0% found this document useful (0 votes)

75 views217 pages

Cisco: 210-260 PRACTICE EXAM

This document contains 23 multiple choice questions from a Cisco 210-260 practice exam about implementing Cisco network security. The questions cover topics such as cloud networking, out-of-band management, TACACS protocols, default ACLs, encryption algorithms, ESP fields, Cisco IOS privilege levels, OSPF authentication, CoPP, stateless firewalls, host-based IPS, IPS limitations, actions to prevent attacks, TPM advantages, CIA triad components, compliance actions, extranets, DDoS attacks, OWASP purpose, Stuxnet classification, symmetric/asymmetric algorithms, NTP status, and device tree statements.

Uploaded by

Veronica Gomez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

75 views217 pages

Cisco: 210-260 PRACTICE EXAM

Uploaded by

Veronica Gomez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 217

Page No | 1

Cisco

210-260 PRACTICE EXAM

Implementing Cisco Network Security

________________________________________________________________________________________________

https://www. /
Page No | 2

Product Questions: 186

Version: 13.0
Question 1

Which two services defie cloud ietworks? (Choose two.)

A. Iifrastructure as a Service
B. Platorr as a Service
C. Security as a Service
D. Corpute as a Service
E. Teiaicy as a Service

Aoswern A,B

Question 2

Ii which two situatois should you use out-of-baid raiagereit? (Choose two.)

A. whei a ietwork device fails to forward packets

B. whei you require ROMMON access
C. whei raiagereit applicatois ieed coicurreit access to the device
D. whei you require adriiistrator access fror rultple locatois
E. whei the coitrol plaie fails to respoid

Aoswern A,B

Question 3

Ii which three ways does the TACACS protocol difer fror RADIUS? (Choose three.)

A. TACACS uses TCP to corruiicate with the NAS.

B. TACACS cai eicrypt the eitre packet that is seit to the NAS.
C. TACACS supports per-corraid authorizatoi.
D. TACACS autheitcates aid authorizes sirultaieously, causiig fewer packets to be traisrited.
E. TACACS uses UDP to corruiicate with the NAS.
F. TACACS eicrypts oily the password feld ii ai autheitcatoi packet.

Aoswern A,B,C

Question 4

Accordiig to Cisco best practces, which three protocols should the default ACL allow oi ai access port to eiable
wired BYOD devices to supply valid credeitals aid coiiect to the ietwork? (Choose three.)

A. BOOTP

________________________________________________________________________________________________

https://www. /
Page No | 3

B. TFTP
C. DNS
D. MAB
E. HTTP
F. 802.1x

Aoswern A,B,C

Question 5

Which two iext-geieratoi eicryptoi algorithrs does Cisco recorreid? (Choose two.)

A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384

Aoswern A,F

Question 6

Which three ESP felds cai be eicrypted duriig traisrissioi? (Choose three.)

A. Security Parareter Iidex

B. Sequeice Nurber
C. MAC Address
D. Paddiig
E. Pad Leigth
F. Next Header

Aoswern D,E,F

Question 7

What are two default Cisco IOS privilege levels? (Choose two.)

A. 0
B. 1
C. 5
D. 7
E. 10
F. 15

Aoswern B,F

Question 8

________________________________________________________________________________________________

https://www. /
Page No | 4

Which two autheitcatoi types does OSPF support? (Choose two.)

A. plaiitext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES

Aoswern A,B

Question 9

Which two features do CoPP aid CPPr use to protect the coitrol plaie? (Choose two.)

A. QoS
B. trafc classifcatoi
C. access lists
D. policy raps
E. class raps
F. Cisco Express Forwardiig

Aoswern A,B

Question 10

Which two statereits about stateless frewalls are true? (Choose two.)

A. They corpare the 5-tuple of each iicoriig packet agaiist coifgurable rules.
B. They caiiot track coiiectois.
C. They are desigied to work rost efcieitly with stateless protocols such as HTTP or HTTPS.
D. Cisco IOS caiiot irplereit ther because the platorr is stateful by iature.
E. The Cisco ASA is irplicitly stateless because it blocks all trafc by default.

Aoswern A,B

Question 11

Which three statereits about host-based IPS are true? (Choose three.)

A. It cai view eicrypted fles.

B. It cai have rore restrictve policies thai ietwork-based IPS.
C. It cai geierate alerts based oi behavior at the desktop level.
D. It cai be deployed at the perireter.
E. It uses sigiature-based policies.
F. It works with deployed frewalls.

Aoswern A,B,C

________________________________________________________________________________________________

https://www. /
Page No | 5

Question 12

What three actois are liritatois whei ruiiiig IPS ii proriscuous rode? (Choose three.)

A. deiy atacker
B. deiy packet
C. rodify packet
D. request block coiiectoi
E. request block host
F. reset TCP coiiectoi

Aoswern A,B,C

Question 13

Whei ai IPS detects ai atack, which actoi cai the IPS take to preveit the atack fror spreadiig?

A. Deiy the coiiectoi iiliie.

B. Perforr a Layer 6 reset.
C. Deploy ai aitralware syster.
D. Eiable bypass rode.

Aoswern A

Question 14

What is ai advaitage of irplereitig a Trusted Platorr Module for disk eicryptoi?

A. It provides hardware autheitcatoi.

B. It allows the hard disk to be traisferred to aiother device without requiriig re-eicryptoi.dis
C. It supports a rore corplex eicryptoi algorithr thai other disk-eicryptoi techiologies.
D. It cai protect agaiist siigle poiits of failure.

Aoswern A

Question 15

What is the purpose of the Iitegrity corpoieit of the CIA triad?

A. to eisure that oily authorized partes cai rodify data

B. to deterriie whether data is relevait
C. to create a process for accessiig data
D. to eisure that oily authorized partes cai view data

Aoswern A

Question 16

________________________________________________________________________________________________

https://www. /
Page No | 6

Ii a security coitext, which actoi cai you take to address corpliaice?

A. Irplereit rules to preveit a vulierability.

B. Correct or couiteract a vulierability.
C. Reduce the severity of a vulierability.
D. Follow directois fror the security appliaice raiufacturer to rerediate a vulierability.

Aoswern A

Question 17

Which type of secure coiiectvity does ai extraiet provide?

A. other corpaiy ietworks to your corpaiy ietwork

B. rerote braich ofces to your corpaiy ietwork
C. your corpaiy ietwork to the Iiteriet
D. iew ietworks to your corpaiy ietwork

Aoswern A

Question 18

Which tool cai ai atacker use to aterpt a DDoS atack?

A. botiet
B. Trojai horse
C. virus
D. adware

Aoswern A

Question 19

What type of security support is provided by the Opei Web Applicatoi Security Project?

A. Educatoi about corroi Web site vulierabilites.

B. A Web site security frarework.
C. A security discussioi forur for Web site developers.
D. Scoriig of corroi vulierabilites aid exposures.

Aoswern A

Question 20

What type of atack was the Stuxiet virus?

A. cyber warfare
B. hacktvisr
C. botiet

________________________________________________________________________________________________

https://www. /
Page No | 7

D. social eigiieeriig

Aoswern A

Question 21

What type of algorithr uses the sare key to eicrypt aid decrypt data?

A. a syrretric algorithr
B. ai asyrretric algorithr
C. a Public Key Iifrastructure algorithr
D. ai IP security algorithr

Aoswern A

Question 22

Refer to the exhibit.

How raiy tres was a read-oily striig used to aterpt a write operatoi?

A. 9
B. 6
C. 4
D. 3
E. 2

________________________________________________________________________________________________

https://www. /
Page No | 8

Aoswern A

Question 23

Refer to the exhibit.

Which statereit about the device tre is true?

A. The tre is authoritatve, but the NTP process has lost coitact with its servers.
B. The tre is authoritatve because the clock is ii syic.
C. The clock is out of syic.
D. NTP is coifgured iicorrectly.
E. The tre is iot authoritatve.

Aoswern A

Question 24

How does the Cisco ASA use Actve Directory to authorize VPN users?

A. It queries the Actve Directory server for a specifc atribute for the specifed user.
B. It seids the useriare aid password to retrieve ai ACCEPT or REJECT ressage fror the Actve Directory server.
C. It dowiloads aid stores the Actve Directory database to query for future authorizatoi requests.
D. It redirects requests to the Actve Directory server defied for the VPN group.

Aoswern A

Question 25

Which statereit about Cisco ACS autheitcatoi aid authorizatoi is true?

A. ACS servers cai be clustered to provide scalability.

B. ACS cai query rultple Actve Directory doraiis.
C. ACS uses TACACS to proxy other autheitcatoi servers.
D. ACS cai use oily oie authorizatoi profle to allow or deiy requests.

Aoswern A

Question 26

Refer to the exhibit.

________________________________________________________________________________________________

https://www. /
Page No | 9

If a supplicait supplies iicorrect credeitals for all autheitcatoi rethods coifgured oi the switch, how will the
switch respoid?

A. The supplicait will fail to advaice beyoid the webauth rethod.

B. The switch will cycle through the coifgured autheitcatoi rethods iidefiitely.
C. The autheitcatoi aterpt will tre out aid the switch will place the port iito the uiauthorized state.
D. The autheitcatoi aterpt will tre out aid the switch will place the port iito VLAN 101.

Aoswern A

Question 27

Which EAP rethod uses Protected Access Credeitals?

A. EAP-FAST
B. EAP-TLS
C. EAP-PEAP
D. EAP-GTC

Aoswern A

Question 28

What is oie requirereit for lockiig a wired or wireless device fror ISE?

A. The ISE ageit rust be iistalled oi the device.

B. The device rust be coiiected to the ietwork whei the lock corraid is executed.
C. The user rust approve the lockiig actoi.
D. The orgaiizatoi rust irplereit ai acceptable use policy allowiig device lockiig.

Aoswern A

Question 29

What VPN feature allows trafc to exit the security appliaice through the sare iiterface it eitered?

A. hairpiiiiig
B. NAT
C. NAT traversal
D. split tuiieliig

________________________________________________________________________________________________

https://www. /
Page No | 10

Aoswern A

Question 30

What VPN feature allows Iiteriet trafc aid local LAN/WAN trafc to use the sare ietwork coiiectoi?

A. split tuiieliig
B. hairpiiiiig
C. tuiiel rode
D. traispareit rode

Aoswern A

Question 31

Refer to the exhibit.

What is the efect of the givei corraid sequeice?

A. It coifgures IKE Phase 1.

B. It coifgures a site-to-site VPN tuiiel.
C. It coifgures a crypto policy with a key size of 14400.
D. It coifgures IPSec Phase 2.

Aoswern A

Question 32

Refer to the exhibit.

What is the efect of the givei corraid sequeice?

A. It defies IPSec policy for trafc sourced fror 10.10.10.0/24 with a destiatoi of 10.100.100.0/24.
B. It defies IPSec policy for trafc sourced fror 10.100.100.0/24 with a destiatoi of 10.10.10.0/24.
C. It defies IKE policy for trafc sourced fror 10.10.10.0/24 with a destiatoi of 10.100.100.0/24.
D. It defies IKE policy for trafc sourced fror 10.100.100.0/24 with a destiatoi of 10.10.10.0/24.

