Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)
A. confidentiality and integrity of customer records and credit card information
B. accountability in the event of corporate fraud
C. financial information handled by entities such as banks, and mortgage and insurance brokers
D. assurance of the accuracy of financial records
E. US Federal government information
F. security standards that protect healthcare patient data
Answer: B,D
Q2. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F. It is an outbound policy.
Answer: A,C
Q3. Which two statement about PVLAN port types are true? (Choose two)
A. A community port can send traffic to community port in other communities on its broadcast domain.
B. An isolated port can send and receive traffic only to and from promiscuous ports.
C. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.
D. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.
E. A community port can send traffic to promiscuous port in other communities on its broadcast domain.
F. A Promiscuous port can send traffic to all ports within a broadcast domain.
Answer: B,F
Q4. What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?
A. merge rule tool
B. policy simplification tool
C. rule grouping tool
D. object group tool
E. combine rule tool
Answer: E
Q5. You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?
A. device-traffic-class=switch
B. device-traffic-class=trunk
C. framed-protocol=1
D. EAP-message-switch
E. Authenticate=Administrative
F. Acct-Authentic=radius
Answer: A
Q6. IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)
A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B. Ikev2 perform TCP intercept on all secure connections
C. IKEv2 only allows symmetric keys for peer authentication
D. IKEv2 interoperates with IKEv1 to increase security in IKEv1
E. IKEv2 only allows certificates for peer authentication
F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie
Answer: A,F
Q7. What IOS feature can prevent header attacks by using packet-header information to classify traffic?
A. CAR
B. FPM
C. TOS
D. LLQ
E. TTL
Answer: B
Q8. Which two statements about header attacks are true?(Choose Two)
A. An attacker can use IPv6 Next Header attacks to steal user data and launch phishing attacks.
B. An attacker can use HTTP Header attacks to launch a DoS attack.
C. An attacker can execute a spoofing attack by populating the RH0 routing header subtype with multiple
destination addresses.
D. An attacker can leverage an HTTP response header to write malicious cookies.
E. An attacker can leverage an HTTP response header to inject malicious code into an application layer.
F. An attacker can use vulnerabilities in the IPv6 routing header to launch attacks at the application layer.
Answer: B,C
Q9. Which two characteristics of DTLS are true? (Choose two)
A. It includes a congestion control mechanism
B. It supports long data transfers and connections data transfers
C. It completes key negotiation and bulk data transfer over a single channel
D. It is used mostly by applications that use application layer object-security protocols
E. It includes a retransmission method because it uses an unreliable datagram transport
F. It cannot be used if NAT exists along the path
Answer: A,E
Q10. What ASA feature can do use to restrict a user to a specific VPN group?
A. A webtypeACL
B. MPF
C. A VPN filter
D. Group-lock
Answer: D
Q11. Refer to the exhibit. What is the effect of the given configuration?
A. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.
B. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to
3600 milliseconds.
C. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.
D. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.
E. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.
Answer: E
Q12. Which two options are disadvantages of MPLS layers 3 VPN services? (choose two)
A. They requires cooperation with the service provider to implement transport of non-IP traffic.
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Answer: D,E
Q13. Refer to the exhibit. What type of attack is represented in the given Wireshark packet capture?
A. a SYN flood
B. spoofing
C. a duplicate ACK
D. TCP congestion control
E. a shrew attack
Answer: A
Q14. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: D,F
Q15. What protocol provides security for datagram protocols?
A. MAB
B. DTLS
C. SCEP
D. GET
E. LDP
Answer: B
Q16. Which Two statement about the PCoIP protocol are true? (Choose two)
A. It support both loss and lossless compression
B. It is a client-rendered, multicast-codec protocol.
C. It is available in both software and hardware.
D. It is a TCP-based protocol.
E. It uses a variety of codec to support different operating system.
Answer: A,C