Cisco 642-825 Exam Guide, Provide Discount Cisco 642-825 Questions With Low Price

Welcome to download the newest Dumpsoon JN0-343  dumps: http://www.dumpsoon.com/JN0-343.html

Dumpsoon Cisco 642-825 exam sample questions are an objective type study material that provides you basic and essential knowledge for passing IT certifications without wasting your precious time as well as money. Dumpsoon experts have collected and certified 107 questions and answers of Adobe certification which are designed to cover the knowledge points of the Cisco 642-825 exam sample questions and enhance candidates’ abilities. Cisco 642-825 exam sample questions assesses you on information of Adobe certification. In the area of Cisco 642-825 Certified exam, it is very hard to succeed with only the primary Cisco 642-825 test certification.

QUESTION 131
When configuring backup IPsec VPNs with Cisco IOS Release 12.2(8)T or later, what are the default parameters?
A. Cisco IOS keepalives are sent every 10 seconds if there is no traffic to send.
B. Dead peer detection (DPD) hello messages are sent every 10 seconds if there is no traffic to send.
C. Cisco IOS keepalives are sent every 10 seconds if the router has traffic to send.
D. DPD hello messages are sent every 10 seconds if the router has traffic to send.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 132
Refer to the exhibit. All routers participate in the MPLS domain. An IGP propagates the routing information for network 10.10.10.0/24 from R5 to R1. However, router R3 summarizes the routing information to 10.10.0.0/16. How will the routes be propagated through the MPLS domain?
A. R3, using LDP, will advertise labels for both networks, and the information will be propagated throughout the MPLS domain.
B. R3 will label the summary route using a pop label. The route will then be propagated through the rest of the MPLS domain. R3 will label the 10.10.10.0/24 network and forward to R2 where the network will be dropped.
C. R3 will label the 10.10.10.0/24 network using a pop label which will be propagated through the rest of the MPLS domain. R3 will label the summary route and forward to R2 where the network will be dropped.
D. None of the networks will be labeled and propagated through the MPLS domain because aggregation breaks the MPLS domain.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which two mechanisms can be used to detect IPsec GRE tunnel failures? (Choose two).
A. Dead Peer Detection (DPD)
B. CDP
C. isakmp keepalives
D. GRE keepalive mechanism
E. The hello mechanism of the routing protocol across the IPsec tunnel

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 135
How can virus and Trojan horse attacks be mitigated?
A. Disable port scan.
B. Deny echo replies on all edge routes.
C. Implement RFC 2827 filtering.
D. Use antivirus software.
E. Enable trust levels.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Which three IPsec VPN statements are true? (Choose three.)
A. IKE keepalives are unidirectional and sent every ten seconds.
B. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.
D. Main mode is the method used for the IKE phase two security association negotiations.
E. Quick mode is the method used for the IKE phase one security association negotiations.
F. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Which two statements are true about the use of SDM to configure the Cisco Easy VPN feature on a router? (Choose two.)
A. An Easy VPN connection is a connection that is configured between two Easy VPN clients.
B. The Easy VPN server address must be configured when configuring the SDM Easy VPN Server wizard.
C. The SDM Easy VPN Server wizard displays a summary of the configuration before applying the VPN configuration.
D. The SDM Easy VPN Server wizard can be used to configure a GRE over IPSec site-to-site VPN or a dynamic multipoint VPN (DMVPN).
E. The SDM Easy VPN Server wizard can be used to configure user XAuth authentication locally on the router or externally with a RADIUS server.
F. The SDM Easy VPN Server wizard recommends using the Quick setup feature when configuring a dynamic multipoint VPN.
Correct Answer: CE Section: (none) Explanation

Explanation/Reference:
QUESTION 138
A site requires support for skinny and H.323 voice protocols. How is this configured on an IOS firewall using the SDM?
A. The Basic Firewall wizard is executed and the High Security Application policy is selected.
B. The Advanced Firewall wizard is executed and a custom Application Security policy is selected in place of the default Application Security policies.
C. The Application Security tab is used to create a policy with voice support before the Firewall wizard is run.
D. The Application Security tab is used to modify the SDM_High policy to add voice support prior to the Firewall wizard being run.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 139
What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches.
B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines.
E. Enable anti-spoof measures

