Cisco 642-825 Actual Test, The Most Recommended Cisco 642-825 Questions Online Shop

Welcome to download the newest Examwind 350-029 VCE dumps: http://www.examwind.com/350-029.html

We are committed on providing you with the latest and most accurate Cisco 642-825 exam preparation products.If you want to pass Cisco 642-825 exam successfully, do not miss to read latest Flydumps Cisco 642-825 on Flydumps.

QUESTION 50
Which IOS firewall feature allows per-user policy to be downloaded dynamically to the router from a TACACS+ or RADIUS server using AAA services?
A. Intrusion Prevention System
B. Reflexive ACLs
C. Authentication Proxy
D. Lock-and-Key (dynamic ACLs)
E. Port-to-Application Mapping (PAM)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which two statements about management protocols are true? (Choose two.)
A. Syslog version 2 or above should be used because it provides encryption of the syslog messages.
B. NTP version 3 or above should be used because these versions support a cryptographic authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for management packets.
D. SSH, SSL and Telnet are recommended protocols to remotely manage infrastructure devices.
E. TFTP authentication (username and password) is sent in an encrypted format, and no additional encryption is required.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which two statements about packet sniffers or packet sniffing are true? (Choose two.)
A. A packet sniffer requires the use of a network adapter card in nonpromiscuous mode to capture all network packets that are sent across a LAN.
B. Packet sniffers can only work in a switched Ethernet environment.
C. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
E. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be used.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 53
What are the four steps, in their correct order, to mitigate a worm attack?
A. contain, inoculate, quarantine, and treat
B. inoculate, contain, quarantine, and treat
C. quarantine, contain, inoculate, and treat
D. preparation, identification, traceback, and postmortem
E. preparation, classification, reaction, and treat
F. identification, inoculation, postmortem, and reaction

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit. The Basic Firewall wizard has been used to configure a router. What is the purpose of the highlighted access list statement?

A. to prevent spoofing by blocking traffic entering interface Fa0/0 with a source address in the same subnet as interface VLAN10
B. to prevent spoofing by blocking traffic entering Fa0/0 with a source address in the RFC 1918 private address space
C. to establish a DMZ by preventing traffic from interface VLAN10 being sent out interface Fa0/0
D. to establish a DMZ by preventing traffic from interface Fa0/0 being sent out interface VLAN10

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which two network attack statements are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of UDP and TCP SYN flooding, ICMP echo-request floods, and ICMP directed broadcasts.
C. DoS attacks can be reduced through the use of access control configuration, encryption, and RFC 2827 filtering.
D. DoS attacks can consist of IP spoofing and DDoS attacks.
E. IP spoofing can be reduced through the use of policy-based routing.
F. IP spoofing exploits known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 56
Refer to the exhibit. What type of security configuration is being verified?

A. Turbo ACLs
B. Reflexive ACLs
C. Authentication Proxy
D. IOS Firewall
E. Distributed Time-Based ACLs
F. Infrastructure Protection ACLs

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
What are three objectives that the no ip inspect command achieves? (Choose three.)
A. removes the entire CBAC configuration
B. removes all associated static ACLs
C. turns off the automatic audit feature in SDM
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E. resets all global timeouts and thresholds to the defaults
F. deletes all existing sessions

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)

A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. Which action would correct this problem?

A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, add the ip mtu 1496 command.
C. On the ATM0/0 interface, add the dialer pool-member 0 command.
D. On the ATM0/0 interface, add the dialer pool-member 1 command.
E. On the ATM0/0 interface, add the pppoe-client dial-pool-number 0 command.
F. On the ATM0/0 interface, add the pppoe-client dial-pool-number 1 command.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Refer to the exhibit. Based on the partial configuration, which two statements are true? (Choose two.)

