Welcome to download the newest Pass4itsure c2090-610 VCE dumps: http://www.pass4itsure.com/c2090-610.html
Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 642-825 exam. Successful candidates have provided their reviews about our guaranteed Cisco 642-825 preparation material,you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.
QUESTION 50
Which two statements about packet sniffers or packet sniffing are true? (Choose two.)
A. A packet sniffer requires the use of a network adapter card in nonpromiscuous mode to capture all network packets that are sent across a LAN.
B. Packet sniffers can only work in a switched Ethernet environment.
C. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
E. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be used.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which statement about an IPS is true?
A. The IPS is in the traffic path.
B. Only one active interface is required.
C. Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS.
D. When malicious traffic is detected, the IPS will only send an alert to a management station.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 53
When configuring the Cisco VPN Client, what action is required prior to installing Mutual Group Authentication?
A. Transparent tunneling must be enabled.
B. A valid root certificate must be installed.
C. A group pre-shared secret must be properly configured.
D. The option to “Allow Local LAN Access” must be selected.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
For what purpose does SDM use Security Device Event Exchange (SDEE)?
A. to extract relevant SNMP information
B. to pull event logs from the router
C. to perform application-level accounting
D. to provide a keepalive mechanism
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which three statements are true about Cisco Intrusion Detection System (IDS) and Cisco Intrusion Prevention System (IPS) functions? (Choose three.)
A. Only IDS systems provide real-time monitoring that includes packet capture and analysis of network packets.
B. Both IDS and IPS systems provide real-time monitoring that involves packet capture and analysis of network packets.
C. The signatures on the IDS devices are configured manually whereas the signature on the IPS devices are configured automatically.
D. IDS can detect misuse, abuse, and unauthorized access to networked resources but can only respond after an attack is detected.
E. IPS can detect misuse, abuse, and unauthorized access to networked resources and respond before network security can be compromised.
F. IDS can deny malicious traffic from the inside network whereas IPS can deny malicious traffic from outside the network.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 56
What phrase best describes a Handler in a distributed denial of service (DDoS) attack?
A. person who launches the attack
B. host that generates a stream of packets that is directed toward the intended victim
C. host running the attacker program
D. host being attacked
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which PPPoA configuration statement is true?
A. The dsl operating-mode auto command is required if the default mode has been changed.
B. The encapsulation ppp command is required.
C. The ip mtu 1492 command must be applied on the dialer interface.
D. The ip mtu 1496 command must be applied on the dialer interface.
E. The ip mtu 1492 command must be applied on the Ethernet interface.
F. The ip mtu 1496 command must be applied on the Ethernet interface.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
What is a recommended practice for secure configuration management?
A. Disable port scan.
B. Use SSH or SSL.
C. Deny echo replies on all edge routers.
D. Enable trust levels.
E. Use secure Telnet.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Refer to the exhibit.
The configuration has been applied to router RTA to mitigate the threat of certain types of ICMP-based
attacks. However, the configuration is incorrect.
On the basis of the information in the exhibit, which configuration option would correctly configure router
RTA?
A. ACL 112 should have been applied to interface Fa0/0 in an inbound direction.
B. ACL 112 should have been applied to interface Fa0/1 in an outbound direction.
C. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic.
D. The last statement of ACL 112 should have been access-list 112 deny icmp any 10.1.1.0 0.0.0.255.
E. The last statement of ACL 112 should have been access-list 112 deny icmp any 10.2.1.0 0.0.0.255.
F. The last statement of ACL 112 should have been access-list 112 permit icmp any 10.2.1.0 0.0.0.255.
Correct Answer: F Section: (none) Explanation Explanation/Reference:
QUESTION 60
Which three statements about hybrid fiber-coaxial (HFC) networks are true? (Choose three.)
A. A tap produces a significantly larger output signal.
B. An amplifier divides the input RF signal power to provide subscriber drop connections.
C. Baseband sends multiple pieces of data simultaneously to increase the effective rate of transmission.
D. Downstream is the direction of an RF signal transmission (TV channels and data) from the source (headend) to the destination (subscribers).
E. The term CATV refers to residential cable systems.
F. Upstream is the direction from subscribers to the headend.
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which two active response capabilities can be configured on an intrusion detection system (IDS) in response to malicious traffic detection? (Choose two.)