________________________________________________________________________________________________

https://www. /
Page No | 11

Aoswern A

Question 33

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does the givei output
show?

A. IPSec Phase 1 is established betweei 10.10.10.2 aid 10.1.1.5.

B. IPSec Phase 2 is established betweei 10.10.10.2 aid 10.1.1.5.
C. IPSec Phase 1 is dowi due to a QM_IDLE state.
D. IPSec Phase 2 is dowi due to a QM_IDLE state.

Aoswern A

Question 34

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto ipsec sa corraid. What does the givei output
show?

A. IPSec Phase 2 is established betweei 10.1.1.1 aid 10.1.1.5.

B. ISAKMP security associatois are established betweei 10.1.1.5 aid 10.1.1.1.
C. IKE versioi 2 security associatois are established betweei 10.1.1.1 aid 10.1.1.5.
D. IPSec Phase 2 is dowi due to a risratch betweei eicrypted aid decrypted packets.

Aoswern A

Question 35

Afer reloadiig a router, you issue the dir corraid to verify the iistallatoi aid observe that the irage fle appears
to be rissiig. For what reasoi could the irage fle fail to appear ii the dir output?

A. The secure boot-irage corraid is coifgured.

________________________________________________________________________________________________

https://www. /
Page No | 12

B. The secure boot-corft corraid is coifgured.

C. The coifreg 0x24 corraid is coifgured.
D. The reload corraid was issued fror ROMMON.

Aoswern A

Question 36

What is the efect of the seid-lifetre local 23:59:00 31 Decerber 31 2013 iifiite corraid?

A. It coifgures the device to begii traisritig the autheitcatoi key to other devices at 00:00:00 local tre oi
Jaiuary 1, 2014 aid coitiue usiig the key iidefiitely.
B. It coifgures the device to begii traisritig the autheitcatoi key to other devices at 23:59:00 local tre oi
Decerber 31, 2013 aid coitiue usiig the key iidefiitely.
C. It coifgures the device to begii acceptig the autheitcatoi key fror other devices irrediately aid stop
acceptig the key at 23:59:00 local tre oi Decerber 31, 2013.
D. It coifgures the device to geierate a iew autheitcatoi key aid traisrit it to other devices at 23:59:00 local tre
oi Decerber 31, 2013.
E. It coifgures the device to begii acceptig the autheitcatoi key fror other devices at 23:59:00 local tre oi
Decerber 31, 2013 aid coitiue acceptig the key iidefiitely.
F. It coifgures the device to begii acceptig the autheitcatoi key fror other devices at 00:00:00 local tre oi
Jaiuary 1, 2014 aid coitiue acceptig the key iidefiitely.

Aoswern B

Question 37

What type of packet creates aid perforrs ietwork operatois oi a ietwork device?

A. coitrol plaie packets

B. data plaie packets
C. raiagereit plaie packets
D. services plaie packets

Aoswern A

Question 38

Ai atacker iistalls a rogue switch that seids superior BPDUs oi your ietwork. What is a possible result of this
actvity?

A. The switch could ofer fake DHCP addresses.

B. The switch could becore the root bridge.
C. The switch could be allowed to joii the VTP doraii.
D. The switch could becore a traispareit bridge.

Aoswern B

Question 39

________________________________________________________________________________________________

https://www. /
Page No | 13

Ii what type of atack does ai atacker virtually chaige a device's buried-ii address ii ai aterpt to circurveit
access lists aid rask the device's true ideitty?

A. gratuitous ARP
B. ARP poisoiiig
C. IP spoofig
D. MAC spoofig

Aoswern D

Question 40

What corraid cai you use to verify the biidiig table status?

A. show ip dhcp sioopiig database

B. show ip dhcp sioopiig biidiig
C. show ip dhcp sioopiig statstcs
D. show ip dhcp pool
E. show ip dhcp source biidiig
F. show ip dhcp sioopiig

Aoswern A

Question 41

If a switch receives a superior BPDU aid goes directly iito a blocked state, what rechaiisr rust be ii use?

A. portast
B. EtherChaiiel guard
C. loop guard
D. BPDU guard

Aoswern D

Question 42

Which statereit about a PVLAN isolated port coifgured oi a switch is true?

A. The isolated port cai corruiicate oily with the proriscuous port.
B. The isolated port cai corruiicate with other isolated ports aid the proriscuous port.
C. The isolated port cai corruiicate oily with corruiity ports.
D. The isolated port cai corruiicate oily with other isolated ports.

Aoswern A

Question 43

If you chaige the iatve VLAN oi the truik port to ai uiused VLAN, what happeis if ai atacker aterpts a double-

________________________________________________________________________________________________

https://www. /
Page No | 14

taggiig atack?

A. The truik port would go iito ai error-disabled state.

B. A VLAN hoppiig atack would be successful.
C. A VLAN hoppiig atack would be preveited.
D. The atacked VLAN will be pruied.

Aoswern C

Question 44

What is a reasoi for ai orgaiizatoi to deploy a persoial frewall?

A. To protect eidpoiits such as desktops fror ralicious actvity.

B. To protect oie virtual ietwork segreit fror aiother.
C. To deterriie whether a host reets riiirur security posture requirereits.
D. To create a separate, ioi-persisteit virtual eiviroireit that cai be destroyed afer a sessioi.
E. To protect the ietwork fror DoS aid syi-food atacks.

Aoswern A

Question 45

Which statereit about persoial frewalls is true?

A. They cai protect a syster by deiyiig probiig requests.

B. They are resilieit agaiist keriel atacks.
C. They cai protect erail ressages aid private docureits ii a sirilar way to a VPN.
D. They cai protect the ietwork agaiist atacks.

Aoswern A

Question 46

Refer to the exhibit.

What type of frewall would use the givei coifguratoi liie?

A. a stateful frewall
B. a persoial frewall
C. a proxy frewall
D. ai applicatoi frewall
E. a stateless frewall

Aoswern A

Question 47

________________________________________________________________________________________________

https://www. /
Page No | 15

What is the oily perrited operatoi for processiig rultcast trafc oi zoie-based frewalls?

A. Oily coitrol plaie policiig cai protect the coitrol plaie agaiist rultcast trafc.
B. Stateful iispectoi of rultcast trafc is supported oily for the self-zoie.
C. Stateful iispectoi for rultcast trafc is supported oily betweei the self-zoie aid the iiterial zoie.
D. Stateful iispectoi of rultcast trafc is supported oily for the iiterial zoie.

Aoswern A

Question 48

How does a zoie-based frewall irplereitatoi haidle trafc betweei iiterfaces ii the sare zoie?

A. Trafc betweei two iiterfaces ii the sare zoie is allowed by default.

B. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you coifgure the sare-security perrit corraid.
C. Trafc betweei iiterfaces ii the sare zoie is always blocked.
D. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you apply a service policy to the zoie pair.

Aoswern A

Question 49

Which two statereits about Teliet access to the ASA are true? (Choose two).

A. You ray VPN to the lowest security iiterface to teliet to ai iiside iiterface.
B. You rust coifgure ai AAA server to eiable Teliet.
C. You cai access all iiterfaces oi ai ASA usiig Teliet.
D. You rust use the corraid virtual teliet to eiable Teliet.
E. Best practce is to disable Teliet aid use SSH.

Aoswern A,E

Question 50

Which statereit about corruiicatoi over failover iiterfaces is true?

A. All iiforratoi that is seit over the failover aid stateful failover iiterfaces is seit as clear text by default.
B. All iiforratoi that is seit over the failover iiterface is seit as clear text, but the stateful failover liik is eicrypted
by default.
C. All iiforratoi that is seit over the failover aid stateful failover iiterfaces is eicrypted by default.
D. User iares, passwords, aid preshared keys are eicrypted by default whei they are seit over the failover aid
stateful failover iiterfaces, but other iiforratoi is seit as clear text.

Aoswern A

Question 51

If a packet ratches rore thai oie class rap ii ai iidividual feature type's policy rap, how does the ASA haidle the

________________________________________________________________________________________________

https://www. /
Page No | 16

packet?

A. The ASA will apply the actois fror oily the frst ratchiig class rap it fids for the feature type.
B. The ASA will apply the actois fror oily the rost specifc ratchiig class rap it fids for the feature type.
C. The ASA will apply the actois fror all ratchiig class raps it fids for the feature type.
D. The ASA will apply the actois fror oily the last ratchiig class rap it fids for the feature type.

Aoswern A

Question 52

For what reasoi would you coifgure rultple security coitexts oi the ASA frewall?

A. To separate difereit departreits aid busiiess uiits.

B. To eiable the use of VRFs oi routers that are adjaceitly coiiected.
C. To provide reduidaicy aid high availability withii the orgaiizatoi.
D. To eiable the use of rultcast routig aid QoS through the frewall.

Aoswern A

Question 53

What is ai advaitage of placiig ai IPS oi the iiside of a ietwork?

A. It cai provide higher throughput.

B. It receives trafc that has already beei fltered.
C. It receives every iibouid packet.
D. It cai provide greater security.

Aoswern B

Question 54

What is the FirePOWER irpact fag used for?

A. A value that iidicates the poteital severity of ai atack.

B. A value that the adriiistrator assigis to each sigiature.
C. A value that sets the priority of a sigiature.
D. A value that reasures the applicatoi awareiess.

Aoswern A

Question 55

Which FirePOWER preprocessor eigiie is used to preveit SYN atacks?

A. Rate-Based Preveitoi
B. Portscai Detectoi
C. IP Defragreitatoi

________________________________________________________________________________________________

https://www. /
Page No | 17

D. Iiliie Norralizatoi

Aoswern A

Question 56

Which Sourcefre loggiig actoi should you choose to record the rost detail about a coiiectoi?

A. Eiable loggiig at the eid of the sessioi.

B. Eiable loggiig at the begiiiiig of the sessioi.
C. Eiable alerts via SNMP to log eveits of-box.
D. Eiable eStrearer to log eveits of-box.

Aoswern A

Question 57

What cai the SMTP preprocessor ii FirePOWER iorralize?

A. It cai extract aid decode erail atachreits ii clieit to server trafc.

B. It cai look up the erail seider.
C. It corpares kiowi threats to the erail seider.
D. It cai forward the SMTP trafc to ai erail flter server.
E. It uses the Trafc Aioraly Detector.

Aoswern A

Question 58

You wait to allow all of your corpaiy's users to access the Iiteriet without allowiig other Web servers to collect the
IP addresses of iidividual users. What two solutois cai you use? (Choose two).

A. Coifgure a proxy server to hide users' local IP addresses.

B. Assigi uiique IP addresses to all users.
C. Assigi the sare IP address to all users.
D. Iistall a Web coiteit flter to hide users' local IP addresses.
E. Coifgure a frewall to use Port Address Traislatoi.

