Welcome to download the newest Jumpexam 070-462 VCE dumps: http://www.jumpexam.com/070-462.html

Flydumps delivers you the best possible study guide which is also updated regularly to take your Cisco 642-825 exam. The Cisco 642-825 real exam is planned and researched by IT experts who are very much involved in the IT field. They have been trying their level best to create concise and logical study guide by using their data. Using the product of Flydumps will not only help you pass the exam but also safe a bright future for you ahead.

QUESTION 50
Refer to exhibit. On the basis of the information that is presented, which statement is true?

A. ACL 109 is designed to prevent any inbound packets with the ACK flag set from entering the router.
B. ACL 109 is designed to prevent any inbound packets with the SYN flag set from entering the router.
C. ACL 109 is designed to prevent outbound IP address spoofing attacks.
D. ACL 109 is designed to allow packets with the ACK flag set to enter the router.
E. ACL 109 is designed to allow packets with the SYN flag set to enter the router.
F. ACL 109 should have been applied to interface Fa0/0.

Correct Answer: D Section: Questions Explanation
QUESTION 51
Refer to the exhibit. The configuration has been applied to router RTA to mitigate the threat of certain types of ICMP-based attacks. However, the configuration is incorrect. On the basis of the information in the exhibit, which configuration option would correctly configure router RTA?

A. ACL 112 should have been applied to interface Fa0/0 in an inbound direction.
B. ACL 112 should have been applied to interface Fa0/1 in an outbound direction.
C. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic.
D. The last statement of ACL 112 should have been access-list 112 deny icmp any 10.1.1.0 0.0.0.255.
E. The last statement of ACL 112 should have been access-list 112 deny icmp any 10.2.1.0 0.0.0.255.
F. The last statement of ACL 112 should have been access-list 112 permit icmp any 10.2.1.0 0.0.0.255.

Correct Answer: F Section: Questions Explanation
Explanation/Reference:
QUESTION 52
Which two statements about the Security Device Manager (SDM) Intrusion Prevention System (IPS) Rule wizard are true? (Choose two.)
A. By default, the Use Built-In Signatures (as backup) checkbox is not selected.
B. Changes to the IPS rules can be made using the Configure IPS tab.
C. Changes to the IPS rules can be made using the Edit Firewall Policy/ACL tab.
D. Once all interfaces have rules applied to them, you can re-initiate the IPS Rule wizard to make changes.
E. Once all interfaces have rules applied to them, you cannot re-initiate the IPS Rule wizard to make changes.
F. When using the wizard for the first time, you will be prompted to enable the Security Device Event Exchange (SDEE).

Correct Answer: DF Section: Questions Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. Which two statements about the SDF Locations window of the IPS Rule wizard are true? (Choose two.)

A. An HTTP SDF file location can be specified by clicking the Add button.
B. If all specified SDF locations fail to load, the signature file that is named default.sdf will be loaded.
C. The Autosave feature automatically saves the SDF alarms if the router crashes.
D. The Autosave feature is automatically enabled for the default built-in signature file.
E. The name of the built-in signature file is default.sdf.
F. The Use Built-In Signatures (as backup) check box is selected by default.

Correct Answer: AF Section: Questions Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit. On the basis of the information in the exhibit, which two statements are true? (Choose two.)

A. Any traffic matching signature 1107 will generate an alarm, reset the connection, and be dropped.
B. Signature 1102 has been modified, but the changes have not been applied to the router.
C. Signature 1102 has been triggered because of matching traffic.
D. The Edit IPS window is currently displaying the Global Settings information.
E. The Edit IPS window is currently displaying the signatures in Details view.
F. The Edit IPS window is currently displaying the signatures in Summary view.

Correct Answer: BE Section: Questions Explanation
Explanation/Reference:
QUESTION 55
Refer to the exhibit. On the basis of the information that is provided, which two statements are true? (Choose two.)

A. An IPS policy can be edited by choosing the Edit button.
B. Right-clicking on an interface will display a shortcut menu with options to edit an action or to set severity levels.
C. The Edit IPS window is currently in Global Settings view.
D. The Edit IPS window is currently in IPS Policies view.
E. The Edit IPS window is currently in Signatures view.
F. To enable an IPS policy on an interface, click on the interface and deselect Disable.

Correct Answer: AD Section: Questions Explanation
Explanation/Reference:
QUESTION 56
Which four outbound ICMP message types would normally be permitted? (Choose four.)
A. echo reply
B. time exceeded
C. echo
D. parameter problem
E. packet too big
F. source quench

Correct Answer: CDEF Section: Questions Explanation
QUESTION 57
Refer to the exhibit. When editing the Invalid DHCP Packet signature using security device manager (SDM), which additional severity levels can be chosen? (Choose three.)

