Both PDF and software format demos for Cisco 642-825 exam dumps are offered by Flydumps for free.You can try Cisco 642-825 free demo before you decide to buy the full version practice test.Cisco 642-825 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-825 exam dumps will not only help you pass in one attempt,but also save your valuable time.

Exam A
QUESTION 1
What is the maximum number of simultaneous sessions that can be supported when doing encryption in hardware within the Cisco VPN Concentrator series of products?
A. 100
B. 1500
C. 5000
D. 10000
E. infinite
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco VPN 3000 Series Concentrator comes in a variety of models that can support small offices of
100 of fewer VPN connections to large enterprises of 10,000 or more simultaneous VPN connections.
Redundant and nonredundant configuration are available to help ensure the high reliability of these
devices.
Reference: Cisco Press CCSP Cisco Secure VPN (Roland, Newcomb) p.30

QUESTION 2
Which of the following operating systems can run the software VPN client? Choose all that apply.
A. linux
B. mac
C. windows
D. solaris
Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
Explanation:
There are VPN software clients available for Windows, Solaris, Linux, and Macintosh.

QUESTION 3
Jason from the security department was given the assignment to match the Cisco VPN key with its description.
Explanation: The Diffie-Hellman (D-H) key agreement is a public key encryption method that provides a way for two IPSec peers to establish a shared secret key that only they know, although they communicating over an insecure channel. With D-H, each peer generates a public and private key pair. The private key generated by each peer is kept secret and never shared. The public key is calculated from the private key by each peer and is exchanged over the insecure channel. Each peer combines the other’s public key with its own private and computes the shared secret key number exchanged over the insecure channel. Reference: Cisco Secure Virtual Private Network (Ciscopress) page 18-20
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Johnasked Kathy from the security department about authentication and encryption. John wants to know when both authentication and encryption are selected in the virtual IP address, which is performed first at the
originating end. What was Kathy’s answer?
A. Encryption was Kathy’s answer
B. Tunnel was Kathy’s answer.
C. Transport was Kathy’s answer
D. Authentication was Kathy’s answer
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
When both encryption and authentication are selected, encryption is performed frist, before authentication.
One reason for this order of processing is that it facilitates rapid detection and rejection of replayed or
bogus packets by the receiving node.
Reference: Cisco Secure Virtual Private Networks (Ciscopress) page 15

QUESTION 5
James the security administrator at Certkiller Inc. is working on encryption. He needs to know what type of keys does DES and 3DES require for encryption and decryption.
A. DES and 3DES require Elliptical curve keys for encryption and decryption
B. DES and 3DES require Exponentiation keys for encryption and decryption
C. DES and 3DES require Symmetrical keys for encryption and decryption
D. DES and 3DES require Asymmetrical keys for encryption and decryption
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
des
3des
Specifies the symmetric encryption algorithm used to protect user data transmitted between two IPSec
peers.
The default is 56-bit DES-CBC, which is less secure and faster than the alternative.

QUESTION 6
Which of the following are the types of keys RSA use for encryption and decryption?
A. exponentiation keys
B. symmetrical keys
C. asymmetrical keys
D. elliptical curve keys
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
There are two types of cryptographic keys; public keys — sometime called asymmetric key

— and symmetric keys. RSA and Diffie-Hellman are common public key algorithms and RC4, DES and
IDEA common symmetric key algorithms. You cannot directly compare public key lengths (for example
RSA keys) with symmetric key lengths (DES,RC4); this is an important point which confuses many people

QUESTION 7
Which Cisco VPN feature will permit the sender to encrypt packets before transmitting them across a network?
A. The anti-replay feature
B. The data confidentially feature
C. The data integrity feature
D. The data original authentication feature
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Data Confidentiality.The IPSec sender can encrypt packets before transmitting them across a network.

*
Data Integrity-The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the
data has
not been altered during transmission.
*
Data Origin Authentication-The IPSec receiver can authenticate the source of the IPSec packets sent.
This
service is dependent upon the data integrity service.
*
Anti-Replay-The IPSec receiver can detect and reject replayed packets.
With IPSec, data

QUESTION 8
What AES encryption bits lengths can you use on your Concentrator ESP IPSEC VPN? Choose all that apply.
A. 56
B. 128
C. 192
D. 256
E. 1024
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
Advanced Encryption Standard (AES) can be used in 128, 192, and 256 bit encryption lengths in ESP
when using IPSEC on your Concentrator.

QUESTION 9
Which of the following are ISAKMP hash protocols? Choose all that
apply.
A. NAT
B. IKE
C. DES
D. SHA
E. MD5

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
You can use SHA and MD5 for HMAC authentication.

