Welcome to download the newest Pass4itsure 70-463 VCE dumps: http://www.pass4itsure.com/070-463.html
Important Info: Cisco 642-825 now is offering the latest and 100 percent pass Cisco 642-825 exam questions and answers, by training our vce dumps you can pass Cisco 642-825 exam easily and quickly. Visit the site Flydumps.com to get the free Cisco 642-825 exam vce and pdf dumps and FREE VCE PLAYER!
QUESTION 51
If an edge Label Switch Router (LSR) is properly configured, which three combinations are possible? (Choose three.)
A. A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B. An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C. There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D. A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E. A received labeled IP packet is forwarded based upon both the label and the IP address.
F. A received labeled packet is forwarded based on the label. After the label is swapped, the newly labeled packet is sent.
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which two management protocols provide security enhancements such as cryptographic authentication and packet encryption of management traffic? (Choose two.)
A. NTP version 3
B. SNMP version 3
C. Syslog version 3
D. Telnet version 3
E. TFTP version 3
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)
A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which statement is true about Cisco Easy VPN?
A. Easy VPN Server supports DH group 1.
B. Easy VPN Server supports DH group 5.
C. The Cisco Easy VPN Remote feature supports transform sets that provide encryption without authentication.
D. NAT interoperability is not supported in client mode with split tunneling.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Refer to the exhibit. Which Security Device Manager (SDM) feature is illustrated?
A. ACL Editor
B. Easy VPN Wizard
C. Site-to-Site VPN
D. Inspection Rules
E. Reset to Factory Defaults
F. Security Audit
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Refer to the exhibit. What type of security configuration is being verified?
A. Turbo ACLs
B. Reflexive ACLs
C. Authentication Proxy
D. IOS Firewall
E. Distributed Time-Based ACLs
F. Infrastructure Protection ACLs
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit. What is one of the objectives accomplished by the default startup configuration file created by the SDM?
A. blocks both Telnet and SSH
B. prevents the router from ever being used as an HTTP server
C. encrypts all HTTP traffic to prevent man-in-the-middle attacks
D. enables local logging to support the log monitoring function
E. requires access authentication by a TACACS+ server
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which two actions will take place when One-Step Lockdown is implemented? (Choose two.)
A. CDP will be enabled.
B. A banner will be set.
C. Logging will be enabled.
D. Security passwords will be required to be a minimum of 8 characters.
E. Telnet settings will be disabled.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which two statements are true about Cisco IOS Firewall? (Choose two.)
A. It enhances security for TCP applications only.
B. It enhances security for TCP and UDP applications.
C. It enhances security for UDP applications only.
D. It is implemented as a per-application process.
E. It is implemented as a per-destination process.
Correct Answer: BD Section: (none) Explanation
QUESTION 60
Refer to the exhibit. Of the numbered items in the exhibit, which combination is required to implement only SSH?
A. 1, 3, 5, 6, 7, and 9
B. 5, 6, and 7
C. 5, 6, 7, and 9
D. 1, 4, 5, and 9
E. 2, 3, 5, and 9
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What are two possible actions an IOS IPS can take if a packet in a session matches a signature? (Choose two.)
A. reset the connection
B. forward the packet
C. check the packet against an ACL
D. drop the packet
Correct Answer: AD Section: (none) Explanation
QUESTION 62
Which statement is true about the superview of Role-Based CLI?
A. A CLI view cannot be shared by multiple superviews.
B. Any user with level 15 privileges can create or modify views and superviews.
C. Commands cannot be directly configured for a superview.
D. The maximum number of CLI views which can exist is limited only by the amount of flash available.
Correct Answer: C Section: (none) Explanation
QUESTION 63
Which HFC cable network statement is true about the downstream data channel to the customer and the upstream data channel to the service provider?
A. The downstream data path is assigned a 30 MHz channel and the upstream data path is assigned a 1 MHz channel.
B. The downstream data path is assigned a fixed bandwidth channel and the upstream data path uses a variable bandwidth channel.
C. Both upstream and downstream data paths are assigned in 6 MHz channels.
D. The upstream data path is assigned a channel in a higher frequency range than the downstream path has.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which statement about xDSL implementations is true?
A. All xDSL standards operate in higher frequencies than the POTS system and therefore can coexist on the same media.
B. All xDSL standards operate in lower frequencies than the POTS system and can therefore coexist on the same media.
C. The ADSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
D. The HDSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
E. Other than providing higher data rates, HDSL is identical to ADSL.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Refer to the exhibit. Which two statements about the Network Time Protocol (NTP) are true? (Choose two.)
A. Router RTA will adjust for eastern daylight savings time.
B. To enable authentication, the ntp authenticate command is required on routers RTA and RTB.
C. To enable NTP, the ntp master command must be configured on routers RTA and RTB.
D. Only NTP time requests are allowed from the host with IP address 10.1.1.1.
E. The preferred time source located at 130.207.244.240 will be used for synchronization regardless of the other time sources.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which two statements about the AutoSecure feature are true? (Choose two.)