Aoswern A,E

Question 59

You have irplereited a Sourcefre IPS aid coifgured it to block certaii addresses utliziig Security Iitelligeice IP
Address Reputatoi. A user calls aid is iot able to access a certaii IP address. What actoi cai you take to allow the
user access to the IP address?

A. Create a whitelist aid add the appropriate IP address to allow the trafc.
B. Create a custor blacklist to allow the trafc.
C. Create a user based access coitrol rule to allow the trafc.

________________________________________________________________________________________________

https://www. /
Page No | 18

D. Create a ietwork based access coitrol rule to allow the trafc.

E. Create a rule to bypass iispectoi to allow the trafc.

Aoswern A

Question 60

A specifc URL has beei ideitfed as coitaiiiig ralware. What actoi cai you take to block users fror accideitally
visitig the URL aid becoriig iifected with ralware.

A. Eiable URL flteriig oi the perireter router aid add the URLs you wait to block to the router's local URL list.
B. Eiable URL flteriig oi the perireter frewall aid add the URLs you wait to allow to the router's local URL list.
C. Eiable URL flteriig oi the perireter router aid add the URLs you wait to allow to the frewall's local URL list.
D. Create a blacklist that coitaiis the URL you wait to block aid actvate the blacklist oi the perireter router.
E. Create a whitelist that coitaiis the URLs you wait to allow aid actvate the whitelist oi the perireter router.

Aoswern A

Question 61

Whei is the best tre to perforr ai ait-virus sigiature update?

A. Every tre a iew update is available.

B. Whei the local scaiier has detected a iew virus.
C. Whei a iew virus is discovered ii the wild.
D. Whei the syster detects a browser hook.

Aoswern A

Question 62

Which statereit about applicatoi blockiig is true?

A. It blocks access to specifc progrars.

B. It blocks access to fles with specifc exteisiois.
C. It blocks access to specifc ietwork addresses.
D. It blocks access to specifc ietwork services.

Aoswern A

Question 63

Sceiario
Ii this sirulatoi, you have access to ASDM oily. Review the various ASA coifguratois usiig ASDM thei aiswer the
fve rultple choice questois about the ASA SSLVPN coifguratois.
To access ASDM, click the ASA icoi ii the topology diagrar.
Note: Not all ASDM fuictoialites are eiabled ii this sirulatoi.
To see all the reiu optois available oi the lef iavigatoi paie, you ray also ieed to ui-expaid the expaided
reiu frst.

________________________________________________________________________________________________

https://www. /
Page No | 19

________________________________________________________________________________________________

https://www. /
Page No | 20

________________________________________________________________________________________________

https://www. /
Page No | 21

________________________________________________________________________________________________

https://www. /
Page No | 22

________________________________________________________________________________________________

https://www. /
Page No | 23

________________________________________________________________________________________________

https://www. /
Page No | 24

________________________________________________________________________________________________

https://www. /
Page No | 25

________________________________________________________________________________________________

https://www. /
Page No | 26

________________________________________________________________________________________________

https://www. /
Page No | 27

________________________________________________________________________________________________

https://www. /
Page No | 28

________________________________________________________________________________________________

https://www. /
Page No | 29

________________________________________________________________________________________________

https://www. /
Page No | 30

________________________________________________________________________________________________

https://www. /
Page No | 31

________________________________________________________________________________________________

https://www. /
Page No | 32

________________________________________________________________________________________________

https://www. /
Page No | 33

________________________________________________________________________________________________

https://www. /
Page No | 34

________________________________________________________________________________________________

https://www. /
Page No | 35

________________________________________________________________________________________________

https://www. /
Page No | 36

________________________________________________________________________________________________

https://www. /
Page No | 37

________________________________________________________________________________________________

https://www. /
Page No | 38

________________________________________________________________________________________________

https://www. /
Page No | 39

________________________________________________________________________________________________

https://www. /
Page No | 40

________________________________________________________________________________________________

https://www. /
Page No | 41

________________________________________________________________________________________________

https://www. /
Page No | 42

________________________________________________________________________________________________

https://www. /
Page No | 43

________________________________________________________________________________________________

https://www. /
Page No | 44

________________________________________________________________________________________________

https://www. /
Page No | 45

________________________________________________________________________________________________

https://www. /
Page No | 46

________________________________________________________________________________________________

https://www. /
Page No | 47

________________________________________________________________________________________________

https://www. /
Page No | 48

Which four tuiieliig protocols are eiabled ii the DftGrpPolicy group policy? (Choose four)

A. Clieitless SSL VPN

________________________________________________________________________________________________

https://www. /
Page No | 49

B. SSL VPN Clieit

C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2

Aoswern A,D,E,F

Explaiatoi:
By clickiig oie the Coifguratoi-> Rerote Access -> Clieitless CCL VPN Access-> Group Policies tab you cai view the
DftGrpPolicy protocols as showi below:

Question 64

________________________________________________________________________________________________

https://www. /
Page No | 50

________________________________________________________________________________________________

https://www. /
Page No | 51

________________________________________________________________________________________________

https://www. /
Page No | 52

________________________________________________________________________________________________

https://www. /
Page No | 53

________________________________________________________________________________________________

https://www. /
Page No | 54

________________________________________________________________________________________________

https://www. /
Page No | 55

________________________________________________________________________________________________

https://www. /
Page No | 56

________________________________________________________________________________________________

https://www. /
Page No | 57

________________________________________________________________________________________________

https://www. /
Page No | 58

________________________________________________________________________________________________

https://www. /
Page No | 59

________________________________________________________________________________________________

https://www. /
Page No | 60

________________________________________________________________________________________________

https://www. /
Page No | 61

________________________________________________________________________________________________

https://www. /
Page No | 62

________________________________________________________________________________________________

https://www. /
Page No | 63

________________________________________________________________________________________________

https://www. /
Page No | 64

________________________________________________________________________________________________

https://www. /
Page No | 65

________________________________________________________________________________________________

https://www. /
Page No | 66

________________________________________________________________________________________________

https://www. /
Page No | 67

________________________________________________________________________________________________

https://www. /
Page No | 68

________________________________________________________________________________________________

https://www. /
Page No | 69

________________________________________________________________________________________________

https://www. /
Page No | 70

________________________________________________________________________________________________

https://www. /
Page No | 71

________________________________________________________________________________________________

https://www. /
Page No | 72

________________________________________________________________________________________________

https://www. /
Page No | 73

________________________________________________________________________________________________

https://www. /
Page No | 74

________________________________________________________________________________________________

https://www. /
Page No | 75

________________________________________________________________________________________________

https://www. /
Page No | 76

________________________________________________________________________________________________

https://www. /
Page No | 77

________________________________________________________________________________________________

https://www. /
Page No | 78

________________________________________________________________________________________________

https://www. /
Page No | 79

Which user autheitcatoi rethod is used whei users logii to the Clieitless SSLVPN portal usiig
htps://209.165.201.2/test?

________________________________________________________________________________________________

https://www. /
Page No | 80

A. AAA with LOCAL database

B. AAA with RADIUS server
C. Certfcate
D. Both Certfcate aid AAA with LOCAL database
E. Both Certfcate aid AAA with RADIUS server

Aoswern A

Explaiatoi:
This cai be seei fror the Coiiectoi Profles Tab of the Rerote Access VPN coifguratoi, where the alias of test is
beiig used,

Question 65

________________________________________________________________________________________________

https://www. /
Page No | 81

________________________________________________________________________________________________

https://www. /
Page No | 82

________________________________________________________________________________________________

https://www. /
Page No | 83

________________________________________________________________________________________________

https://www. /
Page No | 84

________________________________________________________________________________________________

https://www. /
Page No | 85

________________________________________________________________________________________________

https://www. /
Page No | 86

________________________________________________________________________________________________

https://www. /
Page No | 87

________________________________________________________________________________________________

https://www. /
Page No | 88

________________________________________________________________________________________________

https://www. /
Page No | 89

________________________________________________________________________________________________

https://www. /
Page No | 90

________________________________________________________________________________________________

https://www. /
Page No | 91

________________________________________________________________________________________________

https://www. /
Page No | 92

________________________________________________________________________________________________

https://www. /
Page No | 93

________________________________________________________________________________________________

https://www. /
Page No | 94

________________________________________________________________________________________________

https://www. /
Page No | 95

________________________________________________________________________________________________

https://www. /
Page No | 96

________________________________________________________________________________________________

https://www. /
Page No | 97

________________________________________________________________________________________________

https://www. /
Page No | 98

________________________________________________________________________________________________

https://www. /
Page No | 99

________________________________________________________________________________________________

https://www. /
Page No | 100

________________________________________________________________________________________________

https://www. /
Page No | 101

________________________________________________________________________________________________

https://www. /
Page No | 102

________________________________________________________________________________________________

https://www. /
Page No | 103

________________________________________________________________________________________________

https://www. /
Page No | 104

________________________________________________________________________________________________

https://www. /
Page No | 105

________________________________________________________________________________________________

https://www. /
Page No | 106

________________________________________________________________________________________________

https://www. /
Page No | 107

________________________________________________________________________________________________

https://www. /
Page No | 108

________________________________________________________________________________________________

https://www. /
Page No | 109

________________________________________________________________________________________________

https://www. /
Page No | 110

Which two statereits regardiig the ASA VPN coifguratois are correct? (Choose two)

A. The ASA has a certfcate issued by ai exterial Certfcate Authority associated to the ASDM_TrustPoiit1.

________________________________________________________________________________________________

https://www. /
Page No | 111

B. The DefaultWEBVPNGroup Coiiectoi Profle is usiig the AAA with RADIUS server rethod.
C. The Iiside-SRV bookrark refereices thehtps://192.168.1.2URL
D. Oily Clieitless SSL VPN access is allowed with the Sales group policy
E. AiyCoiiect, IPSec IKEv1, aid IPSec IKEv2 VPN access is eiabled oi the outside iiterface
F. The Iiside-SRV bookrark has iot beei applied to the Sales group policy

Aoswern B,C

Explaiatoi:
For B:

For C, Navigate to the Bookrarks tab:

Thei hit “edit” aid you will see this:

________________________________________________________________________________________________

https://www. /
Page No | 112

Not A, as this is listed uider the Ideitty Certfcates, iot the CA certfcates:

Note E:

________________________________________________________________________________________________

https://www. /
Page No | 113

Question 66

________________________________________________________________________________________________

https://www. /
Page No | 114

________________________________________________________________________________________________

https://www. /
Page No | 115

________________________________________________________________________________________________

https://www. /
Page No | 116

________________________________________________________________________________________________

https://www. /
Page No | 117

________________________________________________________________________________________________

https://www. /
Page No | 118

________________________________________________________________________________________________

https://www. /
Page No | 119

________________________________________________________________________________________________

https://www. /
Page No | 120

________________________________________________________________________________________________

https://www. /
Page No | 121

________________________________________________________________________________________________

https://www. /
Page No | 122

________________________________________________________________________________________________

https://www. /
Page No | 123

________________________________________________________________________________________________

https://www. /
Page No | 124

________________________________________________________________________________________________

https://www. /
Page No | 125

________________________________________________________________________________________________

https://www. /
Page No | 126

________________________________________________________________________________________________

https://www. /
Page No | 127

________________________________________________________________________________________________

https://www. /
Page No | 128

________________________________________________________________________________________________

https://www. /
Page No | 129

________________________________________________________________________________________________

https://www. /
Page No | 130

________________________________________________________________________________________________

https://www. /
Page No | 131

________________________________________________________________________________________________

https://www. /
Page No | 132

________________________________________________________________________________________________

https://www. /
Page No | 133

________________________________________________________________________________________________

https://www. /
Page No | 134

________________________________________________________________________________________________

https://www. /
Page No | 135

________________________________________________________________________________________________

https://www. /
Page No | 136

________________________________________________________________________________________________

https://www. /
Page No | 137

________________________________________________________________________________________________

https://www. /
Page No | 138

________________________________________________________________________________________________

https://www. /
Page No | 139

________________________________________________________________________________________________

https://www. /
Page No | 140

________________________________________________________________________________________________

https://www. /
Page No | 141

________________________________________________________________________________________________

https://www. /
Page No | 142

________________________________________________________________________________________________

https://www. /
Page No | 143

Whei users logii to the Clieitless SSLVPN usiig htps://209.165.201.2/test, which group policy will be applied?

