Cisco Ccnp 642-825 Exam Questions Updated


Cisco CCNP 642-825 exam questions  have been updated on ourexam.com yesterday.So now as long as our customers who have bought CCNP 642-825 exam questions from us can enjoy one year free update.We can send the latest version to your email in time make sure that you can use the correct version to take the exam then pass the exam at the first time.


 What are three objectives that the no ip inspect command achieves? (Choose three.)
A. removes the entire CBAC configuration
B. removes all associated static ACLs
C. turns off the automatic audit feature in SDM
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E. resets all global timeouts and thresholds to the defaults
F. deletes all existing sessions
Answer: AEF
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site
VPNs? (Choose three.)
A. allows dynamic routing over the tunnel
B. supports multi-protocol (non-IP) traffic over the tunnel
C. reduces IPsec headers overhead since tunnel mode is used
D. simplifies the ACL used in the crypto map
E. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
Answer: ABD
Which three IPsec VPN statements are true? (Choose three.)
A. IKE keepalives are unidirectional and sent every ten seconds.
B. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for
exchanging keys.
D. Main mode is the method used for the IKE phase two security association negotiations.
E. Quick mode is the method used for the IKE phase one security association negotiations.
F. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets.
Answer: ABF
 Which three statements are true about Cisco IOS Firewall? (Choose three.)
A. It can be configured to block Java traffic.
B. It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.
C. It can only examine network layer and transport layer information.
D. It can only examine transport layer and application layer information.
E. The inspection rules can be used to set timeout values for specified protocols.
F. The ip inspect cbac-name command must be configured in global configuration mode.
Answer: ABE

05:25 | Labels: , , , , , , |

This entry was posted on 05:25 and is filed under 642825 , Ccnp , Cisco , exam , Questions , Updated , Vpn . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

About Me

Your information resource for Virtual Private Networks | Vpn Setup | Cisco Vpn Client | Tunneling | Tunnel | Computer Networking | Secure | Mpls Network | Cisco Vpn | Vpn Network | Wireless Router | Routers | Sonicwall | Remote Access Vpn | Cisco | Router | Firewall | Remote Access | Checkpoint | Safenet at Vpn.co.in

Followers

Powered by Blogger.

Blog Archive