Cisco 642-825 Vce & PDF, Easily To Pass Cisco 642-825 PDF Are Based On The Real Exam

Free sharing of new updated Cisco 642-825 exam practice test. If you are looking to get certified in short possible time, better try Flydumps latest new version Cisco 642-825 with all new questions and answers added, visit Flydumps.com to free Cisco 642-825 download vce and pdf files.Exam A

QUESTION 1
What technology must be enabled as a prerequisite to running MPLS on a Cisco router?
A. process switching
B. CEF switching
C. fast switching
D. cache driven switching
E. routing-table driven switching
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Configuring Cisco Express Forwarding
To enable MPLS, you must first enable Cisco Express Forwarding (CEF) switching.

Reference: “CCNP ISCW Portable Command Guide” By Scott Empson, Hans Roth. http://
www.ciscopress.com/articles/article.asp?p=1180984

QUESTION 2
Refer to the exhibit.
Which ACL configuration will prevent a DoS TCP SYN attack from a spoofed source into the internal network?

ActualTests.com
A. R1(config)# access-list 120 deny icmp any any echo log R1(config)# access-list 120 deny icmp any any redirect log R1(config)# access-list 120 permit icmp any 10.0.0.0 0.0.0.255 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
B. R1(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established R1(config)# access-list 120 deny ip any any log “Pass Any Exam. Any Time.” – www.actualtests.com 2 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam R1(config)# interface FastEthernet0/0 R1(config-if)# ip access-group 120 in
C. R1(config)# access-list 120 deny ip any host 10.0.0.255 log R1(config)# access-list 120 permit ip any
10.0.0.0 0.0.0.255 log R1(config)# interface Serial0/0
R1(config-if)# ip access-group 120 in

D. R1(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The TCP SYN Attack When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the “TCP three-way handshake.” While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. The TCP SYN attack exploits this design by having an attacking source host generate TCP SYN packets with random source addresses toward a victim host. The victim destination host sends a SYN ACK back to the random source address and adds an entry to the connection queue. Since the SYN ACK is destined for an incorrect or non-existent host, the last part of the “three-way handshake” is never completed and the entry remains in the connection queue until a timer expires, typically for about one minute. By generating phony TCP SYN packets from random IP addresses at a rapid rate, it is possible to fill up the connection queue and deny TCP services (such as e-mail, file transfer, or WWW) to legitimate users. There is no easy way to trace the originator of the attack because the IP address of the source is ActualTests.com forged. In this example, this type of attack could be stopped since we are allowing only traffic that was originated by the internal (fa0/0) network destined to the R1 branch network with the use of the “established” keyword.
QUESTION 3
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topolgy, neither of which is currently visible.
“Pass Any Exam. Any Time.” – www.actualtests.com 3 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topolgy or the SDM, you can return to your questions by clicking on the Questions button to the left.

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 4 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam ActualTests.com

“Pass Any Exam. Any Time.” – www.actualtests.com 5 CertUniverse.Blogspot.Com

Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked ActualTests.com with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would be true for a permissible incoming TCP packet on an untrusted Interface in this configuration? (Choose two.)
A. The session originated from a trusted Interface
B. The application is not specified within the inspection rule SDM_LOW.
C. The session originated from an untrusted interface
D. The packet has a source address of 10.79.233.186
E. The packet has a source address of 172.16.81.108
F. The packet has a source address of 198.133.219.135 “Pass Any Exam. Any Time.” – www.actualtests.com 6 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
Explanation:
According to the question, after configuring CBAC, the TCP traffic on the untrusted interface can be
divided into two types : 1. The inspected return traffic from the intranet is permitted by the state table, so C
is right. 2. The TCP traffic permitted by the ACL comes from external network, so E is right.
The direction of ACL101 is from S0/0/0 to f0/0, which only allows the echo- reply/ icmp, time- exceede, unreachable services of the destination address of 172.16.81.108, denies any IP data packets from 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, 240.0.0.0/4 and 10.79.223/24, as well as adds log to any access. As to the address 172.16.81.108, only part of the ICMP packets are allowed. The address 198.133.219.135 is first initiated from the inside network. If an address of 198.133.219.135 is received from the outside network it should be directely dropped.