A. low
B. urgent
C. high
D. debug
E. informational
F. warning

Correct Answer: ACE Section: Questions Explanation
Explanation/Reference:
QUESTION 58
An administrator is troubleshooting an ADSL connection. For which OSI layer is the ping atm interface command useful for probing problems?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Correct Answer: B Section: Questions Explanation
Explanation/Reference:
QUESTION 59
Which IOS command will display IPS default values that may not be displayed using the show running-config command?
A. show ip ips session
B. show ip ips interface
C. show ip ips statistics
D. show ip ips configuration
E. show ip ips running-config

Correct Answer: D Section: Questions Explanation
Explanation/Reference:
QUESTION 60
Refer to the exhibit. Which of the configuration tasks would allow you to quickly deploy default signatures?

A. firewall and ACLs
B. security audit
C. routing
D. NAT
E. intrusion prevention
F. NAC

Correct Answer: E Section: Questions Explanation
Explanation/Reference:
QUESTION 61
What are two possible actions Cisco IOS IPS can take if a packet in a session matches a signature? (Choose two.)
A. drop the packet
B. forward the packet
C. quartile the packet
D. reset the connection
E. check the packet against an ACL
Correct Answer: AD Section: Questions Explanation

Explanation/Reference:
QUESTION 62
A router interface is configured with an inbound access control list and an inspection rule. How will an inbound packet on this interface be processed?
A. It will be processed by the inbound ACL. If the packet is dropped by the ACL, then it will be processed by the inspection rule.
B. It will be processed by the inbound ACL. If the packet is not dropped by the ACL, then it will be processed by the inspection rule.
C. It will be processed by the inspection rule. If the packet matches the inspection rule, the inbound ACL will be invoked.
D. It will be processed by the inspection rule. If the packet does not match the inspection rule, the inbound ACL will be invoked.

Correct Answer: B Section: Questions Explanation
Explanation/Reference:
QUESTION 63
Which two features can be implemented using the Cisco SDM Advanced Firewall wizard? (Choose two.)
A. DMZ support
B. custom rules
C. firewall signatures
D. application security
E. IP unicast reverse path forwarding

Correct Answer: AB Section: Questions Explanation
Explanation/Reference:
QUESTION 64
Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two.)
A. It can be used to block bulk encryption attacks.
B. It can be used to protect against denial of service attacks.
C. Traffic originating from the router is considered trusted, so it is not inspected.
D. Based upon the custom firewall rules, an ACL entry is statically created and added to the existing ACL permanently.
E. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session.

Correct Answer: BE Section: Questions Explanation
QUESTION 65
What is required when configuring Cisco IOS Firewall using the CLI?
A. IOS IPS must be enabled on the untrusted interface.
B. NBAR must be enabled to perform protocol discovery and deep packet inspection.
C. A route map must be used to define the trusted outgoing traffic.
D. A route map must be used to define the application inspection rules.
E. An inbound extended ACL must be applied to the untrusted interface.

Correct Answer: E Section: Questions Explanation
QUESTION 66
Refer to the exhibit. Which Cisco SDM feature is illustrated?

A. ACL Editor
B. Easy VPN Wizard
C. Security Audit
D. Site-to-Site VPN
E. Inspection Rules
F. Reset to Factory Defaults

Correct Answer: C Section: Questions Explanation
QUESTION 67
Which two statements about management protocols are true? (Choose two.)
A. IGMP should be enabled on edge interfaces to allow remote testing.
B. NTP version 3 or later should be used because these versions support the use of a cryptographic authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for management packets.
D. NTP version 3 or later should be used because these versions support the use of a RADIUS-based authentication mechanism between peers.
E. SNMP version 3 is recommended since it provides a RADIUS-based authentication mechanism between peers.

Correct Answer: BC Section: Questions Explanation
QUESTION 68
Refer to the exhibit. Based on this partial configuration, which two statements are true? (Choose two.)

A. You can log into the console using either the “cisco” or “sanfran” password.
B. The local parameter is missing at the end of each aaa authentication LOCAL-AUTH command.
C. The aaa authentication default command should be issued for each line instead of the login authentication LOCAL_AUTH command.
D. This is an example of a self-contained AAA configuration using the local database.
E. To make the configuration more secure, the none parameter should be added to the end of the aaa authentication login LOCAL_AUTH local command.
F. To successfully establish a Telnet session with RTA, a user can enter the username Bob and password cisco.

Correct Answer: DF Section: Questions Explanation
QUESTION 69
Refer to the exhibit. Routers RTB and RTC have established LDP neighbor sessions. During troubleshooting, you discovered that labels are being distributed between the two routers but no label swapping information is in the LFIB. What is the most likely cause of this problem?