A. If configured, the enable password could also be used to log into the console port.
B. The local parameter is missing at the end of each aaa authentication LOCAL-AUTH command.
C. The command aaa authentication default should be issued for each line instead of the login authentication LOCAL_AUTH command.
D. This is an example of a self-contained AAA configuration using the local database.
E. To make the configuration more secure, the none parameter should be added to the end of the aaa authentication login LOCAL_AUTH local command.
F. To successfully establish a Telnet session with RTA, a user can enter the username Bob and password cisco.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Refer to the exhibit. Which statement is correct about the MPLS configuration?

A. LDP is enabled on serial 0/1/0.
B. TDP is enabled on both interfaces.
C. MPLS traffic will be permitted on both interfaces.
D. MPLS keepalives will be sent out both interfaces.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Refer to the exhibit. The show mpls interfaces detail command has been used to display information about the interfaces on router R1 that have been configured for label switching.
Which statement is true about the MPLS edge router R1?

A. Packets can be labeled and forwarded out interface Fa0/1 because of the MPLS operational status of the interface.
B. Because LSP tunnel labeling has not been enabled on interface Fa0/1, packets cannot be labeled and forwarded out interface Fa0/1.
C. Packets can be labeled and forwarded out interface Fa1/1 because MPLS has been enabled on this interface.
D. Because the MTU size is increased above the size limit, packets cannot be labeled and forwarded out interface Fa1/1.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which two active response capabilities can be configured on an intrusion detection system (IDS) in response to malicious traffic detection? (Choose two.)
A. the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit. What information can be derived from the output of the show ip cef command?

A. IP CEF has not been configured properly to enable MPLS forwarding.
B. The 10.11.11.11 next-hop address is not reachable and will be tagged with an outer label of 17.
C. The 10.11.11.11 destination network is reachable and will be tagged with a IPv4 label of 17.
D. The 10.11.11.11 next-hop address is reachable and will be tagged with an outer label of 17.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two.)

A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A. DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 69
What are two principles to follow when configuring ACLs with IOS Firewall? (Choose two.)
A. Prevent traffic that will be inspected by IOS Firewall from leaving the network through the firewall.
B. Configure extended ACLs to prevent IOS Firewall return traffic from entering the network through the firewall.
C. Configure an ACL to deny traffic from the protected networks to the unprotected networks.
D. Permit broadcast messages with a source address of 255.255.255.255.
E. Allow traffic that will be inspected by IOS Firewall to leave the network through the firewall.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which two actions will take place when One-Step Lockdown is implemented? (Choose two.)
A. CDP will be enabled.
B. A banner will be set.
C. Logging will be enabled.
D. Security passwords will be required to be a minimum of 8 characters.
E. Telnet settings will be disabled.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Refer to the exhibit. What is needed to complete the PPPoA configuration?

A. A static route to the ISP needs to be configured.
B. The VPDN group needs to be created.
C. The ATM PVC needs to be configured.
D. PPPoE encapsulation needs to be configured on the ATM interface.
E. PAP authentication needs to be configured.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which two statements about Cisco Easy VPN are true? (Choose two.)
A. An IOS router, a PIX firewall or a VPN client can operate as an Easy VPN terminal point.
B. A VPN client can also be configured to operate as an Easy VPN server.
C. Easy VPN does not support split tunnels.
D. Easy VPN tunnel endpoint addresses can be the virtual IP address of an HSRP configuration.
E. Easy VPN is only appropriate for smaller deployments.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Refer to the exhibit. MPLS and LDP are enabled on routers RTB and RTC and all interfaces are enabled. However, the routers will not establish an LDP neighbor session.
Troubleshooting has revealed that there is forwarding information in the FIB table, but there is no forwarding information in the LFIB table. Which issue would cause this problem?