QUESTION 10
Which of the following can be IPSEC termination endpoints? Choose all that apply.
A. IOS Router
B. PIX Firewall
C. Concentrator
D. IDS Sensor
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Explanation:
These Cisco products can all terminate IPSEC, meaning they are actually involved in the IPSEC
encryption/decryption process, not just passing VPN encrypted traffic.

QUESTION 11
What size is the encryption key used in 3DES?
A. 128 bits
B. 168 bits
C. 128 bytes
D. 168 bytes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
3DES uses a 56 bit key, 3 times, for an effective throughput of 168 bits encryption.

QUESTION 12
Which of the following has the lowest encryption bit length?
A. SHA
B. MD5
C. DES
D. AES
E. ESP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Data Encryption Standard (DES) uses only a 56 bit key to encrypt data, and is easily broken.

QUESTION 13
What is the key size of Diffie-Hellman group 2?
A. 128 bits
B. 256 bits
C. 512 bits
D. 1024 bits
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Diffie-Hellman is used to create a completely secure secret key, over a completely insecure link, using highly complex mathematical algorithms safe from brute force even if sniffers are on the line
QUESTION 14
What benefit does ESP have, that AH does not?
A. authentication
B. encryption
C. tunnel mode
D. md5 hash
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Authentication Header does not have any way of encrypting data, ESP does.

QUESTION 15
Using which of the following protocols with AH will cause packet failure?
A. AYT
B. VRRP
C. NAT
D. CDP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
You cannot translate an IP address in AH authenticated packet because AH uses that field when
calculating authentication. This will cause then other end of the VPN tunnel to drop all packets because
they will not authenticate properly.

QUESTION 16
How big is the SPI field in an IPSEC header?
A. 2 bytes
B. 4 bytes
C. 8 bytes
D. 24 bytes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Security Parameter Index (SPI) field identifies a Security Association between two IPSEC endpoints.
The field is 32 bits long (4 bytes).

QUESTION 17
Which of the following peer authentication methods scales the worst?
A. digital certificates
B. SCEP
C. preshared keys
D. encrypted nonces

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A preshared key peer authentication method does not scale well because each key needs to be entered manually at each peer participating in the VPN.
QUESTION 18
What is the protocol number that denotes AH is in use?
A. 17
B. 51
C. 89
D. 123
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Authentication Header protocol is protocol number 51.

QUESTION 19
Jason the security administrator at Certkiller Inc. was given the assignment to match the following order.
In IPSec main mode, match the two-way exchange between the initiator and receiver with their descriptions.
Explanation: Main ModeMain mode provides a way to establish the first phase of an IKE SA, which is then used to negotiate future communications. The first step, securing an IKE SA, occurs in three two-way exchanges between the sender and the receiver. In the first exchange, the sender and receiver agree on basic algorithms and hashes. In the second exchange, public keys are sent for a Diffie-Hellman exchange. Nonces (random numbers each party must sign and return to prove their identities) are then exchanged. In the third exchange, identities
are verified, and each party is assured that the exchange has been completed. Reference: Reference: Cisco Secure Virtual Private Network (Ciscopress) page 27
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 20
James the security administrator for Certkiller Inc. is working with IKE. His job is to know what the three functions of IKE Phase 2 are. (Choose three)
A. IKE uses aggressive mode.
B. IKE can optionally performs an additional DH exchange.
C. IKE periodically renegotiates IPSec SAs to ensure security.
D. IKE Negotiates IPSec SA parameter protected by an existing IKE SA.
E. IKE verifies the other side’s identity.
F. IKE uses main mode.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
Step 2 Determine IPSec (IKE Phase Two) Policy

*
Negotiates IPSec SA parameters protected by an existing IKE SA

*
Establishes IPSec security associations

*
Periodically renegotiates IPSec SAa to ensure security

*
Optionally performs an additional Diffie-Hellman Reference: Cisco Secure Virtual Private Networks (Ciscopress) page 28

PDF format– Printable version, print Cisco 642-825 exam dumps out and study anywhere. Software format– Simulation version, test yourself like Cisco 642-825 exam real test.Credit Guarantee– Passtcert never sell the useless Cisco 642-825 exam dumps out. You will receive our Cisco 642-825 exam dumps in time and get CCIE Certified easily.

Previous post PDF And VCE Format Cisco 642-742 Exam Dumps With New Updated Questions And Answers For Free Download
Next post Cisco 642-825 Certification, New Release Cisco 642-825 Self Study With Low Price