ActualTests.com
QUESTION 4
Refer to the exhibit. What is the name given to the security zone occupied by the public web server?
“Pass Any Exam. Any Time.” – www.actualtests.com 7 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam

A. proxy network
B. ALG
C. DMZ
D. multiple DMZs
E. extended proxy network
F. protected subnet
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A DMZ, short for demilitarized zone, is a computer or small subnetwork that sits between a trusted internal
network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.
Typically, the DMZ contains devices accessible to Internet traffic, such as Web ( HTTP ) servers, FTP
servers, SMTP (e-mail) servers and DNS servers. The term comes from military use, meaning a buffer
area between two enemies.

A DMZ is the most common and secure firewall topology. It is often referred to as a screened subnet. A
DMZ creates a secure space between your Internet and your network, as shown in the ActualTests.com
figure below:
QUESTION 5
“Pass Any Exam. Any Time.” – www.actualtests.com 8 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
Refer to the exhibit. What are the two options that are used to provide High Availability IPsec? (Choose two.)

A. IPsec Stateful Switchover (SSO)
B. Dynamic Crypto Map
C. IPsec Backup Peerings
D. Dual Router Mode (DRM) IPsec
E. RRI
F. HSRP
Correct Answer: EF Section: (none) Explanation
Explanation/Reference:
Explanation: Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These ActualTests.com
protected hosts and networks are known as remote proxy identities. This is configured using the “reverse-route” command. The Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits. This is done by logically grouping one or more routers into a single virtual gateway, and HSRP is configured using the “standby” configuration commands.
QUESTION 6
What are three options for viewing Security Device Event Exchange (SDEE) messages in Security Device Manager (SDM)? (Choose three.)
“Pass Any Exam. Any Time.” – www.actualtests.com 9 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
A. to view SDEE status messages
B. to view SDEE actions
C. to view SDEE statistics
D. to view SDEE alerts
E. to view SDEE keepalive messages
F. to view all SDEE messages
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
Explanation:
SDEE Messages
This window lists the SDEE messages received by the router. SDEE messages are generated when there
are changes to Cisco IOS IPS configuration.
SDEE Messages
Choose the SDEE message type to display:
All- SDEE error, status, and alert messages are shown.

Error-Only SDEE error messages are shown.

Status-Only SDEE status messages are shown.

Alerts-Only SDEE alert messages are shown.

Reference:
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/24/
software/user/guide/IPS.html#wp1083698
ActualTests.com

QUESTION 7
Refer to the exhibit. What Cisco feature generated the configuration?
“Pass Any Exam. Any Time.” – www.actualtests.com 10 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam

A. AAA
B. AutoSecure
C. IOS Firewall
D. TACACS+
E. EZ VPN
F. IOS IPS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: ActualTests.com AutoSecure allows you to choose which router components to secure. You may want to secure the entire router functionality, or select individual planes or functions. The selectable components are the management plane, forwarding plane, firewall, login, NTP, and Secure Shell (SSH).
QUESTION 8
Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two.)

“Pass Any Exam. Any Time.” – www.actualtests.com 11 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
A. A good security practice is to havethe none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
C. Theaaa new-model command forces the router to override every other authentication method previously configured for the router lines.
D. To increase security, group radius should be used instead of group tacacs+.
E. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
F. Two authentication options are prescribed by the displayedaaa authentication command.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
Explanation:
You can manage user activity to and through a switch with authentication, authorization, and accounting
(AAA) features. AAA uses standardized methods to challenge users for their credentials before access is
allowed or authorized. Accounting protocols can also record user activity on a switch.

Switch( config)# aaa new-model
The new-model refers to the use of method lists, where authentication methods and sources can be
grouped or organized. The new model is much more scalable than the “old model,” where the
authentication source was explicitly configured.

Use locally configured usernames and passwords as a last resort, when no other authentication servers
are reachable or in use on the network. To define a username, use the following global configuration
command:
Switch( config)# username username password password

RADIUS or TACACS+ servers are defined in groups. First, define each server along with its secret
ActualTests.com
shared password. This string is known only to the switch and the server and provides a key for encrypting
the authentication session. Use one of the following global configuration commands:

Switch( config)# radius-server host { hostname | ip-address} [key string] Switch( config)# tacacs-server
host { hostname | ip-address} [key string] Then, define a group name that will contain a list of servers,
using the following global configuration command:
Switch( config)# aaa group server {radius | tacacs+} group-name

