642-825 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-825 Exam:100% Guarantee to Pass Your CCNP exam and get your CCNP Certification.
http://www.wholetestinside.com/ The safer.easier way to get CCNP Certification.
My Shopping Cart
