Which two services define cloud networks?
Which two services define cloud networks? (Choose two.) A. Tenancy as a Service B. Compute as a Service C. Infrastructure as a Service D. Security as a Service E. Platform
In which two situations should you use out-of-band management? (Choose two.) A. when a network device fails to forward packets B. when management applications need concurrent access to the device
In which three ways does the TACACS protocol differ from RADIUS? (Choose three.) A. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted. B. TACACS can encrypt the
According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the
Which two next-generation encryption algorithms does Cisco recommend? (Choose two.) A. AES B. 3DES C. DES D. MD5 E. DH-1024 F. SHA-384 Correct Answer: AF
Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header Correct
Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) A. access lists B. policy maps C. traffic classification D. class maps E. Cisco Express
Which two statements about stateless firewalls are true? (Choose two.) A. The Cisco ASA is implicitly stateless because it blocks all traffic by default. B. They cannot track connections. C.
Which three statements about host-based IPS are true? (Choose three.) A. It can view encrypted files. B. It can have more restrictive policies than network-based IPS. C. It can generate
What three actions are limitations when running IPS in promiscuous mode? (Choose three.) A. request block connection B. request block host C. deny attacker D. modify packet E. deny packet
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading? A. Deny the connection inline. B. Perform a Layer 6 reset. C.
What is an advantage of implementing a Trusted Platform Module for disk encryption? A. It allows the hard disk to be transferred to another device without requiring re-encryption.dis B. It
What is the purpose of the Integrity component of the CIA triad? A. to ensure that only authorized parties can view data B. to create a process for accessing data
Which type of secure connectivity does an extranet provide? A. remote branch offices to your company network B. other company networks to your company network C. your company network to
Which tool can an attacker use to attempt a DDoS attack? A. Trojan horse B. adware C. botnet D. virus Correct Answer: C
What type of security support is provided by the Open Web Application Security Project? A. A Web site security framework. B. Scoring of common vulnerabilities and exposures. C. A security
What type of algorithm uses the same key to encrypt and decrypt data? A. an IP security algorithm B. a Public Key Infrastructure algorithm C. an asymmetric algorithm D. a
How does the Cisco ASA use Active Directory to authorize VPN users? A. It sends the username and password to retrieve an ACCEPT or REJECT message from the Active Directory
Which statement about Cisco ACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses
Which EAP method uses Protected Access Credentials? A. EAP-FAST B. EAP-TLS C. EAP-PEAP D. EAP-GTC Correct Answer: A
What is one requirement for locking a wired or wireless device from ISE? A. The organization must implement an acceptable use policy allowing device locking. B. The user must approve
What VPN feature allows traffic to exit the security appliance through the same interface it entered? A. NAT B. hairpinning C. NAT traversal D. split tunneling Correct Answer: B
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? A. split tunneling B. hairpinning C. tunnel mode D. transparent mode Correct Answer: A
After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command? A. It configures the device to begin transmitting the authentication key to other devices at
What type of packet creates and performs network operations on a network device? A. management plane packets B. services plane packets C. data plane packets D. control plane packets Correct
In what type of attack does an attacker virtually change a device’s burned-in address in an attempt to circumvent access lists and mask the device’s true identity? A. gratuitous ARP
What command can you use to verify the binding table status? A. show ip dhcp source binding B. show ip dhcp pool C. show ip dhcp snooping D. show ip
Which statement about a PVLAN isolated port configured on a switch is true? A. The isolated port can communicate only with other isolated ports. B. The isolated port can communicate
If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack? A. The trunk port would go into
What is a reason for an organization to deploy a personal firewall? A. To protect endpoints such as desktops from malicious activity. B. To protect one virtual network segment from
What is the only permitted operation for processing multicast traffic on zone-based firewalls? A. Only control plane policing can protect the control plane against multicast traffic. B. Stateful inspection of
How does a zone-based firewall implementation handle traffic between interfaces in the same zone? A. Traffic between two interfaces in the same zone is allowed by default. B. Traffic between
Which two statements about Telnet access to the ASA are true? (Choose two). A. You may VPN to the lowest security interface to telnet to an inside interface. B. You
Which statement about communication over failover interfaces is true? A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. B.
For what reason would you configure multiple security contexts on the ASA firewall? A. To enable the use of VRFs on routers that are adjacently connected. B. To separate different
What is an advantage of placing an IPS on the inside of a network? A. It can provide higher throughput. B. It receives traffic that has already been filtered. C.
Which FirePOWER preprocessor engine is used to prevent SYN attacks? A. Inline Normalization B. IP Defragmentation C. Portscan Detection D. Rate-Based Prevention Correct Answer: D
Which Sourcefire logging action should you choose to record the most detail about a connection? A. Enable eStreamer to log events off-box. B. Enable alerts via SNMP to log events
What can the SMTP preprocessor in FirePOWER normalize? A. It can look up the email sender. B. It compares known threats to the email sender. C. It can forward the