QUESTION 9
CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
When configuring backup IPsec VPNs with Cisco IOS Release 12.2(8)T or later, what are the default parameters?
A. DPD hello messages are sent every 10 seconds if the router has traffic to send.
B. Cisco IOS keepalives are sent every 10 seconds if the router has traffic to send.
C. Cisco IOS keepalives are sent every 10 seconds if there is no traffic to send.
D. Dead peer detection (DPD) hello messages are sent every 10 seconds if there is no traffic to send.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Dead Peer Detection (DPD) is a relatively new Cisco IOS feature that is actually an enhancement of the ISAKMP keepalives feature. DPD operates by sending a hello message every 10 seconds, by default, to a crypto peer from which it has not received traffic during a specified configurable period. If normal IPsec traffic is received from a crypto peer and decrypted correctly, that crypto peer is assumed alive, no hello message is sent, and the DPD counter for that crypto peer is reset. This results in lower CPU utilization than that which would have occurred with ISAKMP keepalives.
In the event that no traffic is received during the specified period, an ISAKMP R_U_THERE message is sent to the other crypto peer. If no response is received after the specified number of tries, the connection is assumed dead, and the IPsec tunnel is disconnected. This feature is vital to prevent black-holing traffic, in the event that the Security Association (SA) database of one side is cleared manually or by reboot. DPD is both a headend and branch technology and should be configured on both sides of a VPN tunnel. DPD should always be configured, even when GRE keepalives are used.
QUESTION 10
ActualTests.com
Refer to the exhibit. Which statement best describes Security Device Event Exchange (SDEE)?

“Pass Any Exam. Any Time.” – www.actualtests.com 13
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam
A. It is a process for ensuring IPS communication between the SDM-enabled devices.
B. The primary purpose of SDEE is for SDM users to send messages to IPS agents.
C. It is an OSI level-7 protocol, and it is used to exchange IPS messages between IPS agents.
D. It is a suite of protocols for ensuring IPS communication between the SDM-enabled devices.
E. It is an application level communications protocol that is used to exchange IPS messages between IPS clients and servers.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
From the Cisco IOS IPS Q&A:

Q. How many events are stored in the Cisco Security Device Event Exchange (SDEE)? A. Cisco SDEE is an application-level communications protocol that is used to exchange IPS event messages between IPS sensors and event monitoring applications and/or devices such as CS-MARS. Cisco SDEE is always running, but it does not receive and process events from the ActualTests.com IPS unless Cisco SDEE notification is enabled. If it is not enabled and a client sends a request, Cisco SDEE responds with a fault response message, indicating that notification is not enabled. When Cisco SDEE notification is enabled (by using the ip ips notify sdee command), by default, 200 events can be, stored in the event buffer whose size can be increased to hold a maximum of 1000 events. When Cisco SDEE notification is disabled, all stored events are lost. A new buffer is allocated when the notifications are re-enabled. Reference: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_qas0900aecd80 6fc530.html
QUESTION 11
“Pass Any Exam. Any Time.” – www.actualtests.com 14 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam Which action can be taken by Cisco IOS IPS when a packet matches a signature pattern?
A. block all traffic from the destination address for a specified amount of time
B. reset the UDP connection
C. forward the malicious packet to a centralized NMS where further analysis can be taken
D. perform a reverse path verification to determine if the source of the malicious packet was spoofed
E. drop the packet
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
When a signature is matched, the IPS responds in real time, before network security can be compromised,
and logs the event through Cisco IOS syslog messages or SDEE. You can configure IPS to choose the
appropriate response to various threats. When packets in a session match a signature, IPS can take any
of these actions, as appropriate:
Send an alarm to a syslog server or a centralized management interface. This action is typically combined
with other preventive actions.
Drop the packet. This action is effective for all IP protocols and does not affect any legitimate user if the
source IP address was spoofed.
Reset the connection. This action works only for TCP sessions.
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part15/schfirwl.ht m

QUESTION 12
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
ActualTests.com
A. strong signatures
B. DDoS signatures
C. exploit signatures
D. connection signatures
E. spoofing signatures
F. numeric signatures
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
The main categories of signatures that a Cisco IPS Signature Micro-Enginer (SME) can detect are:

Exploit Signatures

“Pass Any Exam. Any Time.” – www.actualtests.com 15
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam

Connection Signatures
String Signatures
Denial-of-Service Signatures

Reference: CCNA Security Official Exam Certification Guide (Exam 640-553), By Michael Watkins, Kevin
Wallace, Cisco Press, Chapter 11.