A. AutoSecure automatically disables the CDP feature.
B. If you enable AutoSecure, the minimum length of the login and enable passwords is set to 6 characters.
C. The auto secure full command automatically configures the management and forwarding planes without any user interaction.
D. To enable AutoSecure, the auto secure global configuration command must be used.
E. Once AutoSecure has been configured, the user can launch the SDM Web interface to perform a security audit.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference: QUESTION 67
Which statement is true about a router configured with the ntp trusted-key 10 command?
A. This router only synchronizes to a system that uses this key in its NTP packets.
B. The IOS will not permit ’10’ as an argument to the ntp trusted-key command.
C. This command enables DES encryption of NTP packets.
D. This router will join an NTP multicast group where all routers share the same trusted key.
Correct Answer: A Section: (none) Explanation
QUESTION 68
Which statement about the aaa authentication enable default group radius enable command is true?”
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AAA authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.
Correct Answer: A Section: (none) Explanation
QUESTION 69
Which command sequence is an example of a correctly configured AAA configuration that uses the local database?
A. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication LOCAL_AUTH
B. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication default
C. RTA(config)# aaa new-model RTA(config)# tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA(config-line)# login authentication default
D. RTA(config)# aaa new-model RTA(config)# tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA(config-line)# login authentication LOCAL_AUTH
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit. Based on the partial configuration, which two statements are true? (Choose two.)
A. If configured, the enable password could also be used to log into the console port.
B. The local parameter is missing at the end of each aaa authentication LOCAL-AUTH command.
C. The command aaa authentication default should be issued for each line instead of the login authentication LOCAL_AUTH command.
D. This is an example of a self-contained AAA configuration using the local database.
E. To make the configuration more secure, the none parameter should be added to the end of the aaa authentication login LOCAL_AUTH local command.
F. To successfully establish a Telnet session with RTA, a user can enter the username Bob and password cisco.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Refer to the exhibit. A user is unable to initiate an SSH session with RTA. To help troubleshoot the problem, RTA has been configured as indicated in the exhibit. However, a second attempt to initiate an SSH connection to RTA fails to generate debug information on the Syslog server. What configuration change would display the debug information on the Syslog server?
A. Router RTA should be configured with the debug ip packet EXEC command.
B. Router RTA must be configured with the correct Syslog IP address.
C. Router RTA must be configured with the logging buffered informational global configuration command.
D. Router RTA must be configured with the logging monitor debugging global configuration command.
E. Router RTA must be configured with the logging trap debugging global configuration command.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 72
What is a reason for implementing MPLS in a network?
A. MPLS eliminates the need of an IGP in the core.
B. MPLS reduces the required number of BGP-enabled devices in the core.
C. Reduces routing table lookup since only the MPLS core routers perform routing table lookups.
D. MPLS eliminates the need for fully meshed connections between BGP enabled devices.
Correct Answer: B Section: (none) Explanation
QUESTION 73
Refer to the exhibit. Routers RTB and RTC have established LDP neighbor sessions. Troubleshooting discovered that labels are being distributed between the two routers but no label swapping information is in the LFIB. What is the most likely cause of this problem?
A. The IGP is summarizing the address space.
B. IP CEF has not been enabled on both routers RTB and RTC.
C. BGP neighbor sessions have not been configured on both routers.
D. LDP has been enabled on one router and TDP has been enabled on the other.
E. LDP is using the loopback address as the LDP ID and the loopback address is not in the routing table.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Choose two.)
A. MTU size of the GRE tunnel interface
B. GRE tunnel source interface or IP address, and tunnel destination IP address
C. IPSEC mode (tunnel or transport)
D. GRE tunnel interface IP address
E. crypto ACL number
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Refer to the exhibit. All routers participate in the MPLS domain. An IGP propagates the routing information for network 10.10.10.0/24 from R5 to R1. However, router R3 summarizes the routing information to 10.10.0.0/16. How will the routes be propagated through the MPLS domain?
A. R3, using LDP, will advertise labels for both networks, and the information will be propagated throughout the MPLS domain.
B. R3 will label the summary route using a pop label. The route will then be propagated through the rest of the MPLS domain. R3 will label the 10.10.10.0/24 network and forward to R2 where the network will be dropped.
C. R3 will label the 10.10.10.0/24 network using a pop label which will be propagated through the rest of the MPLS domain. R3 will label the summary route and forward to R2 where the network will be dropped.
D. None of the networks will be labeled and propagated through the MPLS domain because aggregation breaks the MPLS domain.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which two mechanisms can be used to detect IPsec GRE tunnel failures? (Choose two).