A. the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which IPsec VPN backup technology statement is true?
A. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC addresses and a virtual IP address.
B. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site networks.
C. The crypto isakmp keepalive command is used to configure the Stateful Switchover (SSO) protocol.
D. The crypto isakmp keepalive command is used to configure stateless failover.
E. The reverse-route command should be applied directly to the outside interface.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Refer to the exhibit.
Which statement describes the results of clicking the OK button in the Security Device Manager (SDM) Add a Signature Location window?
A. SDM will respond with a message asking for the URL that points to the 256MB.sdf file.
B. Cisco IOS IPS will choose to load the 256MB.sdf only if the Built-in Signatures (as backup) check box is unchecked.
C. If Cisco IOS IPS fails to load the the 256MB.sdf, it will load the built-in signatures provided the Built-in Signatures (as backup) check box is checked.
D. Cisco IOS IPS will choose to load the 256MB.sdf and then also add the Cisco IOS built-in signatures.
E. SDM will respond with an error that indicates that no such file exists.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which two statements describe the functions and operations of IDS and IPS systems? (Choose two.)
A. A network administrator entering a wrong password would generate a true-negative alarm.
B. A false positive alarm is generated when an IDS/IPS signature is correctly identified.
C. An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.
D. Cisco IDS works inline and stops attacks before they enter the network.
E. Cisco IPS taps the network traffic and responds after an attack.
F. Profile-based intrusion detection is also known as “anomaly detection”.
Correct Answer: BF Section: (none) Explanation Explanation/Reference:
QUESTION 65
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)
e
A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit.
Routers C1 and C2 are customer routers. Routers RTA, RTB, RTC, and RTD are provider routers. The
routers are operating with various IOS versions.
Which frame mode MPLS configuration statement is true?
A. After MPLS is enabled, the ip cef command is only required on routers RTA and RTD.
B. Before MPLS is enabled, the ip cef command is only required on routers RTA and RTD .
C. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers RTA and RTD.
D. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers RTA and RTD.
E. Before MPLS is enabled, the ip cef command must be applied to all provider routers.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which three DSL technologies support an analog POTS channel and utilize the entire bandwidth of the copper to carry data? (Choose three.)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
E. VDSL
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 68
What actions can be performed by the Cisco IOS IPS when suspicious activity is detected? (Choose four.)
A. send an alarm to a syslog server or a centralized management interface
B. initiate antivirus software to clean the packet
C. drop the packet
D. reset the connection
E. request packet to be resent
F. deny traffic from the source IP address associated with the connection
Correct Answer: ACDF Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Refer to the exhibit.
The SDM IPS Policies wizard is displaying the Select Interfaces window. Which procedure is best for applying IPS rules to interfaces?
A. Apply the IPS rules in the outbound direction on interfaces where outgoing malicious traffic is likely.
B. Apply the IPS rules in the outbound direction on interfaces where incoming malicious traffic is likely.
C. Apply the IPS rules in the inbound direction on interfaces where incoming malicious traffic is likely.
D. Apply the rules in the inbound direction on interfaces where outgoing malicious traffic is likely.
E. Apply the IPS rules both in the inbound and outbound direction on all interfaces.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit.
Which ACL configuration will prevent a DoS TCP SYN attack from a spoofed source into the internal network?
A. R1(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
B. R1(config)# access-list 120 deny ip any host 10.0.0.255 log R1(config)# access-list 120 permit ip any
10.0.0.0 0.0.0.255 log R1(config)# interface Serial0/0
R1(config-if)# ip access-group 120 in
C. R1(config)# access-list 120 deny icmp any any echo log R1(config)# access-list 120 deny icmp any any redirect log R1(config)# access-list 120 permit icmp any
10.0.0.0 0.0.0.255 R1(config)# interface Serial0/0
R1(config-if)# ip access-group 120 in
D. R1(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established R1(config)# access-list 120 deny ip any any log R1(config)# interface FastEthernet0/0 R1(config-if)# ip access-group 120 in
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What are the four steps that occur with an IPsec VPN setup?
A. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
B. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 72
Refer to the exhibit. On the basis of the information that is provided, which statement is true?
A. The IOS firewall has allowed an HTTP session between two devices.
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
C. A UDP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
D. Telnet is the only protocol allowed through this IOS firewall configuration.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
What is a recommended practice for secure configuration management?