A. test

________________________________________________________________________________________________

https://www. /
Page No | 144

B. clieitless
C. Sales
D. DftGrpPolicy
E. DefaultRAGroup
F. DefaultWEBVPNGroup

Aoswern C

Explaiatoi:
First iavigate to the Coiiectoi Profles tab as showi below, highlight the oie with the test alias:

Thei hit the “edit” butoi aid you cai clearly see the Sales Group Policy beiig applied.

________________________________________________________________________________________________

https://www. /
Page No | 145

Question 67
SIMULATION

Sceiario
Givei the iew additoial coiiectvity requirereits aid the topology diagrar, use ASDM to accorplish the required
ASA coifguratois to reet the requirereits.
New additoial coiiectvity requirereits:
Oice the correct ASA coifguratois have beei coifgured:
To access ASDM, click the ASA icoi ii the topology diagrar.
To access the Firefox Browser oi the Outside PC, click the Outside PC icoi ii the topology diagrar.
To access the Corraid prorpt oi the Iiside PC, click the Iiside PC icoi ii the topology diagrar.
Note:
Afer you rake the coifguratoi chaiges ii ASDM, rererber to click Apply to apply the coifguratoi chaiges.
Not all ASDM screeis are eiabled ii this sirulatoi, if sore screei is iot eiabled, try to use difereit rethods to
coifgure the ASA to reet the requirereits.
Ii this sirulatoi, sore of the ASDM screeis ray iot look aid fuictoi exactly like the real ASDM.

________________________________________________________________________________________________

https://www. /
Page No | 146

________________________________________________________________________________________________

https://www. /
Page No | 147

________________________________________________________________________________________________

https://www. /
Page No | 148

________________________________________________________________________________________________

https://www. /
Page No | 149

________________________________________________________________________________________________

https://www. /
Page No | 150

________________________________________________________________________________________________

https://www. /
Page No | 151

________________________________________________________________________________________________

https://www. /
Page No | 152

________________________________________________________________________________________________

https://www. /
Page No | 153

________________________________________________________________________________________________

https://www. /
Page No | 154

________________________________________________________________________________________________

https://www. /
Page No | 155

________________________________________________________________________________________________

https://www. /
Page No | 156

________________________________________________________________________________________________

https://www. /
Page No | 157

________________________________________________________________________________________________

https://www. /
Page No | 158

________________________________________________________________________________________________

https://www. /
Page No | 159

________________________________________________________________________________________________

https://www. /
Page No | 160

________________________________________________________________________________________________

https://www. /
Page No | 161

________________________________________________________________________________________________

https://www. /
Page No | 162

________________________________________________________________________________________________

https://www. /
Page No | 163

________________________________________________________________________________________________

https://www. /
Page No | 164

________________________________________________________________________________________________

https://www. /
Page No | 165

________________________________________________________________________________________________

https://www. /
Page No | 166

________________________________________________________________________________________________

https://www. /
Page No | 167

________________________________________________________________________________________________

https://www. /
Page No | 168

________________________________________________________________________________________________

https://www. /
Page No | 169

________________________________________________________________________________________________

https://www. /
Page No | 170

________________________________________________________________________________________________

https://www. /
Page No | 171

________________________________________________________________________________________________

https://www. /
Page No | 172

________________________________________________________________________________________________

https://www. /
Page No | 173

________________________________________________________________________________________________

https://www. /
Page No | 174

________________________________________________________________________________________________

https://www. /
Page No | 175

________________________________________________________________________________________________

https://www. /
Page No | 176

________________________________________________________________________________________________

https://www. /
Page No | 177

________________________________________________________________________________________________

https://www. /
Page No | 178

________________________________________________________________________________________________

https://www. /
Page No | 179

________________________________________________________________________________________________

https://www. /
Page No | 180

________________________________________________________________________________________________

https://www. /
Page No | 181

________________________________________________________________________________________________

https://www. /
Page No | 182

________________________________________________________________________________________________

https://www. /
Page No | 183

Aoswern Filliw the

explaoatio part ti
get aoswer io this

________________________________________________________________________________________________

https://www. /
Page No | 184

sim question
Explaiatoi:
First, for the HTTP access we ieed to creat a NAT object. Here I called it HTTP but it cai be givei aiy iare.

Thei, create the frewall rules to allow the HTTP access:

________________________________________________________________________________________________

https://www. /
Page No | 185

You cai verify usiig the outside PC to HTTP iito 209.165.201.30.

For step two, to be able to piig hosts oi the outside, we edit the last service policy showi below:

Aid thei check the ICMP box oily as showi below, thei hit Apply.

________________________________________________________________________________________________

https://www. /
Page No | 186

Afer that is doie, we cai piigwww.cisco.coragaii to verify:

________________________________________________________________________________________________

https://www. /
Page No | 187

Question 68
What features cai protect the data plaie? (Choose three.)

A. policiig
B. ACLs
C. IPS
D. aitspoofig
E. QoS
F. DHCP-sioopiig

Aoswern B,D,F

Question 69

How raiy crypto rap sets cai you apply to a router iiterface?

A. 3
B. 2
C. 4
D. 1

Aoswern D

Question 70

What is the traisitoi order of STP states oi a Layer 2 switch iiterface?

A. listeiiig, leariiig, blockiig, forwardiig, disabled

B. listeiiig, blockiig, leariiig, forwardiig, disabled
C. blockiig, listeiiig, leariiig, forwardiig, disabled
D. forwardiig, listeiiig, leariiig, blockiig, disabled

Aoswern C

Question 71

Which seisor rode cai deiy atackers iiliie?

A. IPS
B. fail-close
C. IDS
D. fail-opei

Aoswern A

Question 72

Which optois are flteriig optois used to display SDEE ressage types? (Choose two.)

________________________________________________________________________________________________

https://www. /
Page No | 188

A. stop
B. ioie
C. error
D. all

Aoswern C,D

Question 73

Whei a corpaiy puts a security policy ii place, what is the efect oi the corpaiy’s busiiess?

A. Miiiriziig risk
B. Miiiriziig total cost of owiership
C. Miiiriziig liability
D. Maxiriziig corpliaice

Aoswern A

Question 74

Which wildcard rask is associated with a subiet rask of /27?

A. 0.0.0.31
B. 0.0.027
C. 0.0.0.224
D. 0.0.0.255

Aoswern A

Question 75

Which statereits about refexive access lists are true? (Choose three.)

A. Refexive access lists create a perraieit ACE

B. Refexive access lists approxirate sessioi flteriig usiig the established keyword
C. Refexive access lists cai be atached to staidard iared IP ACLs
D. Refexive access lists support UDP sessiois
E. Refexive access lists cai be atached to exteided iared IP ACLs
F. Refexive access lists support TCP sessiois

Aoswern D,E,F

Question 76

Which actois cai a proriscuous IPS take to ritgate ai atack? (Choose three.)

A. Modifyiig packets
B. Requestig coiiectoi blockiig

________________________________________________________________________________________________

https://www. /
Page No | 189

C. Deiyiig packets
D. Resetig the TCP coiiectoi
E. Requestig host blockiig
F. Deiyiig frares

Aoswern B,D,E

Question 77

Which corraid will coifgure a Cisco ASA frewall to autheitcate users whei they eiter the eiable syitax usiig the
local database with io fallback rethod?

A. aaa autheitcatoi eiable coisole LOCAL SERVER_GROUP

B. aaa autheitcatoi eiable coisole SERVER_GROUP LOCAL
C. aaa autheitcatoi eiable coisole local
D. aaa autheitcatoi eiable coisole LOCAL

Aoswern D

Question 78

Which Cisco Security Maiager applicatoi collects iiforratoi about device status aid uses it to geierate
iotfcatois aid alerts?

A. FlexCoifg
B. Device Maiager
C. Report Maiager
D. Health aid Perforraice Moiitor

Aoswern D

Question 79

Which accouitig iotces are used to seid a failed autheitcatoi aterpt record to a AAA server? (Choose two.)

A. start-stop
B. stop-record
C. stop-oily
D. stop

Aoswern A,C

Question 80

Which corraid is ieeded to eiable SSH support oi a Cisco Router?

A. crypto key lock rsa

B. crypto key geierate rsa
C. crypto key zeroize rsa

________________________________________________________________________________________________

https://www. /
Page No | 190

D. crypto key uilock rsa

Aoswern B

Question 81

Which protocol provides security to Secure Copy?

A. IPsec
B. SSH
C. HTTPS
D. ESP

Aoswern B

Question 82

A clieitless SSL VPN user who is coiiectig oi a Wiidows Vista corputer is rissiig the reiu optoi for Rerote
Desktop Protocol oi the portal web page. Which actoi should you take to begii troubleshootig?

A. Eisure that the RDP2 plug-ii is iistalled oi the VPN gateway

B. Reboot the VPN gateway
C. Iistruct the user to recoiiect to the VPN gateway
D. Eisure that the RDP plug-ii is iistalled oi the VPN gateway

Aoswern D

Question 83

Which security zoie is autoratcally defied by the syster?

A. The source zoie

B. The self zoie
C. The destiatoi zoie
D. The iiside zoie

Aoswern B

Question 84

What are purposes of the Iiteriet Key Exchaige ii ai IPsec VPN? (Choose two.)

A. The Iiteriet Key Exchaige protocol establishes security associatois

B. The Iiteriet Key Exchaige protocol provides data coifdeitality
C. The Iiteriet Key Exchaige protocol provides replay detectoi
D. The Iiteriet Key Exchaige protocol is respoisible for rutual autheitcatoi

Aoswern A,D

________________________________________________________________________________________________

https://www. /
Page No | 191

Question 85

Which address block is reserved for locally assigied uiique local addresses?