QUESTION 13
Which two mechanisms can be used to detect IPsec GRE tunnel failures? (Choose two).
A. GRE keepalive mechanism
B. Dead Peer Detection (DPD)
C. The hello mechanism of the routing protocol across the IPsec tunnel
D. isakmp keepalives
E. CDP

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation: Dead-peer detection (DPD)-DPD is a scalable “keep-alive” mechanism that does not affect the CPU as much as the traditional internal OS keep-alive mechanisms. This is especially important on an IPsec aggregator router that supports a large number of IPsec connections. Based on the IETF standard keep-alive mechanism, DPD facilitates high availability and resource cleanup by letting a peer know when the connection is no longer available. As an alternative to DPD messages, we can also use the chosen IGP hello messages to determine if the tunnel is up. Since we have a GRE tunnel, routing protocol information will be carried across it, including hello messages.
ActualTests.com
QUESTION 14
Which two devices serve as the main endpoint components in a DSL data service network? (Choose two.)
A. SOHO workstation
B. ATU-C
C. POTS splitter
D. ATU-R
E. CO switch
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 16
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam

Explanation:
ADSL from ATU-C to ATU-R:
ADSL from ATU-C to ATU-R Perhaps the best way to understand how ADSL works is to break the overall ADSL architecture down into more manageable components. The visual isolates the ADSL architecture between ADSL termination unit-central office (ATU-C) and ADSL termination unit-remote (ATU-R), or DSL modem. Between ATU-C and ATU-R, the ADSL line code is most important. The splitter is part of the ATU-C-ATU-R network. Reference: http://www.hill2dot0.com/wiki/index.php?title=ADSL
QUESTION 15
Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?

ActualTests.com
A. denyFlowInline
B. alarm
C. deny-connection-inline
D. denyAttackerInline
E. reset
F. drop “Pass Any Exam. Any Time.” – www.actualtests.com 17 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS IPS-enabled router uses this SDF to update the existing IPS configuration live, meaning that the number of running signatures and the way that the signatures are configured for actions to take when a signature match is made (alarm, drop, reset, denyAttackerInline, and denyFlowInline) all can be changed without a Cisco IOS Software image update. Use of the SDF for signature selection is replaced by the selection of Cisco IOS Software signature categories or selection or deselection of individual signatures and tuning of their parameters through the command-line interface (CLI).
QUESTION 16
Refer to the exhibit. On the basis of the information in the exhibit, which two statements are true? (Choose two.)

ActualTests.com
A. Signature 1102 has been triggered because of matching traffic.
B. The Edit IPS window is currently displaying the Global Settings information.
C. The Edit IPS window is currently displaying the signatures in Summary view.
D. Any traffic matching signature 1107 will generate an alarm, reset the connection, and be dropped.
E. Signature 1102 has been modified, but the changes have not been applied to the router.
F. The Edit IPS window is currently displaying the signatures in Details view.
Correct Answer: EF Section: (none) Explanation
Explanation/Reference:
Explanation:
When editing signatures, the signature list can be filtered using the selection controls in detailed views:

“Pass Any Exam. Any Time.” – www.actualtests.com 18
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam
In this case, signature 1102 has been modified as marked by the yellow wait icon, but it has not yet been applied to the router.
Reference: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/ software/user/guide/IPS.html#wp1085187
ActualTests.com
QUESTION 17
Which two statements about the Security Device Manager (SDM) Intrusion Prevention System (IPS) Rule wizard are true? (Choose two.)
A. Changes to the IPS rules can be made using the Configure IPS tab.
B. Once all interfaces have rules applied to them, you can re-initiate the IPS Rule wizard to make changes.
C. By default, the Use Built-In Signatures (as backup) checkbox is not selected.
D. Once all interfaces have rules applied to them, you cannot re-initiate the IPS Rule wizard to make changes.
E. When using the wizard for the first time, you will be prompted to enable the Security Device Event Exchange (SDEE). “Pass Any Exam. Any Time.” – www.actualtests.com 19 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
F. Changes to the IPS rules can be made using the Edit Firewall Policy/ACL tab.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco SDM requires IPS event notification via SDEE to configure the Cisco IOS IPS feature; by default, the SDEE notification is not enabled. Cisco SDM will prompt the user to enable IPS event notification via
SDEE:

SDEE Event Notification

You can also use the wizard to edit any existing rules.
Reference:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper090
0aecd8043bc32.html

