Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which Cisco TrustSec role does a Cisco ASA firewall serve within an identity architecture?
A. Access Requester
B. Policy Decision Point
C. Policy Information Point
D. Policy Administration Point
E. Policy Enforcement Point
Answer: E
Q2. Which two options are private-VLAN secondary VLAN types? (Choose two)
A. Isolated
B. Secured
C. Community
D. Common
E. Segregated
Answer: A,C
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html
Q3. Which cloud characteristic is used to describes the sharing of physical resource between various
entities ?
A. Elasticity
B. Ubiquitous access
C. Multitenancy
D. Resiliency
Answer: D
Explanation:
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_cloud1.html
Q4. A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?
A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command
B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan-number
C. Configure an arp access-list and apply it to the ip arp inspection command
D. Enable port security
Answer: C
Q5. Which VTP mode supports private VLANs on a switch?
A. transparent
B. server
C. client
D. off
Answer: A
Q6. Refer to the exhibit.
Which option describes the expected result of the capture ACL?
A. The capture is applied, but we cannot see any packets in the capture
B. The capture does not get applied and we get an error about mixed policy.
C. The capture is applied and we can see the packets in the capture
D. The capture is not applied because we must have a host IP as the source
Answer: B
Q7. Refer to the exhibit.
Which two statements about this firewall output are true? (Choose two.)
A. The output is from a packet tracer debug.
B. All packets are allowed to 192.168.1.0 255.255.0.0.
C. All packets are allowed to 192.168.1.0 255.255.255.0.
D. All packets are denied.
E. The output is from a debug all command.
Answer: A,C
Q8. Which two statements about Cisco IDS are true? (Choose two.)
A. It is preferred for detection-only deployment.
B. It is used for installations that require strong network-based protection and that include sensor tuning.
C. It is used to boost sensor sensitivity at the expense of false positives.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
E. It is used primarily to inspect egress traffic, to filter outgoing threats.
Answer: A,D
Q9. Which two SNMPv3 features ensure that SNMP packets have been sent securely?" Choose two.
A. host authorization
B. authentication
C. encryption
D. compression
Answer: B,C
Q10. What is the result of the default ip ssh server authenticate user command?
A. It enables the public key, keyboard, and password authentication methods. B. It enables the public key authentication method only.
C. It enables the keyboard authentication method only.
D. It enables the password authentication method only.
Answer: A
Q11. An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?
A. no service password-recovery
B. no service startup-config
C. service password-encryption
D. no confreg 0x2142
Answer: A
Q12. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?
A. ACL permitting udp 123 from ntp server
B. ntp authentication
C. multiple ntp servers
D. local system clock
Answer: B
Q13. You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?
A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.
Answer: D
Q14. What can an administrator do to simultaneously capture and trace packets in a Cisco ASA?
A. Install a Cisco ASA virtual appliance.
B. Use the trace option of the capture command.
C. Use the trace option of the packet-tracer command.
D. Install a switch with a code that supports capturing, and configure a trunk to the Cisco ASA.
Answer: B
Q15. How many bridge groups are supported on a firewall that operate in transparent mode?
A. 8
B. 16
C. 10
D. 6
Answer: A