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Refer to the exhibit. What is one of the objectives accomplished by the default startup configuration file created by the SDM?
A. blocks both Telnet and SSH
B. prevents the router from ever being used as an HTTP server
C. encrypts all HTTP traffic to prevent man-in-the-middle attacks
D. enables local logging to support the log monitoring function
E. requires access authentication by a TACACS+ server

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 141
Refer to the exhibit. Which two statements are true about the information that is shown from the Cisco VPN screens? (Choose two.)
A. The 10.10.32.32 network entry in the Route Details screen represents the IP address of the server end of the encrypted tunnel.
B. The 10.10.32.32 network entry in the Route Details screen represents an IP address that will be accessed without traversing the VPN.
C. Selecting Enable Transparent Tunneling on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.
D. Selecting IPSec over TCP on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.
E. Selecting Allow Local LAN Access on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 142
Which two statements about packet sniffers or packet sniffing are true? (Choose two.)
A. A packet sniffer requires the use of a network adapter card in nonpromiscuous mode to capture all network packets that are sent across a LAN.
B. Packet sniffers can only work in a switched Ethernet environment.
C. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
E. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be used.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 143
Which two statements about Cisco Easy VPN are true? (Choose two.)
A. An IOS router, a PIX firewall or a VPN client can operate as an Easy VPN terminal point.
B. A VPN client can also be configured to operate as an Easy VPN server.
C. Easy VPN does not support split tunnels.
D. Easy VPN tunnel endpoint addresses can be the virtual IP address of an HSRP configuration.
E. Easy VPN is only appropriate for smaller deployments.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 144
When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Choose two.)
A. MTU size of the GRE tunnel interface
B. GRE tunnel source interface or IP address, and tunnel destination IP address
C. IPSEC mode (tunnel or transport)
D. GRE tunnel interface IP address
E. crypto ACL number

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 145
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topolgy or the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which statement is true?
A. Both FastEthermet 0/0 and Serial 0/0/0 are trusted interface.
B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces.
C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface.
D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 146
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topolgy or the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would be true for a permissible incoming TCP packet on an untrusted Interface in the this configuration? (Choose two.)
A. The packedt has a source address of 10.79.233.186
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.135
D. The session originated from an untrusted interface
E. The session originated from a trusted Interface
F. The application is not specified within the inspection rule SDM_LOW.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 147
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topolgy or the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two.)
A. The packet has a source address of 10.79.233.107
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.40
D. The destination address is not specified within the inspection rule SDM_LOW.
E. The destination address is specified within the inspection rule SDM_LOW.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 148
Why is the ping between the HQ router and the 192.168.1.193 interface on the Branch2 router failing?
A. The default route is missing from the Branch2 router.
B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
C. The tunnel numbers for the tunnel between the HQ router and the Branch2 router do not match.
D. The tunnel source is incorrect on the Branch2 router. It should be serial 2/0.
E. The AS number for the EIGRP process on Branch2 should be 1 and not 11.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 149
What is preventing a successful ping between the HQ router and the 192.168.1.10 interface on the Branch3 router?
A. The default route is missing from the Branch3 router.
B. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do not match.
C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0.
D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be
255.255.255.252.
E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be network
192.168.2.0.0.0.0.255.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 150
What is preventing the HQ router and the Branch1 router from establishing an EIGRP neighbor relationship?
A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
B. The tunnel destination address is incorrect on the HQ router. It should be 10.2.1.1 to match the interface address of the Branch1 router.
C. The tunnel source is incorrect on the Branch1 router. It should be serial 2/0.
D. The default route is missing from the Branch1 router.
E. The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not match.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 151
Why is tunnel 5 on the HQ router down while its companion tunnel on the Branch5 router is up?
A. The IP address on the tunnel interface on Branch5 is incorrect. It shoud be 192.168.1.16
255.255.255.252.
B. The tunnel source for tunnel 5 is incorrect on the HQ router. It should be serial 2/0.
C. The tunnel numbers for tunnel between the HQ router and the Branch5 router do not match.
D. The tunnel destination address for tunnel 5 is incorrect on the HQ router. It should be 10.2.5.1 to match the interface address of the Branch5 router.
E. The tunnel interface for tunnel 5 on the HQ router is in the administrative down state.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 152
What is preventing the 192.168.1.150 network from showing up in the HQ router’s routing table?
A. The default route is missing from the Branch4 router.
B. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask. It should be
255.255.255.252
C. The network statement under router EIGRP on the Branch4 router is incorrect. It should be network
192.168.1.0.0.0.255.
D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
E. The IP address on the tunnel interface on Branch4 is incorrect. It should be 192.168.1.12
255.255.255.252.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 153
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Which defined peer IP address and local subnet belong to Crete? (Choose two.)
A. peer address 192.168.55.159
B. peer address 192.168.77.120
C. peer address 192.168.167.85
D. subnet 10.5.15.0/24
E. subnet 10.8.28.0/24
F. subnet 10.5.33.0/24

