Free Cheat-test Samples and Demo Questions Download
3COM exams 3COM
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
BEA Systems exams BEA Systems
Business Objects exams Business Objects
CheckPoint exams CheckPoint
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EMC exams EMC
Exam Express exams Exam Express
Exin exams Exin
HP exams Hewlett Packard
IBM exams IBM
ISC exams ISC
ISEB exams ISEB
Juniper Networks exams Juniper Networks
Lotus exams Lotus
LPI exams LPI
Microsoft exams Microsoft
Network Appliance exams Network Appliance
Nortel exams Nortel
Novell exams Novell
Oracle exams Oracle
PMI exams PMI
RedHat exams RedHat
SNIA exams SNIA
Sun exams Sun
Sybase exams Sybase
Symantec exams Symantec
Tibco exams Tibco Software
VMWare exams VMWare
All certification exams

Cisco 642-825 Exam - Cheat-Test.com

Free 642-825 Sample Questions:

1. Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration.
Which command needs to be applied to the SOHO77 to complete the configuration?

A. encapsulation aal5snap applied to the PVC.
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC
Answer: E

2. Which three techniques should be used to secure management protocols? (Choose three.)
A. Configure SNMP with only read­only community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Synchronize the NTP master clock with an Internet atomic clock. E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.
Answer: A, B, C

3. What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches.
B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines.
E. Enable anti­spoof measures
Answer: A, D

4. What is a reason for implementing MPLS in a network?
A. MPLS eliminates the need of an IGP in the core.
B. MPLS reduces the required number of BGP­enabled devices in the core.
C. Reduces routing table lookup since only the MPLS core routers perform routing table lookups.
D. MPLS eliminates the need for fully meshed connections between BGP enabled devices.
Answer: B

5. Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access­list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.
Answer: A, B, D

6. Which three IPsec VPN statements are true? (Choose three.)
A. IKE keepalives are unidirectional and sent every ten seconds.
B. IKE uses the Diffie­Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.
D. Main mode is the method used for the IKE phase two security association negotiations.
E. Quick mode is the method used for the IKE phase one security association negotiations.
F. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets.
Answer: A, B, F

7. Which three MPLS statements are true? (Choose three.)
A. Cisco Express Forwarding (CEF) must be enabled as a prerequisite to running MPLS on a Cisco router.
B. Frame­mode MPLS inserts a 32­bit label between the Layer 3 and Layer 4 headers.
C. MPLS is designed for use with frame­based Layer 2 encapsulation protocols such as Frame Relay, but is not supported by ATM because of ATM fixed­length cells.
D. OSPF, EIGRP, IS­IS, RIP, and BGP can be used in the control plane.
E. The control plane is responsible for forwarding packets.
F. The two major components of MPLS include the control plane and the data plane.
Answer: A, D, F

8. Refer to the exhibit.
What are the two options that are used to provide High Availability IPsec? (Choose two.)

A. RRI
B. IPsec Backup Peerings
C. Dynamic Crypto Map
D. HSRP
E. IPsec Stateful Switchover (SSO) F. Dual Router Mode (DRM) IPsec
Answer: A, D

9. Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Answer: B, D

10. Refer to the exhibit.
Which statement about the authentication process is true?

A. The LIST1 list will disable authentication on the console port.
B. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port.
C. All login requests will be authenticated using the group tacacs+ method.
D. All login requests will be authenticated using the local database method.
E. The default login authentication will automatically be applied to all login connections.
Answer: A

11. Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a pre­shared key is used for authentication during the IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F. When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5.
Answer: A, B, C

12. What are three features of the Cisco IOS Firewall feature set? (Choose three.)
A. network­based application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services
E. proxy server
F. IPS
Answer: B, C, F

13. What are three configurable parameters when editing signatures in Security Device Manager (SDM)? (Choose three.)
A. AlarmSeverity
B. AlarmKeepalive
C. AlarmTraits
D. EventMedia
E. EventAlarm
F. EventAction
Answer: A, C, F

14. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.
Answer: C, E

15. Refer to the exhibit. Which statement is true about the configuration of split tunnels using SDM?

A. Any protected subnets that are entered represent subnets at the end user's site that will be accessed without going through the encrypted tunnel.
B. Any protected subnets that are entered represent subnets at the end user's site that will be accessed through the encrypted tunnel.
C. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed without going through the encrypted tunnel.
D. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed through the encrypted tunnel.
Answer: D

16. Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man­in­the­middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man­in­the­middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man­in­the­middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man­in­middle attacks and Internet information queries.
Answer: A, E

17. Which two mechanisms can be used to detect IPsec GRE tunnel failures? (Choose two).
A. Dead Peer Detection (DPD)
B. CDP
C. isakmp keepalives
D. GRE keepalive mechanism
E. The hello mechanism of the routing protocol across the IPsec tunnel
Answer: A, E

18. Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect to a headend as defined by the DOCSIS standard?

A. A, D, C, G, E, F, B
B. A, D, E, G, C, F, B
C. C, D, F, G, E, A, B
D. C, D, F, G, A, E, B
E. F, D, C, G, A, E, B
F. F, D, C, G, E, A, B
Answer: E

© 2010 Cheat-Test.com. All Rights Reserved.
Best Certification Exam Prep and Test Materials Testking Free Download