exam 642-825 preparation questions
DESCRIPTION
Aonetesting the leading source in certification preparation services, all certification guaranteed study material, question and answers, practice exams and many more at one place. This is a brand which fulfills all the requirements of certification preparation of exams. By Aonetesting 642-825 training kits get 100% results in any certification exams.TRANSCRIPT
Exam 642-825 study material
Made available by Aonetesting.com
Free 642-825 Exam Preparation Questions
Exam 642-825: Implementing Secure Converged Wide Area Networks (ISCW)
For Latest 642-825 Exam Questions and study guides- visit- http://www.aonetesting.com/642-825.html
Question:1 Refer to the exhibit
What are the ramifications of Fail Closed being enabled under Engine Options? A. The router will drop all packets that arrive on the affected interface. B. If the IPS engine is unable to scan data, the router will drop all packets. C. If the IPS detects any malicious traffic, it will cause the affected interlace to close any open TCP
connections. D. The IPS engine is enabled to scan data and drop packets depending upon the signature of the
flow.
Answer: B Question:2 A router interface is configured with an inbound access control list and an inspection rule. How will an inbound packet on this interface be processed? A. The packet is processed by the inbound ACL. If the packet is dropped by the ACL, it is
processed by the inspection rule. B. The packet is processed by the inbound ACL. If the packet is not dropped by the ACL, it is
processed by the inspection rule. C. The packet is processed by the inspection rule. If the packet matches the inspection rule, the
inbound ACL is invoked. D. The packet is processed by the inspection rule. If the packet does not match the inspection rule,
the inbound ACL is invoked.
For Latest 642-825 Exam Questions and study guides- visit- http://www.aonetesting.com/642-825.html
Answer: B Question:3
Refer to the exhibit.
Assume that a signature can identity an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address? A. Alarm B. Drop C. Reset D. Deny Flow ln line E. denyattackerlnline F. Deny-connection-inline
Answer: E Question:4 A site requires support for skinny and H.323 voice protocols. How is this configured on an lOS firewall using the SDM? A. The Basic Firewall wizard is executed and the High Security Application policy is selected. B. The Advanced Firewall wizard is executed and a custom Application Security policy is
selected in place of the default Application Security policies. C. The Application Security tab is used to create a policy with voice support before the Firewall wizard
is run. D. The Application Security tab is used to modify the SDM_High policy to add voice support prior to
the Firewall wizard being run. Answer: B Question:5 Refer to the exhibit.
The Basic Firewall wizard has been used to configure a router. What is the purpose of the highlighted access list statement? A. To prevent spoofing by blocking traffic entering interface Fa0/0 with a source address in the same
subnet as interface VLAN10 B. To prevent spoofing by blocking traffic entering Fa0/0 with a source address in the RFC 1916
private address space C. To establish a DMZ by preventing traffic from interface VLAN10 being sent out interface Fa0/0 D. To establish a DMZ by preventing traffic from interface Fa0/0 being sent out interface VLAN1 0
Answer: A Question:6 When establishing a VPN connection from the Cisco software VPN client to an Easy VPN server router using pre-shared key authentication, what is entered in the configuration GUI of the Cisco software VPN client to identify the group profile that is associated with this VPN client? A. Group name B. Client name C. Distinguished name D. Organizational unit Answer: A Question:7 Refer to the exhibit.
An lOS firewall has been configured to support skinny and H.323. Voice traffic is not passing through the firewall as expected. What needs to be corrected in this configuration? A. Access list 100 needs to permit skinny and H.323. B. Access list 101 needs to permit skinny and H.323. C. The ip inspect Voice in command on interface FastEthernet 0/1 should be applied in the
outbound direction. D. The ip inspect Voice out command should be applied to interface FastEthernet 0/0.
Answer: C Question:8 During the Easy VPN Remote connection process, which phase involves pushing the IP address, Domain Name System (DNS), and split tunnel attributes to the client? A. mode configuration B. the VPN client establishment of an ISAKMP SA C. IPsec quick mode completion of the connection D. VPN client initiation of the IKE phase 1 process
Answer: A Question:9 When entering the Group Authentication information while configuring the Cisco VPN Client on a PC, what information is entered in the “Name” field? A. login name of the user (such as “jsmith”)
B. client name of the device (such as “jsmith-laptop”)
C. IPsec group information (such as “Engineering”)
D. the group pre-shared secret (such as “CiNl1iNFTW”) E - host name of the remote VPN device (such as “vpna.cisco.com”) Answer: C Question:10 Drag each Cisco Easy VPN connection process on the left to its step on the right.
Answer: Question:11
When configuring the Cisco VPN Client, what action is required prior to installing Mutual Group Authentication? A. Transparent tunneling must be enabled.
B. A valid root certificate must be installed. C. A group pre-shared secret must be properly configured. D. The option to “Allow Local LAN Access” must be selected.
Answer: B Question:12 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology or the SDM, you can return to your questions by clicking on the Questions button to the left. Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions: Which statement is true? (We can’t offer correct answers for this question, hope you can help us, and send your suggestions to supportCompany.com, it is greatly appreciated.)
A. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces. C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface. D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface. Answer: C Question:13 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have
finished viewing the topology or the SDM, you can return to your questions by clicking on the Questions button to the left. Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the 3SM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would be true for a permissible incoming TCP packet on an untrusted Interface in the this configuration? (Choose two.) (We can’t offer correct answers for this question, hope you can help us, and send your suggestions to supportCompany.com, it is greatly appreciated.) A. The packedt has a source address of 10.79.233.186 B. The packet has a source address of 172.16.81.108 C. The packet has a source address of 198.133.219.135 D. The session originated from an untrusted interface E. The session originated from a trusted Interface F. The application is not specified within the inspection rule SDM_LOW.
Answer: C, E Question:14 This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology or the SDM, you can return to your questions by clicking on the Questions button to the left. Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two.) (We can’t offer correct answers for this question, hope you can help us, and send your suggestions to supportCompany.com, it is greatly appreciated.) A. The packet has a source address of 10.79.233.107 B. The packet has a source address of 172.16.81.108 C. The packet has a source address of 198.133.21940 D. The destination address is not specified within the inspection rule SDM_LOW. E. The destination address is specified within the inspection rule SDM_LOW.
Answer: A, C
For Latest 642-825 Exam Questions and study guides- visit- http://www.aonetesting.com/642-825.html
For Latest 642-825 Exam Questions and study guides- visit- http://www.aonetesting.com/642-825.html
For complete Exam 642-825 Training kits and Self-Paced Study Material
Visit:http://www.aonetesting.com/642-825.html
http://www.aonetesting.com
For Latest 642-825 Exam Questions and study guides- visit- http://www.aonetesting.com/642-825.html