642-825 Exam Description
The Implementing Secure Converged Wide Area Networks (ISCW 642-825) is a qualifying exam for the Cisco Certified Network Professional CCNP®. The ISCW 642-825 exam will certify that the successful candidate has important knowledge and skills necessary to secure and expand the reach of an enterprise network to teleworkers and remote sites with focus on securing remote access and VPN client configuration. The exam covers topics on Cisco hierarchical network model as it pertains to the WAN, teleworker configuration and access, frame mode MPLS, site-to-site IPSEC VPN, Cisco EZVPN, strategies used to mitigate network attacks, Cisco device hardening and IOS firewall features.

Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.

For example:

1. Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface. 
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.
Answer: ABD

2. Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.
Answer: B

3. Refer to the exhibit. Which two statements are true about the authentication method used to authenticate users who want privileged access into Router1? (Choose two.) 
A. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the router will attempt to authenticate the user using its local database.
B. All users will be authenticated using the RADIUS server. If the RADIUS server is unavailable, the authentication process stops and no other authentication method is attempted.
C. All users will be authenticated using the RADIUS server. If the user authentication fails, the router will attempt to authenticate the user using its local database.
D. All users will be authenticated using the RADIUS server. If the user authentication fails, the authentication process stops and no other authentication method is attempted.
E. The default login authentication method is applied automatically to all lines including console, auxiliary, TTY, and VTY lines.
Answer: AD

4. Refer to the exhibit. On the basis of the presented information, which configuration was completed on the router CPE? 
A. CPE(config)# ip nat inside source list 101 interface Dialer0 CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
B. CPE(config)# ip nat inside source list 101 interface Dialer0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
C. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
D. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
E. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
F. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
Answer: B

5. Refer to the exhibit. FastEthernet0/0 has been assigned a network address of 200.0.1.2/24 and no ACL has been applied to that interface. Serial0/0/0 has been assigned a network address of 200.0.0.1/30. Assuming that there are no network-related problems, which ping will be successful? 
A. from 200.0.0.1 to 200.0.0.2
B. from 200.0.0.2 to 200.0.0.1
C. from 200.0.0.2 to 200.0.1.1
D. from 200.0.0.2 to 200.0.1.2
E. from 200.0.1.1 to 200.0.0.2
F. from 200.0.1.2 to 200.0.0.2
Answer: A