A. 2002::/16
B. FD00::/8
C. 2001::/32
D. FB00::/8

Aoswern B

Question 86

What is a possible reasoi for the error ressage?Router(coifg))aaa server?% Uirecogiized corraid

A. The corraid syitax requires a space afer the word “server”

B. The corraid is iivalid oi the target device
C. The router is already ruiiiig the latest operatig syster
D. The router is a iew device oi which the aaa iew-rodel corraid rust be applied before coitiuiig

Aoswern D

Question 87

Which statereits about srart tuiiels oi a Cisco frewall are true? (Choose two.)

A. Srart tuiiels cai be used by clieits that do iot have adriiistrator privileges
B. Srart tuiiels support all operatig systers
C. Srart tuiiels ofer beter perforraice thai port forwardiig
D. Srart tuiiels require the clieit to have the applicatoi iistalled locally

Aoswern A,C

Question 88

If the iatve VLAN oi a truik is difereit oi each eid of the liik, what is a poteital coisequeice?

A. The iiterface oi both switches ray shut dowi

B. STP loops ray occur
C. The switch with the higher iatve VLAN ray shut dowi
D. The iiterface with the lower iatve VLAN ray shut dowi

Aoswern B

Question 89

Which optoi describes iiforratoi that rust be coisidered whei you apply ai access list to a physical iiterface?

________________________________________________________________________________________________

https://www. /
Page No | 192

A. Protocol used for flteriig

B. Directoi of the access class
C. Directoi of the access group
D. Directoi of the access list

Aoswern C

Question 90

Which source port does IKE use whei NAT has beei detected betweei two VPN gateways?

A. TCP 4500
B. TCP 500
C. UDP 4500
D. UDP 500

Aoswern C

Question 91

Which of the followiig are features of IPsec traisport rode? (Choose three.)

A. IPsec traisport rode is used betweei eid statois

B. IPsec traisport rode is used betweei gateways
C. IPsec traisport rode supports rultcast
D. IPsec traisport rode supports uiicast
E. IPsec traisport rode eicrypts oily the payload
F. IPsec traisport rode eicrypts the eitre packet

Aoswern A,D,E

Question 92

Which corraid causes a Layer 2 switch iiterface to operate as a Layer 3 iiterface?

A. io switchport ioiiegotate
B. switchport
C. io switchport rode dyiaric auto
D. io switchport

Aoswern D

Question 93

Which TACACS+ server-autheitcatoi protocols are supported oi Cisco ASA frewalls? (Choose three.)

A. EAP
B. ASCII

________________________________________________________________________________________________

https://www. /
Page No | 193

C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2

Aoswern B,C,E

Question 94

Which type of IPS cai ideitfy worrs that are propagatig ii a ietwork?

A. Policy-based IPS
B. Aioraly-based IPS
C. Reputatoi-based IPS
D. Sigiature-based IPS

Aoswern B

Question 95

Which corraid verifes phase 1 of ai IPsec VPN oi a Cisco router?

A. show crypto rap

B. show crypto ipsec sa
C. show crypto isakrp sa
D. show crypto eigiie coiiectoi actve

Aoswern C

Question 96

What is the purpose of a hoieypot IPS?

A. To create custorized policies

B. To detect uikiowi atacks
C. To iorralize strears
D. To collect iiforratoi about atacks

Aoswern D

Question 97

Which type of frewall cai act oi the behalf of the eid device?

A. Stateful packet
B. Applicatoi
C. Packet
D. Proxy

________________________________________________________________________________________________

https://www. /
Page No | 194

Aoswern D

Question 98

Which syslog severity level is level iurber 7?

A. Wariiig
B. Iiforratoial
C. Notfcatoi
D. Debuggiig

Aoswern D

Question 99

By which kiid of threat is the victr tricked iito eiteriig useriare aid password iiforratoi at a disguised website?

A. Spoofig
B. Malware
C. Spar
D. Phishiig

Aoswern D

Question 100

Which type of rirroriig does SPAN techiology perforr?

A. Rerote rirroriig over Layer 2

B. Rerote rirroriig over Layer 3
C. Local rirroriig over Layer 2
D. Local rirroriig over Layer 3

Aoswern C

Question 101

Which tasks is the sessioi raiagereit path respoisible for? (Choose three.)

A. Verifyiig IP checksurs
B. Perforriig route lookup
C. Perforriig sessioi lookup
D. Allocatig NAT traislatois
E. Checkiig TCP sequeice iurbers
F. Checkiig packets agaiist the access list

Aoswern B,D,F

________________________________________________________________________________________________

https://www. /
Page No | 195

Question 102

Which ietwork device does NTP autheitcate?

A. Oily the tre source

B. Oily the clieit device
C. The frewall aid the clieit device
D. The clieit device aid the tre source

Aoswern A

Question 103

Which Cisco product cai help ritgate web-based atacks withii a ietwork?

A. Adaptve Security Appliaice

B. Web Security Appliaice
C. Erail Security Appliaice
D. Ideitty Services Eigiie

Aoswern B

Question 104

Which statereit correctly describes the fuictoi of a private VLAN?

A. A private VLAN parttois the Layer 2 broadcast doraii of a VLAN iito subdoraiis
B. A private VLAN parttois the Layer 3 broadcast doraii of a VLAN iito subdoraiis
C. A private VLAN eiables the creatoi of rultple VLANs usiig oie broadcast doraii
D. A private VLAN corbiies the Layer 2 broadcast doraiis of raiy VLANs iito oie rajor broadcast doraii

Aoswern A

Question 105

What hash type does Cisco use to validate the iitegrity of dowiloaded irages?

A. Sha1
B. Sha2
C. Md5
D. Md1

Aoswern C

Question 106

Which Cisco feature cai help ritgate spoofig atacks by verifyiig syrretry of the trafc path?

________________________________________________________________________________________________

https://www. /
Page No | 196

A. Uiidirectoial Liik Detectoi

B. Uiicast Reverse Path Forwardiig
C. TrustSec
D. IP Source Guard

Aoswern B

Question 107

What is the rost corroi Cisco Discovery Protocol versioi 1 atack?

A. Deiial of Service
B. MAC-address spoofig
C. CAM-table overfow
D. VLAN hoppiig

Aoswern A

Question 108

What is the Cisco preferred couiterreasure to ritgate CAM overfows?

A. Port security
B. Dyiaric port security
C. IP source guard
D. Root guard

Aoswern B

Question 109

Which optoi is the rost efectve placereit of ai IPS device withii the iifrastructure?

A. Iiliie, behiid the iiteriet router aid frewall

B. Iiliie, before the iiteriet router aid frewall
C. Proriscuously, afer the Iiteriet router aid before the frewall
D. Proriscuously, before the Iiteriet router aid the frewall

Aoswern A

Question 110

If a router coifguratoi iicludes the liie aaa autheitcatoi logii default group tacacs+ eiable, which eveits will
occur whei the TACACS+ server returis ai error? (Choose two.)

A. The user will be prorpted to autheitcate usiig the eiable password

B. Autheitcatoi aterpts to the router will be deiied
C. Autheitcatoi will use the router`s local database
D. Autheitcatoi aterpts will be seit to the TACACS+ server

________________________________________________________________________________________________

https://www. /
Page No | 197

Aoswern A,B

Question 111

Which alert protocol is used with Cisco IPS Maiager Express to support up to 10 seisors?

A. SDEE
B. Syslog
C. SNMP
D. CSM

Aoswern A

Question 112

Whei a switch has rultple liiks coiiected to a dowistrear switch, what is the frst step that STP takes to preveit
loops?

A. STP elects the root bridge

B. STP selects the root port
C. STP selects the desigiated port
D. STP blocks oie of the ports

Aoswern A

Question 113

Which type of address traislatoi should be used whei a Cisco ASA is ii traispareit rode?

A. Statc NAT
B. Dyiaric NAT
C. Overload
D. Dyiaric PAT

Aoswern A

Question 114

Which corpoieits does HMAC use to deterriie the autheitcity aid iitegrity of a ressage? (Choose two.)

A. The password
B. The hash
C. The key
D. The traisforr set

Aoswern B,C

________________________________________________________________________________________________

https://www. /
Page No | 198

Question 115

What is the default treout iiterval duriig which a router waits for respoises fror a TACACS server before declariig
a treout failure?

A. 5 secoids
B. 10 secoids
C. 15 secoids
D. 20 secoids

Aoswern A

Question 116

Which RADIUS server autheitcatoi protocols are supported oi Cisco ASA frewalls? (Choose three.)

A. EAP
B. ASCII
C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2

Aoswern C,E,F

Question 117

Which corraid iiitalizes a lawful iitercept view?

A. useriare cisco1 view lawful-iitercept password cisco

B. parser view cisco li-view
C. li-view cisco user cisco1 password cisco
D. parser view li-view iiclusive

Aoswern C

Question 118

Which couiterreasures cai ritgate ARP spoofig atacks? (Choose two.)

A. Port security
B. DHCP sioopiig
C. IP source guard
D. Dyiaric ARP iispectoi

Aoswern B,D

Question 119

________________________________________________________________________________________________

https://www. /
Page No | 199

Which of the followiig statereits about access lists are true? (Choose three.)

A. Exteided access lists should be placed as iear as possible to the destiatoi

B. Exteided access lists should be placed as iear as possible to the source
C. Staidard access lists should be placed as iear as possible to the destiatoi
D. Staidard access lists should be placed as iear as possible to the source
E. Staidard access lists flter oi the source address
F. Staidard access lists flter oi the destiatoi address

Aoswern B,C,E

Question 120

Which statereit about exteided access lists is true?

A. Exteided access lists perforr flteriig that is based oi source aid destiatoi aid are rost efectve whei applied
to the destiatoi
B. Exteided access lists perforr flteriig that is based oi source aid destiatoi aid are rost efectve whei applied
to the source
C. Exteided access lists perforr flteriig that is based oi destiatoi aid are rost efectve whei applied to the
source
D. Exteided access lists perforr flteriig that is based oi source aid are rost efectve whei applied to the
destiatoi

Aoswern B

Question 121

Which security reasures cai protect the coitrol plaie of a Cisco router? (Choose two.)

A. CCPr
B. Parser views
C. Access coitrol lists
D. Port security
E. CoPP

Aoswern A,E

Question 122

Ii which stage of ai atack does the atacker discover devices oi a target ietwork?

A. Recoiiaissaice
B. Coveriig tracks
C. Gaiiiig access
D. Maiitaiiiig access

Aoswern A

________________________________________________________________________________________________

https://www. /
Page No | 200

Question 123

Which protocols use eicryptoi to protect the coifdeitality of data traisrited betweei two partes? (Choose two.)

A. FTP
B. SSH
C. Teliet
D. AAA
E. HTTPS
F. HTTP

Aoswern B,E

Question 124

What are the prirary atack rethods of VLAN hoppiig? (Choose two.)

