Welcome to download the newest Flydumps 300-207 VCE dumps: http://www.flydumps.com/300-207.html

FLYDUMPS Cisco 642-825 exam sample questions allow students to prepare for Cisco 642-825 exam the way they want to. We provide the latest, most effective Cisco 642-825 test questions for transition your Cisco 642-825 TelePresence Video Sales Engineer for Advanced Exam test, with the real and original Cisco 642-825 questions and answers we specially prepared, you can quickly grasp the points you need for Cisco 642-825 test. To help with these preparations there are plenty of Cisco 642-825 Q&As available on the Internet that can dispel all these fears and nervousness. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco 642-825 exam sample questions, and provide detailed operations support for the Cisco certifications. Candidates can prepare for this exam by taking the Cisco 642-825 exam sample questions.

QUESTION 88
What actions can be performed by the Cisco IOS IPS when suspicious activity is detected? (Choose four.)
A. send an alarm to a syslog server or a centralized management interface
B. initiate antivirus software to clean the packet
C. drop the packet
Cisco 642-825 Practice Test, Valid and updated Cisco 642-825 Real Exam 100% Pass With A High Score
D. reset the connection
E. request packet to be resent
F. deny traffic from the source IP address associated with the connection

Correct Answer: ACDF Section: (none) Explanation
QUESTION 89

Refer to the exhibit. The show mpls interfaces detail command has been used to display information about the interfaces on router R1 that have been configured for label switching. Which statement is true about the MPLS edge router R1?
A. Packets can be labeled and forwarded out interface Fa0/1 because of the MPLS operational status of the interface.
B. Because LSP tunnel labeling has not been enabled on interface Fa0/1, packets cannot be labeled and forwarded out interface Fa0/1.
C. Packets can be labeled and forwarded out interface Fa1/1 because MPLS has been enabled on this interface.
D. Because the MTU size is increased above the size limit, packets cannot be labeled and forwarded out interface Fa1/1.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 90

Refer to the exhibit. SDM has been used to configure the locations from which the signature definition file (SDF) will be loaded. What will happen if the SDF files in flash are not available at startup?
A. All traffic will flow uninspected or will be dropped.
B. All traffic will be marked as uninspected and will be checked after the signature file is loaded.
C. All traffic will be inspected by the built-in signatures bundled with Cisco IOS Software.
D. All traffic will be inspected by the pre-built signatures bundled in the attack-drop.sdf file.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which statement is true about convergence in an MPLS network?
A. MPLS convergence will take place at the same time as the routing protocol convergence.
B. MPLS convergence will take place after the routing protocol convergence.
C. MPLS convergence will take place before the routing protocol convergence.
D. MPLS must be reconfigured after the routing protocol convergence.

Correct Answer: B Section: (none) Explanation
QUESTION 92
Which procedure is recommended to protect SNMP from application layer attacks?
A. Configure SNMP with only read-only community strings.
B. Implement RFC 2827 filtering.
C. Use SNMP version 2.
D. Create an access list on the SNMP server.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93

Refer to the exhibit. What is the result of the ACL configuration that is displayed?
A. Inbound packets to request a TCP session with the 10.10.10.0/24 network are allowed.
B. TCP responses from the outside network for TCP connections that originated on the inside network are allowed.
C. TCP responses from the inside network for TCP connections that originated on the outside network are denied.
D. Any inbound packet with the SYN flag set to be routed is permitted.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 94
Which two statements are true about the Cisco IOS Firewall set? (Choose two.)
A. It protects against denial of service (DoS) attacks
B. An ACL entry is statically created and added to the existing, permanent ACL.
C. Traffic originating within the router is not inspected.
D. Temporary ACL entries are created and persist for the duration of the communication session.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which statement is true about the SDM Basic Firewall wizard?
A. The wizard applies predefined rules to protect the private and DMZ networks.
B. The wizard can configure multiple DMZ interfaces for outside users.
C. The wizard permits the creation of a custom application security policy.
D. The wizard configures one outside interface and one or more inside interfaces.

Correct Answer: D Section: (none) Explanation
QUESTION 96
Which three statements about frame-mode MPLS are true? (Choose three.)
A. MPLS has three distinct components consisting of the data plane, the forwarding plane, and the control plane.
B. The control plane is a simple label-based forwarding engine that is independent of the type of routing protocol or label exchange protocol.
C. The CEF FIB table contains information about outgoing interfaces and their corresponding Layer 2 header.
D. The MPLS data plane takes care of forwarding based on either destination addresses or labels.
E. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol (TDP) or MPLS Label Distribution Protocol (LDP).
F.     Whenever a router receives a packet that should be CEF-switched, but the destination is not in the FIB, the packet is dropped.

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a pre-shared key is used for authentication during the IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F.     When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5.

