web analytics

Which two services define cloud networks?

Which two services define cloud networks? (Choose two.) A. Tenancy as a Service B. Compute as a Service C. Infrastructure as a Service D. Security as a Service E. Platform

Which two situations should you use out-of-band management?

In which two situations should you use out-of-band management? (Choose two.) A. when a network device fails to forward packets B. when management applications need concurrent access to the device

Which three ways does the TACACS protocol differ from RADIUS?

In which three ways does the TACACS protocol differ from RADIUS? (Choose three.) A. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted. B. TACACS can encrypt the

Which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network?

According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the

Which two next-generation encryption algorithms does Cisco recommend?

Which two next-generation encryption algorithms does Cisco recommend? (Choose two.) A. AES B. 3DES C. DES D. MD5 E. DH-1024 F. SHA-384 Correct Answer: AF

Which three ESP fields can be encrypted during transmission?

Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header Correct

What are two default Cisco IOS privilege levels?

What are two default Cisco IOS privilege levels? (Choose two.) A. 0 B. 1 C. 5 D. 7 E. 10 F. 15 Correct Answer: BF

Which two authentication types does OSPF support?

Which two authentication types does OSPF support? (Choose two.) A. MD5 B. HMAC C. AES 256 D. SHA-1 E. plaintext F. DES Correct Answer: AE

Which two features do CoPP and CPPr use to protect the control plane?

Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) A. access lists B. policy maps C. traffic classification D. class maps E. Cisco Express

Which two statements about stateless firewalls are true?

Which two statements about stateless firewalls are true? (Choose two.) A. The Cisco ASA is implicitly stateless because it blocks all traffic by default. B. They cannot track connections. C.

Which three statements about host-based IPS are true?

Which three statements about host-based IPS are true? (Choose three.) A. It can view encrypted files. B. It can have more restrictive policies than network-based IPS. C. It can generate

What three actions are limitations when running IPS in promiscuous mode?

What three actions are limitations when running IPS in promiscuous mode? (Choose three.) A. request block connection B. request block host C. deny attacker D. modify packet E. deny packet

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?

When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading? A. Deny the connection inline. B. Perform a Layer 6 reset. C.

What is an advantage of implementing a Trusted Platform Module for disk encryption?

What is an advantage of implementing a Trusted Platform Module for disk encryption? A. It allows the hard disk to be transferred to another device without requiring re-encryption.dis B. It

What is the purpose of the Integrity component of the CIA triad?

What is the purpose of the Integrity component of the CIA triad? A. to ensure that only authorized parties can view data B. to create a process for accessing data

Which action can you take to address compliance?

In a security context, which action can you take to address compliance? A. Implement rules to prevent a vulnerability. B. Correct or counteract a vulnerability. C. Reduce the severity of

Which type of secure connectivity does an extranet provide?

Which type of secure connectivity does an extranet provide? A. remote branch offices to your company network B. other company networks to your company network C. your company network to

Which tool can an attacker use to attempt a DDoS attack?

Which tool can an attacker use to attempt a DDoS attack? A. Trojan horse B. adware C. botnet D. virus Correct Answer: C

What type of security support is provided by the Open Web Application Security Project?

What type of security support is provided by the Open Web Application Security Project? A. A Web site security framework. B. Scoring of common vulnerabilities and exposures. C. A security

What type of attack was the Stuxnet virus?

What type of attack was the Stuxnet virus? A. social engineering B. cyber warfare C. botnet D. hacktivism Correct Answer: B

What type of algorithm uses the same key to encrypt and decrypt data?

What type of algorithm uses the same key to encrypt and decrypt data? A. an IP security algorithm B. a Public Key Infrastructure algorithm C. an asymmetric algorithm D. a

How does the Cisco ASA use Active Directory to authorize VPN users?

How does the Cisco ASA use Active Directory to authorize VPN users? A. It sends the username and password to retrieve an ACCEPT or REJECT message from the Active Directory

Which statement about Cisco ACS authentication and authorization is true?

Which statement about Cisco ACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses

Which EAP method uses Protected Access Credentials?

Which EAP method uses Protected Access Credentials? A. EAP-FAST B. EAP-TLS C. EAP-PEAP D. EAP-GTC Correct Answer: A

What is one requirement for locking a wired or wireless device from ISE?

