Cisco 642-825 exams have changed, Test4actual is the first to publish the latest 642-825 exams!
1. Which two statements about common network attacks are true? (Choose two.)Select 2 response(s).
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internetinformation queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Answer: AE
2. Which two statements about the Cisco AutoSecure feature are true? (Choose two.)Select 2 response(s).
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command isenabled.
Answer: CE
3. Which three statements are correct about MPLS-based VPNs? (Choose three.)Select 3 response(s).
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Answer: AEF
4. Which two Network Time Protocol (NTP) statements are true? (Choose two.)Select 2 response(s).
A. A stratum 0 time server is required for NTP operation.
B. NTP is enabled on all interfaces by default, and all interfaces receive NTP packets.
C. NTP operates on IP networks using User Datagram Protocol (UDP) port 123.
D. The ntp server global configuration is used to configure the NTP master clock to which other peerssynchronize themselves.
E. The show ntp status command displays detailed association information of all NTP peers.
F. Whenever possible, configure NTP version 5 because it automatically provides authentication and encryption services.
Answer: BC
5. What are the two main features of Cisco IOS Firewall? (Choose two.)Select 2 response(s).
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy
Answer: DE
http://www.test4actual.com/642-825.html
6. Which two statements describe the functions and operations of IDS and IPS systems? (Choose two.)Select 2 response(s).
A. A network administrator entering a wrong password would generate a true-negative alarm.
B. A false positive alarm is generated when an IDS/IPS signature is correctly identified.
C. An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.
D. Cisco IDS works inline and stops attacks before they enter the network.
E. Cisco IPS taps the network traffic and responds after an attack.
F. Profile-based intrusion detection is also known as “anomaly detection”.
Answer: BF
7. Which two statements about packet sniffers or packet sniffing are true? (Choose two.)Select 2 response(s).
A. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be used.
B. Packet sniffers can only work in a switched Ethernet environment.
C. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
Answer: CD
8. Which two network attack statements are true? (Choose two.)Select 2 response(s).
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of UDP and TCP SYN flooding, ICMP echo-request floods, and ICMP directedbroadcasts.
C. DoS attacks can be reduced through the use of access control configuration, encryption, and RFC 2827 filtering.
D. DoS attacks can consist of IP spoofing and DDoS attacks.
E. IP spoofing can be reduced through the use of policy-based routing.
F. IP spoofing exploits known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
Answer: AD
9. Which three techniques should be used to secure management protocols? (Choose three.)Select 3 response(s).
A. Configure SNMP with only read-only community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Synchronize the NTP master clock with an Internet atomic clock.
E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanismbetween peers.
Answer: ABC
10. Which two statements about the AutoSecure feature are true? (Choose two.)Select 2 response(s).
A. AutoSecure automatically disables the CDP feature.
B. If you enable AutoSecure, the minimum length of the login and enable passwords is set to 6 characters.
C. The auto secure full command automatically configures the management and forwarding planes without any user interaction.
D. To enable AutoSecure, the auto secure global configuration command must be used.
E. Once AutoSecure has been configured, the user can launch the SDM Web interface to perform a security audit.
Answer: AB
http://www.test4actual.com
http://www.test4actual.com/642-825.html
http://test4actual.blogsome.com
没有评论:
发表评论