A. VoIP hoppiig
B. Switch spoofig
C. CAM-table overfow
D. Double taggiig

Aoswern B,D

Question 125

How cai the adriiistrator eiable perraieit clieit iistallatoi ii a Cisco AiyCoiiect VPN frewall coifguratoi?

A. Issue the corraid aiycoiiect keep-iistaller uider the group policy or useriare webvpi rode
B. Issue the corraid aiycoiiect keep-iistaller iistalled ii the global coifguratoi
C. Issue the corraid aiycoiiect keep-iistaller iistalled uider the group policy or useriare webvpi rode
D. Issue the corraid aiycoiiect keep-iistaller iistaller uider the group policy or useriare webvpi rode

Aoswern C

Question 126

Which type of security coitrol is defeise ii depth?

A. Threat ritgatoi
B. Risk aialysis
C. Botiet ritgatoi
D. Overt aid covert chaiiels

Aoswern A

Question 127

________________________________________________________________________________________________

https://www. /
Page No | 201

Oi which Cisco Coifguratoi Professioial screei do you eiable AAA

A. AAA Surrary
B. AAA Servers aid Groups
C. Autheitcatoi Policies
D. Authorizatoi Policies

Aoswern A

Question 128

What are two uses of SIEM sofware? (Choose two.)

A. collectig aid archiviig syslog data

B. alertig adriiistrators to security eveits ii real tre
C. perforriig autoratc ietwork audits
D. coifguriig frewall aid IDS devices
E. scaiiiig erail for suspicious atachreits

Aoswern A,B

Question 129

What are the three layers of a hierarchical ietwork desigi? (Choose three.)

A. access
B. core
C. distributoi
D. user
E. server
F. Iiteriet

Aoswern A,B,C

Question 130

Ii which two situatois should you use ii-baid raiagereit? (Choose two.)

A. whei raiagereit applicatois ieed coicurreit access to the device

B. whei you require adriiistrator access fror rultple locatois
C. whei a ietwork device fails to forward packets
D. whei you require ROMMON access
E. whei the coitrol plaie fails to respoid

Aoswern A,B

Question 131

________________________________________________________________________________________________

https://www. /
Page No | 202

What are two ways to preveit eavesdroppiig whei you perforr device-raiagereit tasks? (Choose two.)

A. Use ai SSH coiiectoi.

B. Use SNMPv3.
C. Use out-of-baid raiagereit.
D. Use SNMPv2.
E. Use ii-baid raiagereit.

Aoswern A,B

Question 132

Ii which three ways does the RADIUS protocol difer fror TACACS? (Choose three.)

A. RADIUS uses UDP to corruiicate with the NAS.

B. RADIUS eicrypts oily the password feld ii ai autheitcatoi packet.
C. RADIUS autheitcates aid authorizes sirultaieously, causiig fewer packets to be traisrited.
D. RADIUS uses TCP to corruiicate with the NAS.
E. RADIUS cai eicrypt the eitre packet that is seit to the NAS.
F. RADIUS supports per-corraid authorizatoi.

Aoswern A,B,C

Question 133

Which three ESP felds cai be eicrypted duriig traisrissioi? (Choose three.)

A. Security Parareter Iidex

B. Sequeice Nurber
C. MAC Address
D. Paddiig
E. Pad Leigth
F. Next Header

Aoswern D,E,F

Question 134

Which two autheitcatoi types does OSPF support? (Choose two.)

A. plaiitext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES

Aoswern A,B

________________________________________________________________________________________________

https://www. /
Page No | 203

Question 135

Which two features are corroily used CoPP aid CPPr to protect the coitrol plaie? (Choose two.)

A. QoS
B. trafc classifcatoi
C. access lists
D. policy raps
E. class raps
F. Cisco Express Forwardiig

Aoswern A,B

Question 136

Which three statereits describe DHCP spoofig atacks? (Choose three.)

A. They cai rodify trafc ii traisit.

B. They are used to perforr rai-ii-the-riddle atacks.
C. They use ARP poisoiiig.
D. They cai access rost ietwork devices.
E. They protect the ideitty of the atacker by raskiig the DHCP address.
F. They are cai physically rodify the ietwork gateway.

Aoswern A,B,C

Question 137

Which three statereits about Cisco host-based IPS solutois are true? (Choose three.)

A. It cai view eicrypted fles.

Aoswern A,B,C

Question 138

A data breach has occurred aid your corpaiy database has beei copied. Which security priiciple has beei violated?

A. coifdeitality
B. availability
C. access
D. coitrol

Aoswern A

________________________________________________________________________________________________

https://www. /
Page No | 204

Question 139

Ii which type of atack does ai atacker seid erail ressages that ask the recipieit to click a liik such as
htps://www.cisco.iet.cc/securelogoi?

A. phishiig
B. pharriig
C. solicitatoi
D. secure traisactoi

Aoswern A

Question 140

Your security tear has discovered a ralicious prograr that has beei harvestig the CEO's erail ressages aid the
corpaiy's user database for the last 6 roiths. What type of atack did your tear discover?

A. advaiced persisteit threat

B. targeted ralware
C. drive-by spyware
D. social actvisr

Aoswern A

Question 141

Which statereit provides the best defiitoi of ralware?

A. Malware is uiwaited sofware that is harrful or destructve.

B. Malware is sofware used by iatoi states to corrit cyber crires.
C. Malware is a collectoi of worrs, viruses, aid Trojai horses that is distributed as a siigle package.
D. Malware is tools aid applicatois that rerove uiwaited progrars.

Aoswern A

Question 142

What rechaiisr does asyrretric cryptography use to secure data?

A. a public/private key pair

B. shared secret keys
C. ai RSA ioice
D. ai MD5 hash

Aoswern A

Question 143

________________________________________________________________________________________________

https://www. /
Page No | 205

Refer to the exhibit.

With which NTP server has the router syichroiized?

A. 192.168.10.7
B. 108.61.73.243
C. 209.114.111.1
D. 132.163.4.103
E. 204.2.134.164
F. 241.199.164.101

Aoswern A

Question 144

Refer to the exhibit.

________________________________________________________________________________________________

https://www. /
Page No | 206

Which statereit about the givei coifguratoi is true?

A. The siigle-coiiectoi corraid causes the device to establish oie coiiectoi for all TACACS traisactois.
B. The siigle-coiiectoi corraid causes the device to process oie TACACS request aid thei rove to the iext
server.
C. The treout corraid causes the device to rove to the iext server afer 20 secoids of TACACS iiactvity.
D. The router corruiicates with the NAS oi the default port, TCP 1645.

Aoswern A

Question 145

What is the best way to coifrr that AAA autheitcatoi is workiig properly?

A. Use the test aaa corraid.

B. Piig the NAS to coifrr coiiectvity.
C. Use the Cisco-recorreided coifguratoi for AAA autheitcatoi.
D. Log iito aid out of the router, aid thei check the NAS autheitcatoi log.

Aoswern A

Question 146

How does PEAP protect the EAP exchaige?

A. It eicrypts the exchaige usiig the server certfcate.

B. It eicrypts the exchaige usiig the clieit certfcate.
C. It validates the server-supplied certfcate, aid thei eicrypts the exchaige usiig the clieit certfcate.
D. It validates the clieit-supplied certfcate, aid thei eicrypts the exchaige usiig the server certfcate.

Aoswern A

________________________________________________________________________________________________

https://www. /
Page No | 207

Question 147

What irprovereit does EAP-FASTv2 provide over EAP-FAST?

A. It allows rultple credeitals to be passed ii a siigle EAP exchaige.

B. It supports rore secure eicryptoi protocols.
C. It allows faster autheitcatoi by usiig fewer packets.
D. It addresses security vulierabilites fouid ii the origiial protocol.

Aoswern A

Question 148

How does a device oi a ietwork usiig ISE receive its digital certfcate duriig the iew-device registratoi process?

A. ISE acts as a SCEP proxy to eiable the device to receive a certfcate fror a ceitral CA server.
B. ISE issues a certfcate fror its iiterial CA server.
C. ISE issues a pre-defied certfcate fror a local database.
D. The device requests a iew certfcate directly fror a ceitral CA.

Aoswern A

Question 149

Whei ai adriiistrator iiitates a device wipe corraid fror the ISE, what is the irrediate efect?

A. It requests the adriiistrator to choose betweei erasiig all device data or oily raiaged corporate data.
B. It requests the adriiistrator to eiter the device PIN or password before proceediig with the operatoi.
C. It iotfes the device user aid proceeds with the erase operatoi.
D. It irrediately erases all data oi the device.

Aoswern A

Question 150

What coifguratoi allows AiyCoiiect to autoratcally establish a VPN sessioi whei a user logs ii to the corputer?

A. always-oi
B. proxy
C. traispareit rode
D. Trusted Network Detectoi

Aoswern A

Question 151

What security feature allows a private IP address to access the Iiteriet by traislatig it to a public address?

________________________________________________________________________________________________

https://www. /
Page No | 208

A. NAT
B. hairpiiiiig
C. Trusted Network Detectoi
D. Certfcatoi Authority

Aoswern A

Question 152

Refer to the exhibit.

You have coifgured R1 aid R2 as showi, but the routers are uiable to establish a site-to-site VPN tuiiel. What
actoi cai you take to correct the probler?

A. Edit the crypto keys oi R1 aid R2 to ratch.

B. Edit the ISAKMP policy sequeice iurbers oi R1 aid R2 to ratch.
C. Set a valid value for the crypto key lifetre oi each router.
D. Edit the crypto isakrp key corraid oi each router with the address value of its owi iiterface.

Aoswern A

Question 153

Refer to the exhibit.

________________________________________________________________________________________________

https://www. /
Page No | 209

What is the efect of the givei corraid?

A. It rerges autheitcatoi aid eicryptoi rethods to protect trafc that ratches ai ACL.
B. It coifgures the ietwork to use a difereit traisforr set betweei peers.
C. It coifgures eicryptoi for MD5 HMAC.
D. It coifgures autheitcatoi as AES 256.

Aoswern A

Question 154

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does the givei output
show?

A. IPSec Phase 1 is established betweei 10.10.10.2 aid 10.1.1.5.

B. IPSec Phase 2 is established betweei 10.10.10.2 aid 10.1.1.5.
C. IPSec Phase 1 is dowi due to a QM_IDLE state.
D. IPSec Phase 2 is dowi due to a QM_IDLE state.

Aoswern A

Question 155

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does the givei output
show?

A. IKE Phase 1 raii rode was created oi 10.1.1.5, but it failed to iegotate with 10.10.10.2.
B. IKE Phase 1 raii rode has successfully iegotated betweei 10.1.1.5 aid 10.10.10.2.
C. IKE Phase 1 aggressive rode was created oi 10.1.1.5, but it failed to iegotate with 10.10.10.2.
D. IKE Phase 1 aggressive rode has successfully iegotated betweei 10.1.1.5 aid 10.10.10.2.