What is one requirement for locking a wired or wireless device from ISE? A. The organization must implement an acceptable use policy allowing device locking. B. The user must approve

What VPN feature allows traffic to exit the security appliance through the same interface it entered?

What VPN feature allows traffic to exit the security appliance through the same interface it entered? A. NAT B. hairpinning C. NAT traversal D. split tunneling Correct Answer: B

What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection?

What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? A. split tunneling B. hairpinning C. tunnel mode D. transparent mode Correct Answer: A

What reason could the image file fail to appear in the dir output?

After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file

What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?

What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command? A. It configures the device to begin transmitting the authentication key to other devices at

What type of packet creates and performs network operations on a network device?

What type of packet creates and performs network operations on a network device? A. management plane packets B. services plane packets C. data plane packets D. control plane packets Correct

What is a possible result of this activity?

An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity? A. The switch could offer fake DHCP addresses. B.

What type of attack does an attacker virtually change a device’s burned-in address in an attempt to circumvent access lists and mask the device’s true identity?

In what type of attack does an attacker virtually change a device’s burned-in address in an attempt to circumvent access lists and mask the device’s true identity? A. gratuitous ARP

What command can you use to verify the binding table status?

What command can you use to verify the binding table status? A. show ip dhcp source binding B. show ip dhcp pool C. show ip dhcp snooping D. show ip

What mechanism must be in use?

If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? A. loop guard B. root guard C. EtherChannel guard D.

Which statement about a PVLAN isolated port configured on a switch is true?

Which statement about a PVLAN isolated port configured on a switch is true? A. The isolated port can communicate only with other isolated ports. B. The isolated port can communicate

What happens if an attacker attempts a double-tagging attack?

If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack? A. The trunk port would go into

What is a reason for an organization to deploy a personal firewall?

What is a reason for an organization to deploy a personal firewall? A. To protect endpoints such as desktops from malicious activity. B. To protect one virtual network segment from

Which statement about personal firewalls is true?

Which statement about personal firewalls is true? A. They are resilient against kernel attacks. B. They can protect a system by denying probing requests. C. They can protect email messages

What is the only permitted operation for processing multicast traffic on zone-based firewalls?

What is the only permitted operation for processing multicast traffic on zone-based firewalls? A. Only control plane policing can protect the control plane against multicast traffic. B. Stateful inspection of

How does a zone-based firewall implementation handle traffic between interfaces in the same zone?

How does a zone-based firewall implementation handle traffic between interfaces in the same zone? A. Traffic between two interfaces in the same zone is allowed by default. B. Traffic between

Which two statements about Telnet access to the ASA are true?

Which two statements about Telnet access to the ASA are true? (Choose two). A. You may VPN to the lowest security interface to telnet to an inside interface. B. You

Which statement about communication over failover interfaces is true?

Which statement about communication over failover interfaces is true? A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. B.

How does the ASA handle the packet?

If a packet matches more than one class map in an individual feature type’s policy map, how does the ASA handle the packet? A. The ASA will apply the actions

What reason would you configure multiple security contexts on the ASA firewall?

For what reason would you configure multiple security contexts on the ASA firewall? A. To enable the use of VRFs on routers that are adjacently connected. B. To separate different

What is an advantage of placing an IPS on the inside of a network?

What is an advantage of placing an IPS on the inside of a network? A. It can provide higher throughput. B. It receives traffic that has already been filtered. C.

What is the FirePOWER impact flag used for?

What is the FirePOWER impact flag used for? A. A value that measures the application awareness. B. A value that the administrator assigns to each signature. C. A value that

Which FirePOWER preprocessor engine is used to prevent SYN attacks?

Which FirePOWER preprocessor engine is used to prevent SYN attacks? A. Inline Normalization B. IP Defragmentation C. Portscan Detection D. Rate-Based Prevention Correct Answer: D

Which Sourcefire logging action should you choose to record the most detail about a connection?

Which Sourcefire logging action should you choose to record the most detail about a connection? A. Enable eStreamer to log events off-box. B. Enable alerts via SNMP to log events

What can the SMTP preprocessor in FirePOWER normalize?

What can the SMTP preprocessor in FirePOWER normalize? A. It can look up the email sender. B. It compares known threats to the email sender. C. It can forward the

What two solutions can you use?

You want to allow all of your company’s users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can