Q1. How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment? A. 1GB B. 5GB C. 2GB D. 10GB View AnswerAnswer: C Q2. Which four are IPv6 First Hop Security technologies? (Choose four.) A. Send B. Dynamic ARP Inspection C. Router Advertisement Guard D. Neighbor Discovery Inspection E. Traffic Storm Control F. Port Security G. DHCPv6 Guard View AnswerAnswer: A,C,D,G Q3. Refer to…
Q1. All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring? A. Configure port-security to limit the…
Q1. Which two features does Cisco Security Manager provide? (Choose two.) A. Configuration and policy deployment before device discovery B. Health and performance monitoring C. Event management and alerting D. Command line menu for troubleshooting E. Ticketing management and tracking View AnswerAnswer: B,C Q2. CORRECT TEXT You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations.…
Q1. An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address? A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address B. a username, because traps are only sent to a configured user C. SSH,…
Q1. Refer to the exhibit. Which two statements about the SNMP configuration are true? (Choose two.) A. The router's IP address is 192.168.1.1. B. The SNMP server's IP address is 192.168.1.1. C. Only the local SNMP engine is configured. D. Both the local and remote SNMP engines are configured. E. The router is connected to the SNMP server via port 162. View AnswerAnswer: B,D Q2. Which technology provides…
Q1. Which two TCP ports must be open on the Cisco Security Manager server to allow the server to communicate with the Cisco Security Manager client? (Choose two.) A. 1741 B. 443 C. 80 D. 1740 E. 8080 View AnswerAnswer: A,B Q2. Which two VPN types can you monitor and control with Cisco Prime Security Manager? (Choose two.) A. AnyConnect SSL B. site-to-site C. clientless SSL D. IPsec remote-access View AnswerAnswer: A,D Explanation:…
Q1. What are three ways to add devices in Cisco Prime Infrastructure? (Choose three.) A. Use an automated process. B. Import devices from a CSV file. C. Add devices manually. D. Use RADIUS. E. Use the Access Control Server. F. Use Cisco Security Manager. View AnswerAnswer: A,B,C Q2. What are two enhancements of SSHv2 over SSHv1? (Choose two.) A. VRF-aware SSH support B. DH group exchange support C. RSA support D. keyboard-interactive…
Q1. If the Cisco ASA 1000V has too few licenses, what is its behavior? A. It drops all traffic. B. It drops all outside-to-inside packets. C. It drops all inside-to-outside packets. D. It passes the first outside-to-inside packet and drops all remaining packets. View AnswerAnswer: D Q2. Which two options are private-VLAN secondary VLAN types? (Choose two) A. Isolated B. Secured C. Community D. Common E. Segregated View AnswerAnswer: A,C Explanation: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html Q3.…
Q1. What is the result of the default ip ssh server authenticate user command? A. It enables the public key, keyboard, and password authentication methods. B. It enables the public key authentication method only. C. It enables the keyboard authentication method only. D. It enables the password authentication method only. View AnswerAnswer: A Q2. Refer to the exhibit. Which option describes the expected result of the…
Q1. You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users? A. static NAT B. dynamic NAT C. network object NAT D. twice NAT View AnswerAnswer: A Q2. Refer to the exhibit. Which statement about this access list is true? A. This access list does not work without 6to4 NAT B.…
Q1. What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.) A. guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access the device B. increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE C. enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2…
Q1. In which way are management packets classified on a firewall that operates in multiple context mode? A. by their interface IP address B. by the routing table C. by NAT D. by their MAC addresses View AnswerAnswer: A Q2. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ? A. TCP sessions B. DHCP lease C.…
Q1. Which utility can you use to troubleshoot and determine the timeline of packet changes in a data path within a Cisco firewall? A. packet tracer B. ping C. traceroute D. SNMP walk View AnswerAnswer: A Q2. Which two options are purposes of the packet-tracer command? (Choose two.) A. to filter and monitor ingress traffic to a switch B. to configure an interface-specific packet trace C. to simulate network…
Q1. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces? A. ASA 5505 with failover license option B. ASA 5510 Security+ license option C. ASA 5520 with any license option D. ASA 5540 with AnyConnect Essentials License option View AnswerAnswer: B Q2. Which three statements about private VLANs are true? (Choose three.) A. Isolated ports can talk to promiscuous and community…