A. IP CEF is not enabled on one or both of the routers.
B. MPLS has been enabled on the interface but has not been enabled globally on one or both of the routers.
C. BGP neighbor sessions have not been configured on one or both of the routers.
D. One or both of the routers are using the loopback address as the LDP ID and the loopback is not being advertised by the IGP.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 75
What is required when configuring IOS Firewall using the CLI?
A. IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. route-map to define the trusted outgoing traffic
D. route-map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which statement about xDSL implementations is true?
A. All xDSL standards operate in higher frequencies than the POTS system and therefore can coexist on the same media.
B. All xDSL standards operate in lower frequencies than the POTS system and can therefore coexist on the same media.
C. The ADSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
D. The HDSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
E. Other than providing higher data rates, HDSL is identical to ADSL.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
When configuring the Cisco VPN Client, what action is required prior to installing Mutual Group Authentication?
A. Transparent tunneling must be enabled.
B. A valid root certificate must be installed.
C. A group pre-shared secret must be properly configured.
D. The option to “Allow Local LAN Access” must be selected.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which HFC cable network statement is true about the downstream data channel to the customer and the upstream data channel to the service provider?
A. The downstream data path is assigned a 30 MHz channel and the upstream data path is assigned a 1 MHz channel.
B. The downstream data path is assigned a fixed bandwidth channel and the upstream data path uses a variable bandwidth channel.
C. Both upstream and downstream data paths are assigned in 6 MHz channels.
D. The upstream data path is assigned a channel in a higher frequency range than the downstream path has.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which two management protocols provide security enhancements such as cryptographic authentication and packet encryption of management traffic? (Choose two.)
A. NTP version 3
B. SNMP version 3
C. Syslog version 3
D. Telnet version 3
E. TFTP version 3

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which two steps must be taken for SSH to be implemented on a router? (Choose two.)
A. Ensure that the Cisco IOS Firewall feature set is installed on the devices.
B. Ensure that the target routers are configured for AAA either locally or through a database
C. Ensure that each router is using the correct domain name for the network
D. Ensure that an ACL is configured on the VTY lines to block Telnet access

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 81
What does the dsl operating-mode auto command configure on a Cisco router?
A. It configures a Cisco router to automatically detect the proper modulation method to use when connecting an ATM interface.
B. It configures a Cisco router to automatically detect the proper encapsulation method to use when connecting an ATM interface.
C. It configures a Cisco router to automatically detect the proper DSL type (ADSL, IDSL, HDSL, VDSL) to use when connecting an ATM interface.
D. It configures a Cisco router to automatically detect the proper authentication method to use when connecting an ATM interface.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which statement identifies a limitation in the way Cisco IOS Firewall tracks UDP connections versus TCP connections?
A. It cannot track the source IP.
B. It cannot track the source port.
C. It cannot track the destination IP.
D. It cannot track the destination port.
E. It cannot track sequence numbers and flags.
F. It cannot track multicast or broadcast packets.

Correct Answer: E Section: (none) Explanation Explanation/Reference:
QUESTION 83
A site requires support for skinny and H.323 voice protocols. How is this configured on an IOS firewall using the SDM?
A. The Basic Firewall wizard is executed and the High Security Application policy is selected.
B. The Advanced Firewall wizard is executed and a custom Application Security policy is selected in place of the default Application Security policies.
C. The Application Security tab is used to create a policy with voice support before the Firewall wizard is run.
D. The Application Security tab is used to modify the SDM_High policy to add voice support prior to the Firewall wizard being run.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 84
What are the four fields in an MPLS label? (Choose four.)
A. version
B. experimental
C. label
D. protocol
E. TTL
F. bottom-of-stack indicator

Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which two statements about an IDS are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS can send TCP resets to the source device.
C. The IDS can send TCP resets to the destination device.
D. The IDS listens promiscuously to all traffic on the network.
E. Default operation is for the IDS to discard malicious traffic.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Refer to the exhibit. On the basis of the command output, which statement is true?

A. The value 32 is a local label ID.
B. Traffic associated with local label 26 will be forwarded to an interface that is not associated with label switching.
C. Traffic associated with local label 30 will have a next hop of 10.250.0.97/32.
D. Traffic associated with local label 29 will be forwarded to an interface that is not associated with label switching.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 88
Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a pre-shared key is used for authentication during the IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F. When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5.