A. The IGP is summarizing the address space.
B. IP Cisco Express Forwarding has not been enabled on both RTB and RTC.
C. BGP neighbor sessions have not been configured on both routers.
D. LDP has been enabled on one router and TDP has been enabled on the other.

Correct Answer: B Section: Questions Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit. The show mpls interfaces detail command has been used to display information about the interfaces on MPLS edge router R1 that have been configured for label switching. Which statement about R1 is true?

A. MPLS is not operating on Fa1/0, because the MTU size has exceeded the 1500 limit of Ethernet.
B. The router has established a TDP session with its neighbor on Fa0/1. Packets can be labeled and forwarded out that interface.
C. LSP tunnel labeling has not been enabled on either interface Fa0/0 or Fa1/1, therefore MPLS is not operating on Fa0/1.
D. The router has established an LDP session with its neighbor on Fa1/1. However, packets cannot be forwarded out that interface because MPLS is not operational.

Correct Answer: B Section: Questions Explanation
Explanation/Reference:
QUESTION 71
Refer to the exhibit. Which statement about this Cisco IOS Firewall configuration is true?

A. Outbound TCP sessions are blocked, preventing inside users from browsing the Internet.
B. INSIDEACL permits outbound HTTP sessions; INSIDEACL is applied to the outside interface in the inbound direction.
C. OUTSIDEACL permits inbound SMTP and HTTP; OUTSIDEACL is applied to the inside interface in the outbound direction.
D. ICMP unreachable “packet-too-big” messages are rejected on all interfaces to prevent DDoS attacks.
E. The TCP inspection will automatically allow return traffic for the outbound HTTP sessions and inbound SMTP and HTTP sessions.

Correct Answer: E Section: Questions Explanation
QUESTION 72
Refer to the exhibit. Which statement about this Cisco IOS Firewall configuration is true?

A. OUTSIDEACL permits outbound HTTP sessions; OUTSIDEACL is applied to the inside interface in the inbound direction.
B. INSIDEACL permits inbound SMTP and HTTP; INSIDEACL is applied to the outside interface in the inbound direction.
C. Outside hosts are allowed to initiate sessions with the SMTP server (200.1.2.1) and HTTP server
(200.1.2.2) located in the enterprise DMZ.
D. The inspection rules include the generic TCP inspection and are applied to outbound connections on the inside interface and to inbound sessions on the outside interface.

Correct Answer: C Section: Questions Explanation
QUESTION 73
What is an MPLS forwarding equivalence class?
A. a set of destination networks forwarded from the same ingress router
B. a set of destination networks forwarded to the same egress router
C. a set of source networks forwarded from the same ingress router
D. a set of source networks forwarded to the same egress router

Correct Answer: B Section: Questions Explanation
QUESTION 74
Which approach for identifying malicious traffic involves looking for a fixed sequence of bytes in a single packet or in predefined content?
A. policy-based
B. anomaly-based
C. honeypot-based
D. signature-based
E. regular-expression-based

Correct Answer: D Section: Questions Explanation
Explanation/Reference:
QUESTION 75
Which Cisco SDM feature expedites the deployment of the default IPS settings and provides configuration steps for interface and traffic flow selection, SDF location, and signature deployment?
A. IPS Edit menu
B. IPS Command wizard
C. IPS Policies wizard
D. IPS Signature wizard

Correct Answer: C Section: Questions Explanation
Explanation/Reference:
QUESTION 76
In an MPLS VPN implementation, how are overlapping customer prefixes propagated?
A. A unique route target is attached to each customer routing update.
B. Separate BGP sessions are established between each pair of customer edge LSRs.
C. Each customer is given a unique set of edge LSPs.
D. A route distinguisher is attached to each customer prefix.
E. Each customer is given a unique IGP instance.

Correct Answer: D Section: Questions Explanation
QUESTION 77
Refer to the exhibit. A network administrator wishes to mitigate network threats. Given this purpose, which two statements about the Cisco IOS Firewall configuration that is revealed by the output are true (Choose two.)

A. The ip inspect FIREWALL_ACL out command must be applied on Fa0/0 interface.
B. The ip inspect FIREWALL_ACL out command must be applied on Fa0/1 interface.
C. The ip access-group FIREWALL_ACL in command must be applied on Fa0/0 interface.
D. The ip access-group FIREWALL_ACL in command must be applied on Fa0/1 interface.
E. The configuration excerpt is an example of a CBAC list.
F. The configuration excerpt is an example of a reflexive ACL.

