Exam Number/Code: 642-845

Exam Name: Optimizing Converged Cisco Networks

Updated:3/1/2010

Questons and Answers : 152 questions

Exam Language(s): English

1. Which two Cisco AutoQoS interface statements are true? (Choose two.)Select 2 response(s).A. AutoQoS is supported on Frame Relay multipoint subinterfaces.B. AutoQoS is supported on low-speed ATM PVCs in point-to-point subinterfaces.C. AutoQoS is supported on serial PPP and HDLC interfaces.D. AutoQoS is supported only on Frame Relay main interfaces and not on any subinterface configuration.Answer: BC 2. Which two wireless security statements are true? (Choose two.)Select 2 response(s).A. A TACACS+ server is required to implement 802.1x.B. MIC protects against man-in-the-middle and replay attacks.C. The 802.1x standard provides encryption services for wireless clients.D. The AES (symmetric block cipher) is specified in the IEEE 802.11i specification.E. The IEEE 802.11i specification uses RC4 as its encryption mechanism.F. WPA requires TKIP and AES as encryption methods.Answer: BD 3. Which two statements regarding the Wireless LAN Solution Engine (WLSE) are true? (Choose two.)Select 2 response(s).A. To support fault and policy reporting, the WLSE requires a Wireless Control System (WCS).B. When WLSE detects an AP failure, it automatically increases the power and cell coverage of nearby APs.C. WLSE requires the 2700 location appliance to offer location tracking.D. WLSE can locate rogue APs and automatically shut them down.E. WLSE configuration is done using the command line interface (CLI) or a WEB based template.Answer: BD 4. Which two statements are true about the function of CAC? (Choose two.)Select 2 response(s).A. CAC provides guaranteed voice quality on a link.B. CAC artificially limits the number of concurrent voice calls.C. CAC is used to control the amount of bandwidth that is taken by a call on a link.D. CAC prevents oversubscription of WAN resources that is caused by too much voice traffic.E. CAC allows an unlimited number of voice calls while severely restricting, if necessary, other forms of traffic.F. CAC solves voice congestion problems by using QoS to give priority to UDP traffic.Answer: BD 5. Which two statements are true about the implementation of QoS? (Choose two.)Select 2 response(s).A. Implementing DiffServ involves the configuration of RSVP.B. Implementing IntServ allows QoS to be performed by configuring only the ingress and egress devices.C. Implementing IntServ involves the utilization of RSVP.D. Traffic should be classified and marked by the core network devices.E. Traffic should be classified and marked as close to the edge of the network as possible.Answer: CE 6. What are the steps for configuring stateful NBAR for dynamic protocols?Select the best response.A. Use the command ip nbar protocol-discovery to allow identification of stateful protocols. Use the command ip nbar port-map to attach the protocols to an interface.B. Use the command match protocol rtp to allow identification of real-time audio and video traffic. Use the command ip nbar port-map to extend the NBAR functionality for well-known protocols to new port numbers.C. Use the command match protocol to allow identification of stateful protocols. Use the command ip nbar port-map to attach the protocols to an interface.D. Configure a traffic class. Configure a traffic policy. Attach the traffic policy to an interface.E. Configure video streaming. Configure audio streaming. Attach the codec to an interface.Answer: D 7. Two sites are using a multisite centralized call processing model. The voice gateway on the remote branch has lost IP connectivity to its Cisco CallManager server. Which feature enables the remote gateway to take the role of the call agent during the WAN failure?Select the best response.A. automated alternate routing (AAR)B. Cisco CallManager Attendant ConsoleC. real-time protocol (RTP)D. Survivable Remote Site Telephony (SRST)Answer: D 8. Refer to the exhibit. Both routers have been configured as VoIP gateways. They must also support traditional telephony devices to connect to analog telephones. Which two configuration changes would correctly support the voice requirements? (Choose two.)Select 2 response(s).A. On each router, under the dial-peer voice 1 pots configuration, add the port fa0/0 command.B. On each router, under the dial-peer voice 1 pots configuration, add the port 1/0/0 command.C. On each router, configure dial-peer voice 1 as a voip connection and configure dial-peer voice 2 as a pots connection.D. Under the dial-peer voice 1 pots configuration, change the destination pattern of 1111 to 2222 on the R1 router, and 2222 to 1111 on the R2 router.E. Under the dial-peer voice 2 voip configuration, change the destination pattern of 1111 to 2222 on the R1 router, and 2222 to 1111 on the R2 router.F. Under the dial-peer voice 2 voip configuration, change the destination target address of 10.2.2.2 to 10.1.1.1 on the R1 router, and the destination target address of 10.1.1.1 to 10.2.2.2 on the R2 router.Answer: BE 9. To have the best possible voice quality and to utilize effectively the available bandwidth, which queuing and compression mechanisms need to be used? (Choose two.)Select 2 response(s).A. class-based weighted fair queuing (CBWFQ)B. low latency queuing (LLQ)C. priority queuing (PQ) or custom queuing (CQ)D. Real-Time Transport Protocol (RTP) header compressionE. TCP header compressionF. UDP header compressionAnswer: BD 10. Which three statements about end-to-end delay are true? (Choose three.)Select 3 response(s).A. End-to-end delay is the sum of propagation delays, processing delays, serialization delays, and queuing delays.B. Coast-to-coast end-to-end delay over an optical link is about 20 ms.C. Processing delay depends on various factors, which include CPU speed, CPU utilization, IP switching mode, and router architecture.D. Propagation and serialization delays are related to the media.E. Propagation delay is the time it takes to transmit a packet and is measured in bits-per-second (bps).F. Serialization delay is the time it takes for a router to take the packet from an input interface and put it into the output queue of the output interface.Answer: ACD