Q1. Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface? A. Bridge protocol Data Unit Guard B. Storm Control C. Embedded event monitoring D. Access control lists View AnswerAnswer: B Q2. Which two options are private-VLAN secondary VLAN types? (Choose two) A. Isolated B. Secured C. Community D. Common E. Segregated View AnswerAnswer: A,C Explanation: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html Q3. Your company…
Q1. You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context? A. Interfaces may not be shared between contexts in routed mode. B. Configure…
Q1. Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device? A. logging list critical_messages level 2 console logging critical_messages B. logging list critical_messages level 2 logging console critical_messages C. logging list critical_messages level 2 logging console enable critical_messages D. logging list enable critical_messages level 2 console logging critical_messages View AnswerAnswer: B Q2. When it is configured in accordance to…
Q1. Which cloud characteristic is used to describe the sharing of physical resources between various entities? A. Multitenancy B. Ubiquitous access C. Elasticity D. Resiliency View AnswerAnswer: D Q2. All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is…
Q1. A router is being enabled for SSH command line access. The following steps have been taken: . The vty ports have been configured with transport input SSH and login local. . Local user accounts have been created. . The enable password has been configured. What additional step must be taken if users receive a 'connection refused' error when attempting to access the router…
Q1. You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.) A. router solicitation B. router advertisement C. neighbor solicitation D. neighbor advertisement E. redirect View AnswerAnswer: C,D Q2. Which log level provides the most detail on the…
Q1. Which command displays syslog messages on the Cisco ASA console as they occur? A. Console logging B. Logging console C. Logging trap D. Terminal monitor E. Logging monitor View AnswerAnswer: B Q2. What are the three types of private VLAN ports? (Choose three.) A. promiscuous B. isolated C. community D. primary E. secondary F. trunk View AnswerAnswer: A,B,C Q3. A switch is being configured at a new location that uses…
Q1. Prior to a software upgrade, which Cisco Prime Infrastructure feature determines if the devices being upgraded have sufficient RAM to support te new software ? A. Software Upgrade Report B. Image Management Report C. Upgrade Analysis Report D. Image Analysis Report View AnswerAnswer: C Q2. Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V? A. Virtual Service Node B.…
Q1. At which layer does Dynamic ARP Inspection validate packets? A. Layer 2 B. Layer 3 C. Layer 4 D. Layer 7 View AnswerAnswer: A Q2. Which three logging methods are supported by Cisco routers? (Choose three.) A. console logging B. TACACS+ logging C. terminal logging D. syslog logging E. ACL logging F. RADIUS logging View AnswerAnswer: A,C,D Q3. A network administrator is creating an ASA-CX administrative user account with the following parameters: The user…
Q1. When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces? A. in the system execution space B. in the admin context C. in a user-defined context D. in the global configuration View AnswerAnswer: A Q2. What is the default behavior of NAT control on Cisco ASA Software Version 8.3? A. NAT control has been deprecated on Cisco ASA Software Version 8.3. B.…
Q1. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP? A. MACsec B. Flex VPN C. Control Plane Protection D. Dynamic Arp Inspection View AnswerAnswer: A Q2. Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.) A. NAT B. dynamic routing C. SSL remote access VPN D. IPSec remote access VPN View AnswerAnswer: A,B Q3. To which port does a…
Q1. Which Cisco TrustSec role does a Cisco ASA firewall serve within an identity architecture? A. Access Requester B. Policy Decision Point C. Policy Information Point D. Policy Administration Point E. Policy Enforcement Point View AnswerAnswer: EQ2. Which two options are private-VLAN secondary VLAN types? (Choose two) A. Isolated B. Secured C. Community D. Common E. Segregated View AnswerAnswer: A,C Explanation: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html Q3. Which cloud characteristic is used to describes the sharing of…
Q1. What is the best description of a unified ACL on a Cisco firewall? A. An ACL with both IPv4 and IPv6 functionality. B. An IPv6 ACL with IPv4 backwards compatibility. C. An IPv4 ACL with IPv6 support. D. An ACL that supports EtherType in addition to IPv6. View AnswerAnswer: A Explanation: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html Q2. In which way are management packets classified on a firewall that operates…
Q1. Which two options are protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? ( Choose two ) A. Unicast Reverse Path Forwarding B. NetFlow C. Routing Protocol Authentication D. Threat detection E. Syslog F. ICMP unreachables G. Cisco URL Filtering View AnswerAnswer: B,E Explanation: http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html Q2. The Cisco Email Security Appliance can be managed with both local and external users…
