Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which cloud characteristic is used to describe the sharing of physical resources between various entities?
A. Multitenancy
B. Ubiquitous access
C. Elasticity
D. Resiliency
Answer: D
Q2. All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?
A. Configure port-security to limit the number of mac-addresses allowed on each port
B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet
Answer: A
Q3. Refer to the exhibit.
Which two statements about the SNMP configuration are true? (Choose two.)
A. The router's IP address is 192.168.1.1.
B. The SNMP server's IP address is 192.168.1.1.
C. Only the local SNMP engine is configured.
D. Both the local and remote SNMP engines are configured.
E. The router is connected to the SNMP server via port 162.
Answer: B,D
Q4. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true?
A. Use a sysopt command to enable NSEL on a specific interface.
B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled
C. NSEL tracks the flow continuously and provides updates every 10 seconds.
D. You must define a flow-export event type under a policy.
E. NSEL can be used without a collector configured.
Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_co nfig/ monitor_nsel.html
Q5. Refer to the exhibit.
Server A is a busy server that offers these services:
. World Wide Web
. DNS
Which command captures http traffic from Host A to Server A?
A. capture traffic match udp host 10.1.1.150 host 10.2.2.100
B. capture traffic match 80 host 10.1.1.150 host 10.2.2.100
C. capture traffic match ip 10.2.2.0 255.255.255.192 host 10.1.1.150
D. capture traffic match tcp host 10.1.1.150 host 10.2.2.100
E. capture traffic match tcp host 10.2.2.100 host 10.1.1.150 eq 80
Answer: D
Q6. Which function in the Cisco ADSM ACL Manager pane allows an administrator to search for a specfic element?
A. Find
B. Device Management
C. Search
D. Device Setup
Answer: A
Q7. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?
A. sslconfig
B. sslciphers
C. tlsconifg
D. certconfig
Answer: A
Q8. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)
A. Enable the use of dynamic databases.
B. Add static entries to the database.
C. Enable DNS snooping.
D. Enable traffic classification and actions.
E. Block traffic manually based on its syslog information.
Answer: B,E
Q9. Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?
A. Log
B. Inspect
C. Permit
D. Deny
Answer: B
Q10. Refer to the exhibit. Which command can produce this packet tracer output on a firewall?
A. packet-tracer input INSIDE tcp 192.168.1.100 88 192.168.2.200 3028
B. packet-tracer output INSIDE tcp 192.168.1.100 88 192.168.2.200 3028
C. packet-tracer input INSIDE tcp 192.168.2.200 3028 192.168.1.100 88
D. packet-tracer output INSIDE tcp 192.168.2.200 3028 192.168.1.100 88
Answer: A
Q11. Which two statements about Cisco IDS are true? (Choose two.)
A. It is preferred for detection-only deployment.
B. It is used for installations that require strong network-based protection and that include sensor tuning.
C. It is used to boost sensor sensitivity at the expense of false positives.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
E. It is used primarily to inspect egress traffic, to filter outgoing threats.
Answer: A,D
Q12. What is the CLI command to enable SNMPv3 on the Cisco Web Security Appliance?
A. snmpconfig
B. snmpenable
C. configsnmp
D. enablesnmp
Answer: A
Q13. You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?
A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.
Answer: D
Q14. Which Cisco Security Manager form factor is recommended for deployments with fewer than 25 devices?
A. only Cisco Security Manager Standard
B. only Cisco Security Manager Professional
C. only Cisco Security Manager UCS Server Bundle
D. both Cisco Security Manager Standard and Cisco Security Manager Professional
Answer: A
Q15. Refer to the exhibit.
To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host?
A. Host A on a promiscuous port and Host B on a community port
B. Host A on a community port and Host B on a promiscuous port
C. Host A on an isolated port and Host B on a promiscuous port
D. Host A on a promiscuous port and Host B on a promiscuous port
E. Host A on an isolated port and host B on an isolated port
F. Host A on a community port and Host B on a community port
Answer: E