Exam Number/Code: 642-825

Exam Name: Implementing Secure Converged Wide Area Networks

Updated:5/28/2009

Questons and Answers : 118 questions

Exam Language(s): English

sample 642-825 certification practice test

1. What are three methods of network reconnaissance? (Choose three.)
A. IP spoofing
B. one-time password
C. dictionary attack
D. packet sniffer
E. ping sweep
F. port scan
Answer: DEF
2. Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Answer: AEF
3. What are two steps that must be taken when mitigating a worm attack? (Choose two.)
A. Inoculate systems by applying update patches.
B. Limit traffic rate.
C. Apply authentication.
D. Quarantine infected machines.
E. Enable anti-spoof measures
Answer: AD
4. Refer to the exhibit. What information can be derived from the SDM firewall configuration that is shown?
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
A. Access-list 100 was configured for the trusted interface, and access-list 101 was configured for the
untrusted interface.
B. Access-list 101 was configured for the trusted interface, and access-list 100 was configured for the
untrusted interface.
C. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the
outbound direction on the trusted interface.
D. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the
outbound direction on the untrusted interface.
Answer: A
5. Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning
traffic must be a standard ACL.
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be
applied to the secured interface.
Answer: ABD
6. Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the
user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall
based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are
authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.
Answer: B
7. Refer to the exhibit.Which two statements are true about the authentication method used to authenticate
users who want privileged access into Router1? (Choose two.)
A. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the router
will attempt to authenticate the user using its local database.
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
B. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the
authentication process stops and no other authentication method is attempted.
C. All users will be authenticated using the RADIUS server. If the user authentication fails, the router will
attempt to authenticate the user using its local database.
D. All users will be authenticated using the RADIUS server. If the user authentication fails, the
authentication process stops and no other authentication method is attempted.
E. The default login authentication method is applied automatically to all lines including console, auxiliary,
TTY, and VTY lines.
Answer: AD
8. Refer to the exhibit. On the basis of the presented information, which configuration was completed on the
router CPE?
A. CPE(config)# ip nat inside source list 101 interface Dialer0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
B. CPE(config)# ip nat inside source list 101 interface Dialer0 overload CPE(config)# access-list 101 permit
ip 10.0.0.0 0.255.255.255 any
C. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
D. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 overload CPE(config)# access-list 101
permit ip 10.0.0.0 0.255.255.255 any
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
E. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
F. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 overload CPE(config)# access-list 101
permit ip 10.0.0.0 0.255.255.255 any
Answer: B
9. Refer to the exhibit. FastEthernet0/0 has been assigned a network address of 200.0.1.2/24 and no ACL
has been applied to that interface. Serial0/0/0 has been assigned a network address of 200.0.0.1/30.
Assuming that there are no network-related problems, which ping will be successful?
A. from 200.0.0.1 to 200.0.0.2
B. from 200.0.0.2 to 200.0.0.1
C. from 200.0.0.2 to 200.0.1.1
D. from 200.0.0.2 to 200.0.1.2
E. from 200.0.1.1 to 200.0.0.2
F. from 200.0.1.2 to 200.0.0.2
Answer: A
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
10. If an edge Label Switch Router (LSR) is properly configured, which three combinations are possible?
(Choose three.)