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 154
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Which IPSec rule is used for the Onlympia branch and what does it define? (Choose two.)
A. 102
B. 116
C. 127
D. IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.
E. IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F. IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 155
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?
A. ESP-3DES-SHA
B. ESP-3DES-SHA1
C. ESP-3DES-SHA2
D. ESP-3DES
E. ESP-SHA-HMAC

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 156
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two.)
A. Digital Certificate
B. Pre-Shared Key
C. Transport Mode
D. Tunnel Mode
E. GRE/IPSEC Transport Mode
F. GRE/IPSEC Tunnel Mode

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which two statements about the Security Device Manager (SDM) Intrusion Prevention System (IPS) Rule wizard are true? (Choose two.)
A. By default, the Use Built-In Signatures (as backup) checkbox is not selected.
B. Changes to the IPS rules can be made using the Configure IPS tab.
C. Changes to the IPS rules can be made using the Edit Firewall Policy/ACL tab.
D. Once all interfaces have rules applied to them, you can re-initiate the IPS Rule wizard to make changes.
E. Once all interfaces have rules applied to them, you cannot re-initiate the IPS Rule wizard to make changes.
F. When using the wizard for the first time, you will be prompted to enable the Security Device Event Exchange (SDEE).

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Refer to the exhibit. Which statement best describes Security Device Event Exchange (SDEE)?
A. It is an application level communications protocol that is used to exchange IPS messages between IPS clients and servers.
B. It is a process for ensuring IPS communication between the SDM-enabled devices.
C. It is a suite of protocols for ensuring IPS communication between the SDM-enabled devices.
D. It is an OSI level-7 protocol, and it is used to exchange IPS messages between IPS agents.
E. The primary purpose of SDEE is for SDM users to send messages to IPS agents.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
At what size should the MTU on LAN interfaces be set in the implementation of MPLS VPNs with traffic engineering?
A. 1512 bytes
B. 1516 bytes
C. 1520 bytes
D. 1524 bytes
E. 1528 bytes
F. 1532 bytes
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 160
Which two devices serve as the main endpoint components in a DSL data service network? (Choose two.)
A. SOHO workstation
B. ATU-R
C. ATU-C
D. POTS splitter
E. CO switch

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 161
Which three protocols are available for local redundancy in a backup VPN scenario? (Choose three.)
A. VRRP
B. a routing protocol
C. RSVP
D. HSRP
E. proxy ARP
F. GLBP

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Refer to the exhibit. In the SDM Site-to-Site VPN wizard, what are three requirements that are accessed by the Add button? (Choose three.)
A. keyed-hash message authentication code
B. IPsec authentication method
C. IKE lifetime
D. IPsec proposal priority
E. Diffie-Hellman group
F. bits that are used in AES encryption method

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which PPPoE configuration statement is true?
A. A PVC must be created before the pppoe enable command on the Ethernet interface is entered.
B. The dsl operating-mode auto command is required.
C. The encapsulation ppp command must be applied on the Ethernet interface.
D. The ip mtu 1492 command must be applied on the dialer interface.
E. The ip mtu 1496 command must be applied on the Ethernet interface.
F. When the pppoe enable command is applied on the Ethernet interface, a PVC will be created.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 164
Refer to the exhibit.
When editing the Invalid DHCP Packet signature using security device manager (SDM), which additional severity levels can be chosen? (Choose three.)
A. low
B. urgent
C. high
D. debug
E. informational
F. warning