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which two statements are true about the use of SDM to configure the Cisco Easy VPN feature on a router? (Choose two.)
A. An Easy VPN connection is a connection that is configured between two Easy VPN clients.
B. The Easy VPN server address must be configured when configuring the SDM Easy VPN Server wizard.
C. The SDM Easy VPN Server wizard displays a summary of the configuration before applying the VPN configuration.
D. The SDM Easy VPN Server wizard can be used to configure a GRE over IPSec site-to-site VPN or a dynamic multipoint VPN (DMVPN).
E. The SDM Easy VPN Server wizard can be used to configure user XAuth authentication locally on the router or externally with a RADIUS server.
F.     The SDM Easy VPN Server wizard recommends using the Quick setup feature when configuring a dynamic multipoint VPN.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 99

Refer to the exhibit. Which network threat would the configuration in the exhibit mitigate?
A. DoS ping attacks
B. DoS TCP SYN attack
C. IP address spoofing attack – inbound
D. IP address spoofing attack – outbound
E. SNMP service filtering attack

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 100

Refer to the exhibit. Given the partial configuration that is shown, what command needs to be added to allow the tunneled traffic to be encrypted?
A. match address 101 applied to the crypto map
B. match address 101 applied to the serial 1/0 interface
C. ip access-group 101 out applied to the serial 1/0 interface
D. ip access-group 101 in applied to the serial 1/0 interface

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which three statements are true when configuring Cisco IOS Firewall features using the SDM? (Choose three.)
A. A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.
B. An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog box.
C. Custom application policies for e-mail, instant messaging, HTTP, and peer-to-peer services can be created using the Intermediate Firewall wizard.
D. Only the outside (untrusted) interface is specified in the Basic Firewall Interface Configuration dialog box.
E. The outside interface that SDM can be launched from is configured in the Configuring Firewall for Remote Access dialog box.
F.     The SDM provides a basic, intermediate, and advanced firewall wizard.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL.
F.     For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 103
What are three features of the Cisco IOS Firewall feature set? (Choose three.)
A. network-based application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services
E. proxy server
F.     IPS

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which two statements about an IDS are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS can send TCP resets to the source device.
C. The IDS can send TCP resets to the destination device.
D. The IDS listens promiscuously to all traffic on the network.
E. Default operation is for the IDS to discard malicious traffic.

Correct Answer: BD Section: (none) Explanation
QUESTION 106
Which statement about an IPS is true?
A. The IPS is in the traffic path.
B. Only one active interface is required.
C. Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS.
D. When malicious traffic is detected, the IPS will only send an alert to a management station.

Correct Answer: A Section: (none) Explanation
QUESTION 107
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A. DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which action can be taken by Cisco IOS IPS when a packet matches a signature pattern?
A. drop the packet
B. reset the UDP connection
C. block all traffic from the destination address for a specified amount of time
D. perform a reverse path verification to determine if the source of the malicious packet was spoofed
E. forward the malicious packet to a centralized NMS where further analysis can be taken

Correct Answer: A Section: (none) Explanation
QUESTION 109

Refer to the exhibit. Which of the configuration tasks would allow you to do quick deployment of default signatures?
A. Routing
B. NAT
C. Intrusion Prevention
D. NAC
E. Additional Tasks

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 110
Which statement is true about the SDM IPS Policies wizard?
A. In order to configure the IPS, the wizard requires that customized signature files be created.
B. The IPS Policies wizard only allows the use of default signatures which cannot be modified.
C. The IPS Policies wizard can be used to modify, delete, or disable signatures that have been deployed on the router.
D. When initially enabling the IPS Policies wizard, SDM automatically checks and downloads updates of default signatures available from CCO (cisco.com).
E. The wizard verifies whether the command is correct but does not verify available router resources before the signatures are deployed to the router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 111

Refer to the exhibit. What are the ramifications of Fail Closed being enabled under Engine Options?
A. The router will drop all packets that arrive on the affected interface.
B. If the IPS engine is unable to scan data, the router will drop all packets.
C. If the IPS detects any malicious traffic, it will cause the affected interface to close any open TCP connections.
D. The IPS engine is enabled to scan data and drop packets depending upon the signature of the flow.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 112

Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?
A. alarm
B. drop
C. reset
D. denyFlowInline
E. denyAttackerInline
F. deny-connection-inline

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which statement is correct about Security Device Event Exchange (SDEE) messages?
A. SDEE messages can be viewed in real time using SDM.
B. SDEE messages displayed at the SDM window cannot be filtered.
C. SDEE messages are the SDM version of syslog messages.
D. SDEE specifies the IPS/IDS message exchange format between an IPS/IDS device and IPS the management/monitoring station.
E. For SDEE messages to be viewed, the show ip ips all or show logging commands must be given first.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 114
What is required when configuring IOS Firewall using the CLI?
A. IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. route-map to define the trusted outgoing traffic
D. route-map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 115

Refer to the exhibit. Given the specifications, what is the total bandwidth that is required for a voice call?
A. 9.6 kbps
B. 26.4 kbps
C. 16.1 kbps
D. 105 kbps

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

Flydumps.com New Cisco 642-825 Dumps are designed to help you to out in a short time. You can get Flydumps Cisco 642-825 dumps to pass your exam. To be a Microsoft professional makes you a better future.

Flydumps 300-207 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/300-207.html

Cisco 642-825 Practice Test, Valid and updated Cisco 642-825 Real Exam 100% Pass With A High Score

Previous post Cisco 642-444 Real Exam, 100% Pass Guarantee Cisco 642-444 Demos Materials Is Your Best Choice
Next post Cisco 642-831 Exam Test Questions, Free Download Real Cisco 642-831 Exam Practice PDF Covers All Key Points