A. A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP
packet.
B. An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the
label is not found in the LFIB table.
C. There is an MPLS label-switched path toward the destination. A received IP packet is dropped because
the destination is not found in the IP forwarding table.
D. A received IP packet is forwarded based on the IP destination address and the packet is sent as a
labeled packet.
E. A received labeled IP packet is forwarded based upon both the label and the IP address.
F. A received labeled packet is forwarded based on the label. After the label is swapped, the newly labeled
packet is sent.
Answer: ADF
11.Which approach for identifying malicious traffic involves looking for a fixed sequence of bytes in a single
packet or in predefined content?
A. policy-based
B. anomaly-based
C. honeypot-based
D. signature-based
E. regular-expression-based
Answer: D
12. Which three DSL technologies support an analog POTS channel and utilize the entire bandwidth of the
copper to carry data? (Choose three.)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
E. VDSL
Answer: ADE
13. Refer to the exhibit. On the basis of the information that is provided, which statement is true?
A. The IOS firewall has allowed an HTTP session between two devices.
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries
to be created.
C. A UDP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries
to be created.
D. Telnet is the only protocol allowed through this IOS firewall configuration.
Answer: B
14. Refer to the exhibit. What Cisco feature generated the configuration?
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
A. EZ VPN
B. IOS Firewall
C. AutoSecure
D. IOS IPS
E. AAA
F. TACACS+
Answer: C
15. What are three features of the Cisco IOS Firewall feature set? (Choose three.)
A. network-based application recognition (NBAR)
B. authentication proxy
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
C. stateful packet filtering
D. AAA services
E. proxy server
F. IPS
Answer: BCF
16. Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration. Which
command needs to be applied to the SOHO77 to complete the configuration?
A. encapsulation aal5snap applied to the PVC.
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC
Answer: E
17. Which three techniques should be used to secure management protocols? (Choose three.)
A. Configure SNMP with only read-only community strings.
B. Encrypt TFTP and syslog traffic in an IPSec tunnel.
C. Implement RFC 2827 filtering at the perimeter router when allowing syslog access from devices on the
outside of a firewall.
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
D. Synchronize the NTP master clock with an Internet atomic clock.
E. Use SNMP version 2.
F. Use TFTP version 3 or above because these versions support a cryptographic authentication
mechanism between peers.
Answer: ABC
18. Which two active response capabilities can be configured on an intrusion detection system (IDS) in
response to malicious traffic detection? (Choose two.)
A. the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls
Answer: BD
19. What are three objectives that the no ip inspect command achieves? (Choose three.)
A. removes the entire CBAC configuration
B. removes all associated static ACLs
C. turns off the automatic audit feature in SDM
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E. resets all global timeouts and thresholds to the defaults
F. deletes all existing sessions
Answer: AEF
20. Refer to the exhibit. Which statement describes the results of clicking the OK button in the Security
Device Manager (SDM) Add a Signature Location window?
Testinside
TestInside Help You Pass Any IT Exam http://www.cheapTestInside.com
A. SDM will respond with a message asking for the URL that points to the 256MB.sdf file.
B. Cisco IOS IPS will choose to load the 256MB.sdf only if the Built-in Signatures (as backup) check box is
unchecked.
C. If Cisco IOS IPS fails to load the 256MB.sdf, it will load the built-in signatures provided the Built-in
Signatures (as backup) check box is checked.
D. Cisco IOS IPS will choose to load the 256MB.sdf and then also add the Cisco IOS built-in signatures.
E. SDM will respond with an error that indicates that no such file exists.
Answer: C