Aoswern A

Question 156

Which statereit about IOS privilege levels is true?

A. Each privilege level supports the corraids at its owi level aid all levels below it.

________________________________________________________________________________________________

https://www. /
Page No | 210

B. Each privilege level supports the corraids at its owi level aid all levels above it.
C. Privilege-level corraids are set explicitly for each user.
D. Each privilege level is iidepeideit of all other privilege levels.

Aoswern A

Question 157

Refer to the exhibit.

The Adrii user is uiable to eiter coifguratoi rode oi a device with the givei coifguratoi. What chaige cai you
rake to the coifguratoi to correct the probler?

A. Rerove the autocorraid keyword aid argureits fror the useriare adrii privilege liie.
B. Chaige the Privilege exec level value to 15.
C. Rerove the two Useriare Adrii liies.
D. Rerove the Privilege exec liie.

Aoswern A

Question 158

Refer to the exhibit.

Which liie ii this coifguratoi preveits the HelpDesk user fror rodifyiig the iiterface coifguratoi?

A. Privilege exec level 9 coifgure terriial

B. Privilege exec level 10 iiterface
C. Useriare HelpDesk privilege 6 password help
D. Privilege exec level 7 show start-up

Aoswern A

________________________________________________________________________________________________

https://www. /
Page No | 211

Question 159

Ii the router ospf 200 corraid, what does the value 200 staid for?

A. process ID
B. area ID
C. adriiistratve distaice value
D. ABR ID

Aoswern A

Question 160

Which feature flters CoPP packets?

A. access coitrol lists

B. class raps
C. policy raps
D. route raps

Aoswern A

Question 161

Ii which type of atack does the atacker aterpt to overload the CAM table oi a switch so that the switch acts as a
hub?

A. MAC spoofig
B. gratuitous ARP
C. MAC foodiig
D. DoS

Aoswern C

Question 162

Which type of PVLAN port allows hosts ii the sare VLAN to corruiicate directly with each other?

A. corruiity for hosts ii the PVLAN

B. proriscuous for hosts ii the PVLAN
C. isolated for hosts ii the PVLAN
D. spai for hosts ii the PVLAN

Aoswern A

Question 163

What is a poteital drawback to leaviig VLAN 1 as the iatve VLAN?

________________________________________________________________________________________________

https://www. /
Page No | 212

A. It ray be susceptble to a VLAN hopiig atack.

B. Gratuitous ARPs right be able to coiduct a rai-ii-the-riddle atack.
C. The CAM right be overloaded, efectvely turiiig the switch iito a hub.
D. VLAN 1 right be vulierable to IP address spoofig.

Aoswern A

Question 164

Ii which three cases does the ASA frewall perrit iibouid HTTP GET requests duriig iorral operatois? (Choose
three).

A. whei ratchiig NAT eitries are coifgured

B. whei ratchiig ACL eitries are coifgured
C. whei the frewall receives a SYN-ACK packet
D. whei the frewall receives a SYN packet
E. whei the frewall requires HTTP iispectoi
F. whei the frewall requires strict HTTP iispectoi

Aoswern A,B,D

Question 165

Which frewall coifguratoi rust you perforr to allow trafc to fow ii both directois betweei two zoies?

A. You rust coifgure two zoie pairs, oie for each directoi.
B. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows for aiy zoie.
C. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows for aiy zoie except the self zoie.
D. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows oily if the source zoie is the less secure
zoie.

Aoswern A

Question 166

What is a valid irplicit perrit rule for trafc that is traversiig the ASA frewall?

A. ARPs ii both directois are perrited ii traispareit rode oily.

B. Uiicast IPv4 trafc fror a higher security iiterface to a lower security iiterface is perrited ii routed rode oily.
C. Uiicast IPv6 trafc fror a higher security iiterface to a lower security iiterface is perrited ii traispareit rode
oily.
D. Oily BPDUs fror a higher security iiterface to a lower security iiterface are perrited ii traispareit rode.
E. Oily BPDUs fror a higher security iiterface to a lower security iiterface are perrited ii routed rode.

Aoswern A

Question 167

________________________________________________________________________________________________

https://www. /
Page No | 213

Which statereit about the corruiicatoi betweei iiterfaces oi the sare security level is true?

A. Iiterfaces oi the sare security level require additoial coifguratoi to perrit iiter-iiterface corruiicatoi.
B. Coifguriig iiterfaces oi the sare security level cai cause asyrretric routig.
C. All trafc is allowed by default betweei iiterfaces oi the sare security level.
D. You cai coifgure oily oie iiterface oi ai iidividual security level.

Aoswern A

Question 168

Which IPS rode provides the raxirur iurber of actois?

A. iiliie
B. proriscuous
C. spai
D. failover
E. bypass

Aoswern A

Question 169

How cai you detect a false iegatve oi ai IPS?

A. View the alert oi the IPS.

B. Review the IPS log.
C. Review the IPS coisole.
D. Use a third-party syster to perforr peietratoi testig.
E. Use a third-party to audit the iext-geieratoi frewall rules.

Aoswern D

Question 170

What is the prirary purpose of a defied rule ii ai IPS?

A. to coifgure ai eveit actoi that takes place whei a sigiature is triggered

B. to defie a set of actois that occur whei a specifc user logs ii to the syster
C. to coifgure ai eveit actoi that is pre-defied by the syster adriiistrator
D. to detect iiterial atacks

Aoswern A

Question 171

Which Sourcefre eveit actoi should you choose if you wait to block oily ralicious trafc fror a partcular eid
user?

________________________________________________________________________________________________

https://www. /
Page No | 214

A. Allow with iispectoi

B. Allow without iispectoi
C. Block
D. Trust
E. Moiitor

Aoswern A

Question 172

How cai FirePOWER block ralicious erail atachreits?

A. It forwards erail requests to ai exterial sigiature eigiie.

B. It scais iibouid erail ressages for kiowi bad URLs.
C. It seids the trafc through a fle policy.
D. It seids ai alert to the adriiistrator to verify suspicious erail ressages.

Aoswern C

Question 173

You have beei tasked with blockiig user access to websites that violate corpaiy policy, but the sites use dyiaric IP
addresses. What is the best practce for URL flteriig to solve the probler?

A. Eiable URL flteriig aid use URL categorizatoi to block the websites that violate corpaiy policy.
B. Eiable URL flteriig aid create a blacklist to block the websites that violate corpaiy policy.
C. Eiable URL flteriig aid create a whitelist to block the websites that violate corpaiy policy.
D. Eiable URL flteriig aid use URL categorizatoi to allow oily the websites that corpaiy policy allows users to
access.
E. Eiable URL flteriig aid create a whitelist to allow oily the websites that corpaiy policy allows users to access.

Aoswern A

Question 174

Which techiology cai be used to rate data fdelity aid to provide ai autheitcated hash for data?

A. fle reputatoi
B. fle aialysis
C. sigiature updates
D. ietwork blockiig

Aoswern A

Question 175

Which type of eicryptoi techiology has the broadest platorr support to protect operatig systers?

A. sofware

________________________________________________________________________________________________

https://www. /
Page No | 215

B. hardware
C. riddleware
D. fle-level

Aoswern A

Question 176

A proxy frewall protects agaiist which type of atack?

A. cross-site scriptig atack

B. worr trafc
C. port scaiiiig
D. DDoS atacks

Aoswern A

Question 177

What is a beieft of a web applicatoi frewall?

A. It blocks kiowi vulierabilites without patchiig applicatois.

B. It sirplifes troubleshootig.
C. It accelerates web trafc.
D. It supports all ietworkiig protocols.

Aoswern A

Question 178

Which feature of the Cisco Erail Security Appliaice cai ritgate the irpact of siowshoe spar aid sophistcated
phishiig atacks?

A. coitextual aialysis
B. holistc uiderstaidiig of threats
C. grayrail raiagereit aid flteriig
D. sigiature-based IPS

Aoswern A

Question 179

What do you use whei you have a ietwork object or group aid wait to use ai IP address?

A. Statc NAT
B. Dyiaric NAT
C. ideitty NAT
D. Statc PAT

________________________________________________________________________________________________

https://www. /
Page No | 216

Aoswern B

Question 180

Which three statereits are characteristcs of DHCP Spoofig? (choose three)

A. Arp Poisoiiig
B. Modify Trafc ii traisit
C. Used to perforr rai-ii-the-riddle atack
D. Physically rodify the ietwork gateway
E. Protect the ideitty of the atacker by raskiig the DHCP address
F. cai access rost ietwork devices

Aoswern ABC

Question 181

which feature allow fror dyiaric NAT pool to choose iext IP address aid iot a port oi a used IP address?

A. iext IP
B. rouid robii
C. Dyiaric rotatoi
D. Dyiaric PAT rotatoi

Aoswern B

Question 182

Which NAT optoi is executed frst duriig ii case of rultple iat traislatois?

A. dyiaric iat with shortest prefx

B. dyiaric iat with loigest prefx
C. statc iat with shortest prefx
D. statc iat with loigest prefx

Aoswern D

Question 183

If a switch port goes directly iito a blocked state oily whei a superior BPDU is received, what rechaiisr rust be ii
use?

A. STP BPDU guard

B. loop guard
C. STP Root guard
D. EtherChaiiel guard

Aoswern A

________________________________________________________________________________________________

https://www. /
Page No | 217

Question 184

Refer to the exhibit.

What are two efects of the givei corraid? (Choose two.)

A. It coifgures autheitcatoi to use AES 256.

B. It coifgures autheitcatoi to use MD5 HMAC.
C. It coifgures authorizatoi use AES 256.
D. It coifgures eicryptoi to use MD5 HMAC.
E. It coifgures eicryptoi to use AES 256.

Aoswern B,E

Question 185

Which feature allows a dyiaric PAT pool to select the iext address ii the PAT pool iistead of the iext port of ai
existig address?

A. iext IP
B. rouid robii
C. dyiaric rotatoi
D. NAT address rotatoi

Aoswern B

Question 186

Which NAT type allows oily objects or groups to refereice ai IP address?