A. Dead Peer Detection (DPD)
B. CDP
C. isakmp keepalives
D. GRE keepalive mechanism
E. The hello mechanism of the routing protocol across the IPsec tunnel
Correct Answer: AE Section: (none) Explanation
QUESTION 77
Refer to the exhibit. A PPPoA DSL diagram and partial configuration are shown. What configuration statement needs to be added to allow the SOHO77 router to automatically receive an IP address from the service provider’s DSLAM?
A. ip nat outside applied to the SOHO77 ATM0 interface
B. a static IP address on the dialer0 interface and ip nat outside applied to the ATM0 interface on the SOHO77
C. ip address negotiated applied to the SOHO77 ATM0 interface
D. ip address negotiated applied to the SOHO77 dialer0 interface
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Refer to the exhibit. MPLS and LDP are enabled on routers RTB and RTC and all interfaces are enabled. However, the routers will not establish an LDP neighbor session. Troubleshooting has revealed that there is forwarding information in the FIB table, but there is no forwarding information in the LFIB table. Which issue would cause this problem?
A. IP CEF is not enabled on one or both of the routers.
B. MPLS has been enabled on the interface but has not been enabled globally on one or both of the routers.
C. BGP neighbor sessions have not been configured on one or both of the routers.
D. One or both of the routers are using the loopback address as the LDP ID and the loopback is not being advertised by the IGP.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration. Which command needs to be applied to the SOHO77 to complete the configuration?
A. encapsulation aal5snap applied to the PVC.
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Refer to the exhibit and the partial configuration on a DSL router. The DSL Router is connected to a service provider using a PPPoE session over a DSL line. The FTP traffic, generated from inside the network 10.92.1.0/24, fails to reach the PPPoE Server. What should be configured on the DSL Router to fix the problem?
A. The ip mtu command with a bytes argument set greater than 1500 needs to be configured for the Dialer1 interface.
B. The ip mtu command with a bytes argument set lower than 1500 needs to be configured for the Dialer1 interface.
C. The ip mtu command with a bytes argument set greater than 1500 needs to be configured for the ATM0 interface.
D. The ip mtu command with a bytes argument set lower than 1500 needs to be configured for the ATM0 interface.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 81
Refer to the exhibit. Based on the partial PPPoE configuration, which two statements are true? (Choose two.)
A. The configuration will only support a single host on the inside network.
B. The configuration will support multiple hosts on the inside network.
C. The configuration will support only those hosts on the inside network that support the authentication type.
D. The router will encapsulate the Ethernet traffic into PPPoE and then transmit it out of the FastEthernet4 interface.
E. The router will encapsulate the Ethernet traffic in PPPoE packets and then transmit it out of the VLAN1 interface.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 82
What technology must be enabled as a prerequisite to running MPLS on a Cisco router?
A. process switching
B. routing-table driven switching
C. cache driven switching
D. CEF switching
E. fast switching
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Refer to the exhibit. On the basis of the command output, which statement is true?
A. The value 32 is a local label ID.
B. Traffic associated with local label 26 will be forwarded to an interface that is not associated with label switching.
C. Traffic associated with local label 30 will have a next hop of 10.250.0.97/32.
D. Traffic associated with local label 29 will be forwarded to an interface that is not associated with label switching.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 84
What are three features in the SDM that role-based access provides? (Choose three.)
A. provides configuration wizards for all routing protocols (like RIP, OSPF, EIGRP, BGP, IS-IS)
B. provides to end customers multiservice switching platforms (MSSPs) with a graphical, read-only view of the customer premises equipment (CPE) services
C. provides advanced troubleshooting using debug output analysis
D. provides secure access to the SDM user interface and Telnet interface specific to the profile of each administrator
E. provides logical separation of the router between different router administrators and users
F. provides dynamic update of new IPS signatures for administrator, firewall administrator, easy VPN client, and read-only users
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Refer to the exhibit. What Cisco feature generated the configuration?
A. EZ VPN
B. IOS Firewall
C. AutoSecure
D. IOS IPS
E. AAA
F. TACACS+
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 86
What are the four fields in an MPLS label? (Choose four.)
A. version
B. experimental
C. label
D. protocol
E. TTL
F. bottom-of-stack indicator
Correct Answer: BCEF Section: (none) Explanation
QUESTION 87
Which global configuration mode command will configure a Cisco router as an authoritative NTP server?
A. ntp broadcast
B. ntp peer
C. ntp server
D. ntp master
Correct Answer: D Section: (none) Explanation
Flydumps.com takes in the latest Cisco 642-825 questions in the Cisco 642-825 exam materials so that our material should be always the latest and the most relevant. We know that Cisco 642-825 examination  wouldn’t repeat the same set of questions all the time. Microsoft certification examinations are stringent and focus is often kept on updated technology trends. The Cisco 642-825 exam questions organized by the professionals will help to condition your mind to promptly grasp what you could be facing in the Cisco 642-825 cert examination.
Pass4itsure 070-463 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/70-463.html