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What is meant by the attack classification of “false positive” on a Cisco IPS device?
A. A signature is fired for nonmalicious traffic, benign activity.
B. A signature is not fired when offending traffic is detected.
C. A signature is correctly fired when offending traffic is detected and an alarm is generated.
D. A signature is not fired when non-offending traffic is captured and analyzed.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Refer to the exhibit. Which statement is true about the configuration of split tunnels using SDM?

A. Any protected subnets that are entered represent subnets at the end user’s site that will be accessed without going through the encrypted tunnel.
B. Any protected subnets that are entered represent subnets at the end user’s site that will be accessed through the encrypted tunnel.
C. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed without going through the encrypted tunnel.
D. Any protected subnets that are entered represent subnets at the VPN server site that will be accessed through the encrypted tunnel.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 91
What is the function of the MPLS data plane?
A. The data plane exchanges Layer 3 routing information using OSPF, EIGRP, IS-IS, and BGP protocols.
B. The data plane exchanges labels using the label exchange protocols TDP, LDP, BGP, and RSVP.
C. The data plane uses the Forwarding Information Base (FIB) to forward packets based on the routing information.
D. The data plane uses Label Forwarding Information Base (LFIB) to forwards packets based on the labels.

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 92
Which three statements are true about Cisco IOS Firewall? (Choose three.)
A. It can be configured to block Java traffic.
B. It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.
C. It can only examine network layer and transport layer information.
D. It can only examine transport layer and application layer information.
E. The inspection rules can be used to set timeout values for specified protocols.
F. The ip inspect cbac-name command must be configured in global configuration mode.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Which statement is true about a router configured with the ntp trusted-key 10 command?
A. This router only synchronizes to a system that uses this key in its NTP packets.
B. The IOS will not permit ’10’ as an argument to the ntp trusted-key command.
C. This command enables DES encryption of NTP packets.
D. This router will join an NTP multicast group where all routers share the same trusted key.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Refer to the exhibit. SDM has been used to configure the locations from which the signature definition file (SDF) will be loaded. What will happen if the SDF files in flash are not available at startup?

A. All traffic will flow uninspected or will be dropped.
B. All traffic will be marked as uninspected and will be checked after the signature file is loaded.
C. All traffic will be inspected by the built-in signatures bundled with Cisco IOS Software.
D. All traffic will be inspected by the pre-built signatures bundled in the attack-drop.sdf file.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Refer to the exhibit. A user is unable to initiate an SSH session with RTA. To help troubleshoot the problem, RTA has been configured as indicated in the exhibit. However, a second attempt to initiate an SSH connection to RTA fails to generate debug information on the Syslog server.
What configuration change would display the debug information on the Syslog server?

A. Router RTA should be configured with the debug ip packet EXEC command.
B. Router RTA must be configured with the correct Syslog IP address.
C. Router RTA must be configured with the logging buffered informational global configuration command.
D. Router RTA must be configured with the logging monitor debugging global configuration command.
E. Router RTA must be configured with the logging trap debugging global configuration command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which global configuration mode command will configure a Cisco router as an authoritative NTP server?
A. ntp broadcast
B. ntp peer
C. ntp server
D. ntp master

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which three IPsec VPN statements are true? (Choose three.)
A. IKE keepalives are unidirectional and sent every ten seconds.
B. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.
D. Main mode is the method used for the IKE phase two security association negotiations.
E. Quick mode is the method used for the IKE phase one security association negotiations.
F. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?

A. alarm
B. drop
C. reset
D. denyFlowInline
E. denyAttackerInline
F. deny-connection-inline

Correct Answer: E Section: (none) Explanation
Explanation/Reference:

All most all IT professionals are familiar with the Cisco 642-825 exam and dream to have that top most demanding certification. This is the top level certification from CISCO that is accepted universally. You can get your desired career which you dreamed with passing Cisco 642-825 test and getting the certificate.

Examwind 350-029 dumps with PDF + Premium VCE + VCE Simulator: http://www.examwind.com/350-029.html