A. Disable port scan.
B. Use SSH or SSL.
C. Deny echo replies on all edge routers.
D. Enable trust levels.
E. Use secure Telnet.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread.
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C. Extremely large volumes of requests are sent over a network or over the Internet.
D. Data or commands are injected into an existing stream of data. That stream is passed between a client and server application.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which two statements are true about the troubleshooting of VPN connectivity on a Cisco router? (Choose two.)
A. SDM can be used to provide statistical output that is related to IPsec SAs.
B. The debug crypto isakmp command output displays detailed IKE phase 1 and phase 2 negotiation processes.
C. SDM can be used to perform advance troubleshooting.
D. Knowledge of Cisco IOS CLI commands is required.
E. The Monitor Tunnel Operation page in SDM is the primary tool for troubleshooting VPN connectivity.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which action can be taken by Cisco IOS IPS when a packet matches a signature pattern?
A. drop the packet
B. reset the UDP connection
C. block all traffic from the destination address for a specified amount of time
D. perform a reverse path verification to determine if the source of the malicious packet was spoofed
E. forward the malicious packet to a centralized NMS where further analysis can be taken
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which statement about the aaa authentication enable default group radius enable command is true?
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AAA authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 78
Which three DSL technologies support an analog POTS channel and utilize the entire bandwidth of the copper to carry data? (Choose three.)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
E. VDSL
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit. What is the name given to the security zone occupied by the public web server?
A. extended proxy network
B. multiple DMZs
C. ALG
D. DMZ
E. proxy network
F. protected subnet
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Refer to the exhibit. ACL 150 was configured on Router RTA to mitigate against a range of common threats. On the basis of the information in the exhibit, which statement is true?
A. ACL 150 will mitigate common threats.
B. Interface Fa0/0 and interface Fa0/1 should have been configured with the IP addresses 10.1.1.1 and 10.2.1.1, respectively.
C. The ip access-group 150 command should have been applied to interface FastEthernet 0/0 in an inbound direction.
D. The ip access-group 150 command should have been applied to interface FastEthernet 0/0 in an outbound direction.
E. The ip access-group 150 command should have been applied to interface FastEthernet 0/1 in an outbound direction.
F. The last statement in ACL 150 should have been access-list 150 permit tcp 10.2.1.0 0.0.0.255 any established.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
Which two statements are correct about mitigating attacks by the use of access control lists (ACLs)? (Choose two.)
A. Extended ACLs on routers should always be placed as close to the destination as possible.
B. Each ACL that is created ends with an implicit permit all statement.
C. Ensure that earlier statements in the ACL do not negate any statements that are found later in the list.
D. Denied packets should be logged by an ACL that traps informational (level 6) messages.
E. IP packets that contain the source address of any internal hosts or networks inbound to a private network should be permitted.
F. More specific ACL statements should be placed earlier in the ACL.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 82
If an edge Label Switch Router (LSR) is properly configured, which three combinations are possible? (Choose three.)
A. A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B. An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C. There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D. A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E. A received labeled IP packet is forwarded based upon both the label and the IP address.
F. A received labeled packet is forwarded based on the label. After the label is swapped, the newly labeled packet is sent.
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What three features does Cisco Security Device Manager (SDM) offer? (Choose three.)
A. smart wizards and advanced configuration support for NAC policy features
B. single-step mitigation of Distributed Denial of Service (DDoS) attacks
C. one-step router lockdown
D. security auditing capability based upon CERT recommendations
E. multi-layered defense against social engineering
F. single-step deployment of basic and advanced policy settings
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Refer to the exhibit. What statement is true about the interface S1/0 on router R1?
A. Labeled packets can be sent over an interface.
B. MPLS Layer 2 negotiations have occurred.
C. IP label switching has been disabled on this interface.
D. None of the MPLS protocols have been configured on the interface.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Our Cisco 642-825 with Explanations presents to you the most tried and tested methods of preparation for the actual exam. The Q and A provides a very detailed preparation for your exam preparation, giving you answers to the entire exam question with the added explanation of which answer is right and why. These answers are prepared by professionals who have had years of experience and are fully competent to give you the best and the most excellent way to prepare for your actual exam.
Pass4itsure c2090-610 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/c2090-610.html