QUESTION 18
Which three statements about frame-mode MPLS are true? (Choose three.)
A. The MPLS data plane takes care of forwarding based on either destination addresses or labels.
B. The CEF FIB table contains information about outgoing interfaces and their corresponding ActualTests.com Layer 2 header.
C. MPLS has three distinct components consisting of the data plane, the forwarding plane, and the control plane.
D. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol (TDP) or MPLS Label Distribution Protocol (LDP).
E. The control plane is a simple label-based forwarding engine that is independent of the type of routing protocol or label exchange protocol.
F. Whenever a router receives a packet that should be CEF-switched, but the destination is not in the FIB, the packet is dropped.
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
Explanation:
“Pass Any Exam. Any Time.” – www.actualtests.com 20 CertUniverse.Blogspot.Com Cisco 642-825: Practice Exam
Label allocation and distribution in a Unicast IP routing network and MPLS functionality, including label allocation and distribution, can be divided into these steps: Step 1 The routers exchange information using standard or vendor-specific Interior Gateway Protocol (IGP), such as Open Shortest Path First [OSPF], Intermediate System-to-Intermediate System [IS-IS], and Enhanced Interior Gateway Routing Protocol [EIGRP]). Step 2 Local labels are generated. One locally unique label is assigned to each IP destination found in the main routing table and stored in the Label Information Base (LIB) table. Step 3 Local labels are propagated to adjacent routers, where these labels might be used as next-hop labels (stored in the Forwarding Information Base [FIB] and Label Forwarding Information Base [LFIB] tables to enable label switching). Step 4 Every label switch router (LSR) builds its LIB, LFIB, and FIB data structures based on received labels. These data structures contain label information: The LIB, in the control plane, is the database used by Label Distribution Protocol (LDP) where an IP prefix is assigned a locally significant label that is mapped to a next-hop label that has been learned from a downstream neighbor.
The LFIB, in the data plane, is the database used to forward labeled packets. Local labels, previously advertised to upstream neighbors, are mapped to next-hop labels, previously received from downstream neighbors.
The FIB, in the data plane, is the database used to forward unlabeled IP packets. A forwarded packet is labeled if a next-hop label is available for a specific destination IP network. Otherwise, a forwarded packet is not labeled.
QUESTION 19
Which two statements are true about signatures in a Cisco IOS IPS? (Choose two.)
ActualTests.com
A. The action of a signature can be enabled on a per-TCP-session basis.
B. IOS IPS signatures are stored in the startup config of the router.
C. Selection of an SDF file should be based on the amount of RAM memory available on the router.
D. IOS IPS signatures are propagated with the SDEE protocol.
E. Common signatures are hard-coded into the IOS image.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation:
Signatures:
A signature detects patterns of misuse in network traffic. Prior to IOS 12.4(11) T release, IOS IPS has 132
built-in signatures available in the Cisco IOS Software image. The built-in signatures are hard-coded into
the Cisco IOS Software image for backward compatibility.

“Pass Any Exam. Any Time.” – www.actualtests.com 21
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam

IPS-Supplied Signature Definition Files
The SDF file selection is determined by the amount of RAM available. To ensure that the router has as
many signatures available as its memory can accommodate, Cisco SDM is shipped with one of the
following SDFs:
256MB.sdf- If the amount of RAM available is greater than 256MB. The 256MB.sdf file contains 500 signatures.

128MB.sdf- If the amount of RAM available is between 128MB and 256MB. The 128MB.sdf file contains 300 signatures.

attack-drop.sdf- If the amount of available RAM is 127MB or less. The attack-drop.sdf file contains 82 signatures.
References: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper090 0aecd80327257.html http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/24/ software/user/guide/IPS.html
QUESTION 20
Which four outbound ICMP message types would normally be permitted? (Choose four.)
A. packet too big B. echo
C. source quench ActualTests.com
D. time exceeded
E. echo reply
F. parameter problem
Correct Answer: ABCF Section: (none) Explanation
Explanation/Reference:
Explanation:
As a general rule, you should permit the Echo, Parameter- Problem, Packet-Too-Big, and Source- Quench
message types while denying all other outbound ICMP traffic.

Reference: “Hardening Network Infrastructure” by Wesley J. Noonan, page 186.

“Pass Any Exam. Any Time.”
CertUniverse.Blogspot.Com
Cisco 642-825: Practice Exam

Our material on our site Cisco 642-825 is exam-oriented, keeping in view the candidates requirements and level of understanding.Cisco 642-825 materials are in the most popular and easy-to-use PDF version. You can use it on any devices with you anywhere.