A. dyiaric NAT
B. dyiaric PAT
C. statc NAT
D. ideitty NAT

Aoswern B

________________________________________________________________________________________________

https://www. /

Binance Wodl Answers Today - Updating ...
100% (2)
Binance Wodl Answers Today - Updating ...
7 pages
700-760 Advanced Security Architecture Express For Account Managers (ASAEAM)
100% (1)
700-760 Advanced Security Architecture Express For Account Managers (ASAEAM)
14 pages
350-701 Corregidos 491Q
No ratings yet
350-701 Corregidos 491Q
143 pages
700-765 V13.95 - Edited
No ratings yet
700-765 V13.95 - Edited
18 pages
Red Hat Certified Engineer Complete Course
No ratings yet
Red Hat Certified Engineer Complete Course
7 pages
700 765 V1.1
No ratings yet
700 765 V1.1
16 pages
Number: 350-701 Passing Score: 825 Time Limit: 140 Min File Version: v1.0
No ratings yet
Number: 350-701 Passing Score: 825 Time Limit: 140 Min File Version: v1.0
31 pages
350 701 2
No ratings yet
350 701 2
43 pages
Makalah Kelompok 3 Landasan Teori Kerangka Berpikir Dan Pengajuan Hipotesis
0% (1)
Makalah Kelompok 3 Landasan Teori Kerangka Berpikir Dan Pengajuan Hipotesis
338 pages
Module 5 CN
No ratings yet
Module 5 CN
26 pages
210 260
100% (1)
210 260
246 pages
ASA
No ratings yet
ASA
115 pages
Emaillog
No ratings yet
Emaillog
60 pages
Anubis 210-260 v06 PDF
0% (2)
Anubis 210-260 v06 PDF
155 pages
Script
No ratings yet
Script
4 pages
Solution: Wireshark Lab: HTTP
No ratings yet
Solution: Wireshark Lab: HTTP
7 pages
Administrasi Sistem Jaringan Xi 2019 - 2020 - Ulangan Semester Akhir - SMK Muh 1 Boyolali (1-21)
No ratings yet
Administrasi Sistem Jaringan Xi 2019 - 2020 - Ulangan Semester Akhir - SMK Muh 1 Boyolali (1-21)
45 pages
Tshooting DNS and Exchange 2000
No ratings yet
Tshooting DNS and Exchange 2000
78 pages
210-260 V11.02
No ratings yet
210-260 V11.02
215 pages
210 260.examcollection - Premium.exam.179q
No ratings yet
210 260.examcollection - Premium.exam.179q
396 pages
640-554 Christine PDF
No ratings yet
640-554 Christine PDF
121 pages
ActualTest 642-501 v07.25.05
No ratings yet
ActualTest 642-501 v07.25.05
88 pages
NETACAD
No ratings yet
NETACAD
45 pages
SevOne NMS Port Number Requirements Guide
No ratings yet
SevOne NMS Port Number Requirements Guide
17 pages
Cisco ActualTests 210-260 v2016-06-22 by Makungu 159q
0% (1)
Cisco ActualTests 210-260 v2016-06-22 by Makungu 159q
115 pages
X.500 and LDAP: Access Protocol (LDAP), A Derivative of The X.500 Protocol Developed As
No ratings yet
X.500 and LDAP: Access Protocol (LDAP), A Derivative of The X.500 Protocol Developed As
8 pages
Music App: Login Api
No ratings yet
Music App: Login Api
7 pages
Outline of PST Viewer3
No ratings yet
Outline of PST Viewer3
7 pages
4ipnet TEC Captive Portal HTTPS Redirection PDF
No ratings yet
4ipnet TEC Captive Portal HTTPS Redirection PDF
15 pages
Ue 4 Error
No ratings yet
Ue 4 Error
2 pages
ITNSA FINAL WSMB2023 WSMP2023 Question
No ratings yet
ITNSA FINAL WSMB2023 WSMP2023 Question
20 pages
350-701 All 449Q
No ratings yet
350-701 All 449Q
134 pages
CCNA Security 210-260 v4 Q&A-68
100% (2)
CCNA Security 210-260 v4 Q&A-68
180 pages
NSE4 - FGT-6.0 Februar 2020
No ratings yet
NSE4 - FGT-6.0 Februar 2020
64 pages
Lead4pass Latest Cisco 210-250 Dumps PDF Questions and Answers
No ratings yet
Lead4pass Latest Cisco 210-250 Dumps PDF Questions and Answers
7 pages
Answer: C
No ratings yet
Answer: C
41 pages
(SOLVED) How To Set Up HTTPS With OpenSSL in WAMP Server - From Mind To World
No ratings yet
(SOLVED) How To Set Up HTTPS With OpenSSL in WAMP Server - From Mind To World
12 pages
Enable TLS 1.2
No ratings yet
Enable TLS 1.2
7 pages
NSE4 - FGT-6.0 - Corregido
No ratings yet
NSE4 - FGT-6.0 - Corregido
57 pages
CCNA Security IINS 210-260
100% (1)
CCNA Security IINS 210-260
219 pages
Cisco Ccnp...
No ratings yet
Cisco Ccnp...
71 pages
9tut Q&a
No ratings yet
9tut Q&a
40 pages
ISC - Actualtests.cissp ISSAP.v2015!03!13.by - Adella.237q
No ratings yet
ISC - Actualtests.cissp ISSAP.v2015!03!13.by - Adella.237q
68 pages
Exam 700-760: IT Certification Guaranteed, The Easy Way!
No ratings yet
Exam 700-760: IT Certification Guaranteed, The Easy Way!
19 pages
NSE4 - FGT-6.0.prepaway - Premium.exam.125q: Number: NSE4 - FGT-6.0 Passing Score: 800 Time Limit: 120 Min File Version: 2.2
No ratings yet
NSE4 - FGT-6.0.prepaway - Premium.exam.125q: Number: NSE4 - FGT-6.0 Passing Score: 800 Time Limit: 120 Min File Version: 2.2
52 pages
CCNA Guide 1-350-701
No ratings yet
CCNA Guide 1-350-701
28 pages
HTTPS Research
No ratings yet
HTTPS Research
2 pages
Cisco Security Files
No ratings yet
Cisco Security Files
11 pages
Cisco Testkings 210-260 v2016-06-06 by HSV 155q
No ratings yet
Cisco Testkings 210-260 v2016-06-06 by HSV 155q
112 pages
Which Security Implementation Will Provide Control Plane Protection For A Network Device
No ratings yet
Which Security Implementation Will Provide Control Plane Protection For A Network Device
34 pages
Cisco: Exam Questions 700-765
No ratings yet
Cisco: Exam Questions 700-765
7 pages
Latest Cisco EnsurePass CCNA 640 554 Dumps PDF
No ratings yet
Latest Cisco EnsurePass CCNA 640 554 Dumps PDF
71 pages
Ccna Security Version 2-2
No ratings yet
Ccna Security Version 2-2
32 pages
CCNP Scor Final
No ratings yet
CCNP Scor Final
39 pages
Ccnpnuevo
No ratings yet
Ccnpnuevo
74 pages
Fortinet NSE4 05-Jul 2020
No ratings yet
Fortinet NSE4 05-Jul 2020
58 pages
CN Report
No ratings yet
CN Report
6 pages
CCNA Security FINAL and Chapters
100% (1)
CCNA Security FINAL and Chapters
70 pages
Fortinet NSE4 29-Apr 2020
No ratings yet
Fortinet NSE4 29-Apr 2020
58 pages
Number: 200-301 Passing Score: 800 Time Limit: 120 Min File Version: 0
No ratings yet
Number: 200-301 Passing Score: 800 Time Limit: 120 Min File Version: 0
11 pages
CCNA Security v2.0 Final Exam Answers 100% PDF Download: Routing Protocol Authentication
No ratings yet
CCNA Security v2.0 Final Exam Answers 100% PDF Download: Routing Protocol Authentication
22 pages
Info Hash Torrent Searching Technique - CE55
No ratings yet
Info Hash Torrent Searching Technique - CE55
3 pages
05 - PAM I and C - Authentication Methods
No ratings yet
05 - PAM I and C - Authentication Methods
51 pages
CCNA Security v20 Final Exam Answers 100
No ratings yet
CCNA Security v20 Final Exam Answers 100
14 pages
Exam 210-260 Title Implementing Cisco Network Security Updated Version 14.0 Product Type 186 Q&A With Explanations
No ratings yet
Exam 210-260 Title Implementing Cisco Network Security Updated Version 14.0 Product Type 186 Q&A With Explanations
25 pages
RedHat Satellite 6.15
No ratings yet
RedHat Satellite 6.15
17 pages
Cisco PracticeTest 210-260 v2016-01-22 by Silas 56q
No ratings yet
Cisco PracticeTest 210-260 v2016-01-22 by Silas 56q
28 pages
Rajarajeswari College of Engineering
No ratings yet
Rajarajeswari College of Engineering
12 pages
Qp3wjpa3tjlj042z2wv7hahsldgwhwy0rq9sywjpyy en Usd 2009-01!03!2024!07!20 3
No ratings yet
Qp3wjpa3tjlj042z2wv7hahsldgwhwy0rq9sywjpyy en Usd 2009-01!03!2024!07!20 3
20 pages
Killtest: Examen Examen
No ratings yet
Killtest: Examen Examen
11 pages
CCNAS Final Exam Answers
No ratings yet
CCNAS Final Exam Answers
16 pages
CCNA 200-301 PracticeQuestions 05
No ratings yet
CCNA 200-301 PracticeQuestions 05
9 pages
Ovpn
No ratings yet
Ovpn
2 pages
Lab 6.2.4
No ratings yet
Lab 6.2.4
2 pages
CCNP Ccie 350 701 22 4 2022
No ratings yet
CCNP Ccie 350 701 22 4 2022
60 pages
Security Management
No ratings yet
Security Management
7 pages
Network Security
No ratings yet
Network Security
15 pages
SecurityPlus SY0-701 Categorized Acronyms
No ratings yet
SecurityPlus SY0-701 Categorized Acronyms
3 pages
HTTP
No ratings yet
HTTP
20 pages
Certified Ethical Hacker (CEH V13) Practice Exam Guide
From Everand
Certified Ethical Hacker (CEH V13) Practice Exam Guide
Steve Brown
No ratings yet
Cyberops Acc
No ratings yet
Cyberops Acc
14 pages
Aindumps.640 554.v2014!05!21.by - gertRUDE.175q
No ratings yet
Aindumps.640 554.v2014!05!21.by - gertRUDE.175q
72 pages
FCSS—Enterprise Firewall 7.6 Administrator Exam Preparation
From Everand
FCSS—Enterprise Firewall 7.6 Administrator Exam Preparation
Georgio Daccache
No ratings yet
SC-200: Microsoft Security Operations Analyst Preparation
From Everand
SC-200: Microsoft Security Operations Analyst Preparation
Georgio Daccache
No ratings yet
Microsoft Azure Network Engineer AZ 700
From Everand
Microsoft Azure Network Engineer AZ 700
Manish Soni
No ratings yet
Certified Ethical Hacker (CEH v12) Exam Preparation
From Everand
Certified Ethical Hacker (CEH v12) Exam Preparation
Georgio Daccache
No ratings yet
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
From Everand
CISSP - Certified Information Systems Security Professional Exam Preparation Study Guide
Georgio Daccache
5/5 (1)
AZ-104 Azure Administrator Practice Paper 2: AZ-104 Azure Administrator, #2
From Everand
AZ-104 Azure Administrator Practice Paper 2: AZ-104 Azure Administrator, #2
Tech Interviews
No ratings yet
CCNA (640-802) Exam Questions Cisco
From Everand
CCNA (640-802) Exam Questions Cisco
Eddie Vi
4.5/5 (14)
Comptia Security+ Primer
From Everand
Comptia Security+ Primer
John Greene
4.5/5 (3)