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Refer to the exhibit. What conclusion can be made from the output of the debug ppp negotiation command?
A. There are IP Control Protocol (IPCP) failures.
B. Link Control Protocol (LCP) is not opened.
C. There is no PPP response from the remote router.
D. There is an authentication failure.
E. PPP has set up a functional connection.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 166
Which four outbound ICMP message types would normally be permitted? (Choose four.)
A. echo reply
B. time exceeded
C. echo
D. parameter problem
E. packet too big
F. source quench

Correct Answer: CDEF Section: (none) Explanation
Explanation/Reference:
QUESTION 167
Which two statements about the transmission of signals over a cable network are true? (Choose two.)
A. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 5 to 42 MHz.
B. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 50 to 860 MHz.
C. Downstream and upstream signals operate in the same frequency ranges.
D. Upstream signals travel from the subscriber to the cable operator and use frequencies in the range of 5 to 42 MHz.
E. Upstream signals travel from the subscriber to the cable operator and use frequencies in the range of 50 to 860 MHz.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Refer to the exhibit. On the basis of the information in the exhibit, which two statements are true? (Choose two.)
A. Any traffic matching signature 1107 will generate an alarm, reset the connection, and be dropped.
B. Signature 1102 has been modified, but the changes have not been applied to the router.
C. Signature 1102 has been triggered because of matching traffic.
D. The Edit IPS window is currently displaying the Global Settings information.
E. The Edit IPS window is currently displaying the signatures in Details view.
F. The Edit IPS window is currently displaying the signatures in Summary view.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 169
Refer to the exhibit. On the basis of the partial output that is displayed in the exhibit, which two statements are true? (Choose two.)
A. The ISP router initiated the connection to the CPE router.
B. The output is the result of the debug pppoe events command.
C. The output is the result of the debug ppp authentication command.
D. The output is the result of the debug ppp negotiation command.
E. This is the CPE router.
F. This is the ISP router.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 170
What are three methods of network reconnaissance? (Choose three.)
A. IP spoofing
B. one-time password
C. dictionary attack
D. packet sniffer
E. ping sweep
F. port scan

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 171
Refer to the exhibit. Which configuration option would correctly configure router RTA to mitigate a range of threats?
A. RTA(config)# interface Fa0/0 RTA(config-if)# ip access-group 150 in
B. RTA(config)# interface Fa0/0 RTA(config-if)# ip access-group 150 out
C. RTA(config)# interface Fa0/1 RTA(config-if)# ip access-group 150 in
D. RTA(config)# interface Fa0/1 RTA(config-if)# ip access-group 150 out
E. RTA(config)# line vty 0 4 RTA(config-line)# access-class 150 in
F. RTA(config)# line vty 0 4 RTA(config-line)# access-class 150 out

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Refer to exhibit. On the basis of the information that is presented, which statement is true?
A. ACL 109 is designed to prevent any inbound packets with the ACK flag set from entering the router.
B. ACL 109 is designed to prevent any inbound packets with the SYN flag set from entering the router.
C. ACL 109 is designed to prevent outbound IP address spoofing attacks.
D. ACL 109 is designed to allow packets with the ACK flag set to enter the router.
E. ACL 109 is designed to allow packets with the SYN flag set to enter the router.
F. ACL 109 should have been applied to interface Fa0/0.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

All our Cisco products are up to date! When you buy any Cisco 642-825 product from Certpaper, as “Cisco 642-825 Questions & Answers with explanations”,you are automatically offered the Cisco 642-825 updates for a total of 90 days from the day you bought it.If you want to renew your Cisco 642-825 Certification purchase during the period of these 90 days,your Cisco 642-825  Certification product is renewed and you are further enabled to enjoy the free Cisco updates.

Welcome to download the newest Dumpsoon JN0-343 VCE dumps: http://www.dumpsoon.com/JN0-343.html

Cisco 642-825 Exam Guide, Provide Discount Cisco 642-825 Questions With Low Price