Correct Answer: BE Section: Questions Explanation
Explanation/Reference:
QUESTION 78
In an MPLS VPN implementation, how are overlapping customer prefixes propagated?
A. A separate instance of the core IGP is used for each customer.
B. Separate BGP sessions are established between each customer edge LSR.
C. Because customers have their own unique LSPs, address space is kept separate.
D. A route distinguisher is attached to each customer prefix.
E. Because customers have their own interfaces, distributed CEFs keep the forwarding tables separate.

Correct Answer: D Section: Questions Explanation
QUESTION 79
Which two statements are true about the Data-over-Cable Service Interface Specifications? (Choose two.)
A. DOCSIS is an international standard developed by CableLabs.
B. DOCSIS defines cable operations at Layer 1, Layer 2, and Layer 3 of the OSI model.
C. Cable operators employ DOCSIS to provide cable access over their existing IP infrastructures.
D. DOCSIS defines a set of frequency allocation bands that are common to both U.S. and European cable systems.
E. Compliance with DOCSIS has been mandated by the major governmental regulatory agencies in both the U.S. and Europe.
F. Euro-DOCSIS requires the European cable channels to conform to PAL-based standards, whereas DOCSIS requires the North American cable channels to conform to the NTSC standard.

Correct Answer: AF Section: Questions Explanation
Explanation/Reference:
QUESTION 80
Refer to the exhibit. Which of these statements is true?

A. The router failed to train or successfully initialize because of a Layer 1 issue.
B. The router cannot activate the line because of a Layer 2 authentication issue.
C. The router failed to train or successfully initialize because of a PPP negotiation issue.
D. The router cannot activate the line because the ISP has not provided the requested IP address.

Correct Answer: A Section: Questions Explanation
QUESTION 81
Refer to the exhibit. What information can be derived from this show ip cef command output?

A. This router will use a label of “21” to reach the destination network of 150.1.12.16.
B. This router will use a PHP label to reach the destination network of 150.1.12.16.
C. This router will advertise a label of “19” for the destination network of 150.1.12.16.
D. This router will advertise a label of “21” for the destination network of 150.1.12.16.

Correct Answer: D Section: Questions
Explanation QUESTION 82
Refer to the exhibit. Why does the third hop only have one label?

A. MPLS is not enabled on that link, so only the VPN label is needed.
B. MPLS is not enabled on that link, so only the LSP label is needed.
C. That link is directly connected to the customer, so only the VPN label is needed.
D. That link is directly connected to the customer, so only the LSP label is needed.
E. The PHP process on that link has removed the LSP label, leaving only the VPN label.
F. The PHP process on that link has removed the VPN label, leaving only the LSP label.

Correct Answer: E Section: Questions Explanation
QUESTION 83
If you disable Cisco Express Forwarding on a P router in an MPLS network, what will the router do?
A. stop forwarding all traffic
B. stop advertising MPLS labels
C. start forwarding MPLS packets using process switching
D. start advertising all destination networks with an implicit null label value
E. start stripping the MPLS labels off of packets and forwarding them using the destination IP addresses

Correct Answer: B Section: Questions Explanation
QUESTION 84
Refer to the exhibit. Host 1 cannot ping Server 1. In the course of troubleshooting, you have eliminated all network issues. Based upon the partial configuration shown, what is the issue?

A. No routing protocol is running on R 1 and R 2.
B. An encryption algorithm has been configured on R 1 and R 2.
C. The tunnel destinations on R 1 and R 2 are not on the same subnet.
D. R 1 has the wrong tunnel source configured under the tunnel interface.
E. R 2 has the wrong tunnel source configured under the tunnel interface.
F. The tunnel numbers (interface tunnel 0 and interface tunnel 1) on R 1 and R 2 do not match.

Correct Answer: E Section: Questions Explanation
Explanation/Reference: QUESTION 85
Refer to the exhibit. What type of high-availability option is being implemented?

A. IPsec stateful failover
B. IPSec dead peer detection
C. Hot Standby Router Protocol
D. GRE’s Keepalive Mechanism
E. backing up a WAN connection with an IPsec VPN

Correct Answer: C Section: Questions Explanation
QUESTION 86
Refer to the exhibit. What type of high-availability option is being implemented?

A. IPsec stateful failover
B. IPsec dead peer detection
C. Hot Standby Router Protocol
D. GRE’s Keepalive Mechanism
E. backing up a WAN connection with an IPsec VPN

Correct Answer: A Section: Questions Explanation

The Cisco 642-825 certification can make you a competent person.It may enable a technician to know about the Cisco 642-825 configurations,get information about the Cisco 642-825 data center products and hardware and knowledge about Cisco 642-825 united computing systems.

Jumpexam 070-462 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/070-462.html

Previous post Cisco 642-825 Cert Exam, 100% Real Cisco 642-825 Certification Online
Next post Cisco 642-825 Study Material, Download Cisco 642-825 Demo On Store