Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What context-based access control (CBAC. command sets the maximum time that a router
running Cisco IOS Will wait for a new TCP session to reach the established state?
A. IP inspect max-incomplete
B. IP inspect tcp finwait-time
C. Ip inspect udp idle-time
D. Ip inspect tcpsynwait-time
E. Ip inspect tcp idle-time
Answer: D
Q2. What are two advantages of NBAR2 over NBAR? (Choose two)
A. Only NBAR2 support Flexible NetFlow for extracting and exporting fields from the packet header.
B. Only NBAR2 allows the administrator to apply individual PDL files.
C. Only NBAR2 support PDLM to support new protocals.
D. Only NBAR2 can use Sampled NetFlow to extract pre-defined packet headers for reporting.
E. Only NBAR2 supports custom protocols based on HTTP URLs.
Answer: A,E
Q3. Refer to the exhibit. Which statement about the effect of this configuration is true?
A. reply protection is disable
B. It prevent man-in-the-middle attacks
C. The replay window size is set to infinity
D. Out-of-order frames are dropped
Answer: D
Q4. According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: A,B,C,D
Q5. DRAG DROP
Drag each IP transmission and fragmentation term on the left to the matching statement on the right?
Answer:
Explanation: DF bit: A value in the IP header that indicates whether packet fragmentation is permitted.
Fragment offset: A value in the IP packet that indicates the location of a fragment in the datagram.
MF bit: Indicates that this is last packet with the biggest offset.
MSS: The amount of data that the receiving host can accept in each TCP segment. MTU: A value representing the maximum acceptable length of a packet to be transmitted over a link. PMTUD: A technology used to prevent fragmentation as data travels between two end points.
Tunnel: A logical interface allows packet to be encapsulated inside a passenger protocol for transmission across a
different carrier protocol.
Q6. DRAG DROP
Drag each ISE probe on the left to the matching statement on the right.
Answer:
Q7. Which statement about the cisco anyconnect web security module is true ?
A. It is VPN client software that works over the SSl protocol.
B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D. It is deployed on endpoints to route HTTP traffic to SCANsafe
Answer: D
Q8. Refer to the exhibit. Which effect of this configuration is true?
A. It enables MLD query messages for all link-local groups.
B. It configures the node to generate a link-local group report when it joins the solicited- node multicast group.
C. It enables hosts to send MLD report messages for groups 224.0.0.0/24.
D. it enables local group membership for MLDv1 and MLDv2.
E. It enables the host to send MLD report messages for nonlink local groups.
Answer: C
Q9. DRAG DROP
Drag each step in the SCEP workflow on the left into the correct order of operations on the right?
Answer:
Explanation:
Step 1: Obtain and validate CA cert.
Step 2: Generate a certificate signing request for the CA.
Step 3: Sent a request to SCEP server to confirm that the cert was signed. Step 4: Re- enroll the client and replace the existing certificate.
Step 5: Check Certificate revocation list.
Q10. You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):
With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?
A. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
B. Modify the NHRP hold times to match on the hub and spoke
C. Modify the NHRP network IDs to match on the hub and spoke
D. Modify the tunnel keys to match on the hub and spoke
Answer: D
Q11. Which two statements about the DES algorithm are true? (Choose two)
A. The DES algorithm is based on asymmetric cryptography.
B. The DES algorithm is a stream cipher.
C. The DES algorithm is based on symmetric cryptography.
D. The DES algorithm encrypts a block of 128 bits.
E. The DES algorithm uses a 56-bit key.
Answer: C,E
Q12. In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource- limited by default when their context is a member of the default class?(choose three).
A. Telnet sessions
B. ASDM sessions
C. IPSec sessions
D. SSH sessions
E. TCP sessions
F. SSL VPN sessions
Answer: A,B,D
Q13. Which VPN technology is based on GDOI (RFC 3547)?
A. MPLS Layer 3 VPN
B. MPLS Layer 2 VPN
C. GET VPN
D. IPsec VPN
Answer: C
Q14. Which three of these are security properties that TLS v1.2 provides?(Choose three)?
A. Availability
B. integrity
C. non-repudiation
D. authentication
E. authorization
F. confidentiality
Answer: B,D,F
Q15. Which two network protocols can operate on the Application Layer?(Choose two)
A. DNS
B. UDP
C. TCP
D. NetBIOS
E. DCCP
F. SMB
Answer: A,F
Q16. Refer to the Exhibit. What is the effect of the given ACL policy ?
A. The policy will deny all IPv6 eBGP session.
B. The policy will disable IPv6 source routing.
C. The policy will deny all IPv6 routing packet.
D. The policy will deny all IPv6 routed packet.
Answer: B