Real 642-825 exam answers
New 642-825 trainning materials
Exam Number/Code: 642-825
Questions and Answers:134 Q&As
Updated Time: 2009-10-22
Register for Exam: Prometric/Pearson VUE
Exam Name:Implementing Secure Converged Wide Area Networks
The following are the 642-825 exam answers we get from all of the world company exams vendors include : examsoon 642-825 exam ,Testinside 642-825 braindumps, Pass4sure 642-825 practice exam , Testking 642-825 study guides, exam4sure trainning materials. after you read the following 642-825 exam demo questions and answers, you will see the high quanity of the exam
The 642-825 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your 642-825 test. We will provide you with 642-825 exam questions and verified answers, that reflect the actual exam. These questions and answers provide you with the experience of taking the 642-825 actual test. 642-825 exam guides are not just questions and answers. 642-825 questions have detailed for every answer, ensuring that you fully understand the questions and the concept behind the questions.
Free 640-802 Demo Download
Free demo for Cisco CCNP 642-825 exam (Implementing Secure Converged Wide Area Networks). You can check out the interface, question quality and usability of our practice exams
Free Download 640-802 Exam Pdf Demo
Free Download 640-802 Exam iEngine Demo
Exam : Cisco 642-825
Title : Implementing Secure Converged Wide Area Networks
1. What are the two main features of Cisco IOS Firewall? (Choose two.)
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy
Answer: DE
2. Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL
Answer: B
3. Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two.)
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.
Answer: DF
4. Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Answer: BD
5. Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Answer: AEF
6. Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Answer: AE
7. Which two Network Time Protocol (NTP) statements are true? (Choose two.)
A. A stratum 0 time server is required for NTP operation.
B. NTP is enabled on all interfaces by default, and all interfaces receive NTP packets.
C. NTP operates on IP networks using User Datagram Protocol (UDP) port 123.
D. The ntp server global configuration is used to configure the NTP master clock to which other peers synchronize themselves.
E. The show ntp status command displays detailed association information of all NTP peers.
F. Whenever possible, configure NTP version 5 because it automatically provides authentication and encryption services.
Answer: BC
8. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.
Answer: CE
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
