Free Free lateat Pass4sure Cisco CCNP Iscw 642-825 Exam v2.95 Download

ISCW – Implementing Secure Converged Wide Area Networks : 642-825 Exam

The Implementing Secure Converged Wide Area Networks (ISCW 642-825) is a qualifying exam for the Cisco Certified Network Professional CCNP®. The ISCW 642-825 exam will certify that the successful candidate has important knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration. The exam covers topics on Cisco hierarchical network model as it pertains to the WAN, teleworker configuration and access, frame mode MPLS, site-to-site IPSEC VPN, Cisco EZVPN, strategies used to mitigate network attacks, Cisco device hardening and IOS firewall features.

Exam Number/Code: 642-825
Exam Name: ISCW – Implementing Secure Converged Wide Area Networks
VUE Code: 642-825
Questions Type: Single choice,

“ISCW – Implementing Secure Converged Wide Area Networks”, also known as 642-825 exam, is a Cisco certification.
Preparing for the 642-825 exam Searching 642-825 Test Questions, 642-825 Exam, 642-825 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 172 Q&As to your 642-825 Exam preparation. In the 642-825 exam resources, you will cover every field and category in CCNP helping to ready you for your successful Cisco Certification.

QUESTION 31:
The Cisco VPN client is being installed on a new PassGuide teleworker’s laptop.
When configuring the Cisco software VPN client on a PC, which values need to be
entered to complete the setup when pre-shared key authentication is used?
A. IP address of server, groupname and password, and default gateway
B. IP address of server, groupname and password, default gateway, and DNS servers
C. IP address of server, groupname, and password
D. IP address of server, groupname and password, default gateway, DNS servers, and
local IP address
Answer: C
Explanation:
The Cisco virtual private network (VPN) Client for Windows (or VPN Client) is software
that runs on a Microsoft Windows-based PC. The VPN Client on a remote PC,
communicating with a Cisco Easy VPN Server on an enterprise network or with a service
provider, creates a secure connection over the Internet.
Preshared keys-the IPsec group to which the system administrator assigned you. Your
group determines how you access and use the remote network. For example, it specifies
access hours, number of simultaneous logins, user authentication method, and the IPsec
algorithms that your VPN Client uses.
642-825
www.actualtest.org – The Power of Knowing
Example
QUESTION 32:
The Cisco VPN client is being installed on a teleworkers laptop. When configuring
the Cisco VPN Client, what action is required prior to installing Mutual Group
Authentication?
A. The option to “Allow Local LAN Access” must be selected.
B. A group pre-shared secret must be properly configured.
C. A valid root certificate must be installed.
D. Transparent tunneling must be enabled.
Answer: C
Explanation:
The Cisco virtual private network (VPN) Client for Windows (or VPN Client) is software
that runs on a Microsoft Windows-based PC. The VPN Client on a remote PC,
communicating with a Cisco Easy VPN Server on an enterprise network or with a service
provider, creates a secure connection over the Internet.
Mutual authentication should be used instead of group presharedsecrets, Group
presharedsecrets are vulnerable to man-in-the-middle attacks if the attacker knows the
group presharedsecret.
To use mutual group authentication, you need a root certificate that is compatible with
the central-site VPN installed on your system:
642-825
www.actualtest.org – The Power of Knowing
Step 1 Your network administrator can load a root certificate on your system
during installation. When you select the Mutual Group Authentication radio button,
the VPN Client software verifies whether you have a root certificate installed.
Step 2 If you do not have a root certificate installed, the VPN Client prompts you to
install one. Before you continue, you must import a root certificate. When you have
installed a root certificate (if required), follow the steps for group authentication.
Example:
QUESTION 33:
The Cisco VPN client was installed on a PassGuide laptop as shown below:
642-825
www.actualtest.org – The Power of Knowing
Based on the diagram shown above, what does the “Allow Local LAN Access”
option enable a Cisco software VPN client to do?
A. It allows local traffic from trusted resources to pass through the VPN connection
B. It allows a user to access the resources on the local LAN when connected through a
secure gateway to a central-site VPN device
C. It allows secured remote clients to access local LAN resources through the VPN
connection
D. It allows remote connections from trusted clients to access local resources
E. None of the above
Answer: B
Explanation:
In a multiple-network interface card (NIC) configuration, local LAN access pertains only
to network traffic on the interface on which the tunnel was established. The Allow Local
LAN Access parameter gives you access to the resources on your local LAN (printer, fax,
shared files, or other systems) when you are connected through a secure gateway to a
central-site VPN device. When this parameter is enabled and your central site is
configured to permit it, you can access local resources while connected. When this
parameter is disabled, all traffic from your client system goes through the IPsec
connection to the secure gateway. To enable this feature, check the Allow Local LAN
Access check box; to disable it, uncheck the check box. If the local LAN that you are
using is not secure, you should disable this feature. For example, you would disable this
feature when you are using a local LAN in a hotel or airport. A network administrator at
the central site configures a list of networks at the client side that you can access. You
can access up to 10 networks when this feature is enabled. When the Allow Local LAN
Access feature is enabled and you are connected to a central site, all traffic from your
system goes through the IPsec tunnel except traffic to the networks excluded from doing
so (in the network list). When this feature is enabled and configured on the VPN Client
and permitted on the central-site VPN device, you can see a list of the local LANs
available by looking at the routing table.
QUESTION 34:
The following VPN Client Statistics exhibit was seen on a PassGuide laptop:
642-825
www.actualtest.org – The Power of Knowing
A new VPN Connection Entry was made on this laptop as shown below:
Which two statements are true about the information that is shown above from
theCisco VPN client screens on this PassGuide laptop? (Select two)
A. The 10.10.32.32 network entry in the Route Details screen represents the IP address of
the server end of the encrypted tunnel.
642-825
www.actualtest.org- The Power of Knowing
B. The 10.10.32.32 network entry in the Route Details screen represents an IP address
that will be accessed without traversing the VPN.
C. Selecting IPSec over TCP on the connection entry on the right allows Local LAN
Routes to be available on the Route Details on the left screen.
D. Selecting Enable Transparent Tunneling on the connection entry on the right allows
Local LAN Routes to be available on the Route Details on the left screen.
E. Selecting Allow Local LAN Access on the connection entry on the right allows Local
LAN Routes to be available on the Route Details on the left screen.
Answer: B, E
Explanation:
Transparent tunneling allows secure transmission between the VPN Client and a secure gateway
through a router serving as a firewall, which may also be performing Network Address
Translation (NAT) or Port Address Translation (PAT). Transparent tunneling encapsulates
Protocol 50 (Encapsulating Security Payload, or ESP) traffic within UDP packets and can allow
both Internet Security Association and Key Management Protocol (ISAKMP) and Protocol 50 to
be encapsulated in TCP packets before they are sent through the NAT or PAT devices or
firewalls. The most common application for transparent tunneling is behind a home router
performing PAT.
QUESTION 35:
You need to set up the Cisco VPN client software on a new PassGuide laptop. When
642-825
www.actualtest.org – The Power of Knowing
configuring the Cisco VPN Client with transparent tunneling, what is true about the
IPSec over TCP option?
A. The port number is negotiated automatically.
B. Clients will have access to the secured tunnel and local resources.
C. Packets are encapsulated using Protocol 50 (Encapsulating Security Payload, or ESP).
D. The port number must match the configuration on the secure gateway.
E. None of the above
Answer: D