Testinside – Best IT certification material provider

ISCW – Implementing Secure Converged Wide Area Networks : 642-825 Exam

Exam Number/Code: 642-825
Exam Name: ISCW – Implementing Secure Converged Wide Area Networks

“ISCW – Implementing Secure Converged Wide Area Networks”, also known as 642-825 exam, is a Cisco certification.
Preparing for the 642-825 exam? Searching 642-825 Test Questions, 642-825 Practice Exam, 642-825 Dumps?

Free 642-825 Demo Download
TestInside offers free demo for 642-825 exam ( ISCW – Implementing Secure Converged Wide Area Networks). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

642-825 ISCW
Implementing Secure Converged Wide Area Networks

Exam Number: 642-825
Associated Certifications: CCNP
Duration: 90 minutes
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Implementing Secure Converged Wide Area Networks (ISCW 642-825) is a qualifying exam for the Cisco Certified Network Professional CCNP®. The ISCW 642-825 exam will certify that the successful candidate has important knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration. The exam covers topics on Cisco hierarchical network model as it pertains to the WAN, teleworker configuration and access, frame mode MPLS, site-to-site IPSEC VPN, Cisco EZVPN, strategies used to mitigate network attacks, Cisco device hardening and IOS firewall features.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement basic teleworker services.
Describe Cable (HFC) technologies.
Describe xDSL technologies.
Configure ADSL (i.e., PPPoE or PPPoA).
Verify basic teleworker configurations.

Implement Frame-Mode MPLS.
Describe the components and operation of Frame-Mode MPLS (e.g., packet-based MPLS VPNs).
Configure and verify Frame-Mode MPLS.

Implement a site-to-site IPSec VPN
Describe the components and operations of IPSec VPNs and GRE Tunnels.
Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e., preshared key).
Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations).
Describe, configure, and verify VPN backup interfaces.
Describe and configure Cisco Easy VPN solutions using SDM.

Describe network security strategies.
Describe and mitigate common network attacks (i.e., Reconnaissance, Access, and Denial of Service).
Describe and mitigate Worm, Virus, and Trojan Horse attacks.
Describe and mitigate application-layer attacks (e.g., management protocols).

Implement Cisco Device Hardening
Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM).
Describe, configure, and verify AAA for Cisco Routers.
Describe and configure threat and attack mitigation using ACLs.
Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.)

Implement Cisco IOS firewall.
Describe the functions and operations of Cisco IOS Firewall (e.g., Stateful Firewall, CBAC, etc.).
Configure Cisco IOS Firewall with SDM.
Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor).

Describe and configure Cisco IOS IPS.
Describe the functions and operations of IDS and IPS systems (e.g., IDS/IPS signatures, IPS Alarms, etc.)
Configure Cisco IOS IPS using SDM.

QUESTION 27:
When comparing the differences between PPPoA and PPPoE, which of the following
statements are true?
A. PPPoE does not support session authentication with an aggregation router.
B. PPPaE provides simple bridged connections for a limited number of hosts.
C. PPPoA relies on client software to provide connectivity and authentication.
D. PPPoA is routed end-to-end over ATM from the user’s PC to the aggregation router.
E. None of the above
Answer: D
Explanation:
Some key advantages of PPPoE and how they differ from PPPoA include:
* Per session authentication based on Password Authentication Protocol (PAP) or
Challenge Handshake Authentication Protocol (CHAP). This is the greatest advantage of
PPPoE as authentication overcomes the security hole in a bridging architecture.
* Per session accounting is possible, which allows the service provider to charge the
subscriber based on session time for various services offered. The service provider may
also require a minimal access charge.
* PPPoE can be used on existing CPE installations that cannot be upgraded to PPP or that
do not have the ability to run PPPoA, extending the PPP session over the bridged
Ethernet LAN to the PC.
* PPPoE preserves the point-to-point session used by Internet Service Providers (ISPs) in
the current dialup model. PPPoE is the only protocol capable of running point-to-point
over Ethernet without requiring an intermediate IP stack.
* The Network Access Provider (NAP) or Network Service Provider (NSP) can provide
secure access to a corporate gateway without managing end-to-end permanent virtual
circuits (PVCs) and making use of Layer 3 routing and/or Layer 2 Tunneling Protocol
(L2TP) tunnels. This makes the business model of selling wholesale services and virtual
private networks (VPNs) scalable.
* PPPoE can provide a host (PC) access to multiple destinations at a given time. There
can be multiple PPPoE sessions per PVC.
* The NSP can oversubscribe by deploying idle and session time-outs using an industry
standard Remote Authentication Dial-In User Service (RADIUS) server for each
subscriber.
* PPP can be used with the service selection gateway (SSG) feature.
Some key disadvantages of PPPoE and how they differ from PPPoA include:
* PPPoE client software must be installed on all hosts (PCs) connected to the Ethernet
segment. This means that the access provider must maintain the CPE and the client
software on the PC.
* Because PPPoE implementation uses RFC1483 bridging, it is susceptible to broadcast
storms and possible denial-of-service attacks.
Reference:

http://www.cisco.com/warp/public/794/pppoe_arch.html

QUESTION 28:
DSL connections commonly use PPP over Ethernet (PPoE). What process does a
Certkiller host have to perform to establish a PPoE SESSION_ID?
A. A DHCP request process to request and IP address and session ID.
B. A Discovery process to identify a PPPoE server and request a session ID.
C. A RARP request process to request a MAC address and session ID.
D. A BOOTP process to request a configuration and session ID.
E. None of the above
Answer: B
Explanation:
When a router wants to initiate a PPPoE session, it must first perform Discovery to
identify the Ethernet MAC address of the peering device and establish a PPPoE
SESSION_ID. Discovery is inherently a client/server relationship. During Discovery, a
router discovers the provider DSLAM. Discovery allows the CPE router to discover all
available DSLAMs, and then select one. When Discovery completes successfully, both
the CPE router and the selected DSLAM have the information they will use to build their
point-to-point connection over Ethernet.
Reference:
Cisco Press – BCRAN – 642-821 – Exam Certification Guide 2004 (ISBN 1-58720-084-8)
Page 253
QUESTION 29:
Many Certkiller remote offices use DSL for their connectivity. Which four features
are usually required for an 827 ADSL router to support a home ADSL broadband
Internet connection with multiple end-user PCs? (Choose four)
A. IPSec
B. Bridging (IRB or RBE)
C. PPPoE client
D. PAT
E. DHCP server
F. Static default route
Answer: C, D, E, F

Testinside CCNP 642-825 Questions and Answers : 310 Q&As
Updated: October 16th , 2008
Price: $129.99 $89.99

Free download?pass4sure CCNP 642-825
Free download?testking CCNP 642-825

Download Free Latest Testinside Certification Braindumps

1. Free Testinside Testinside CCSP 642-503
2. Free Testinside testinside ccnp ont 642-845 v4.25
3. Free Testinside testinside ccnp bsci 642-901 v3.2
4. Free Testinside Testinside 642-587
5. Free Testinside Testinside CCNA 640-553
6. Free Testinside testinside ccnp 642-892 v2.95
7. Free Testinside Testinside CCSP 642-524
8. Free Testinside free Testinside Cisco CCNP Exam
9. Free Testinside Testinside CCSP 642-515
10. Free Testinside Testinside CCSP 642-523