Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: A,B,F
Q2. Refer to the exhibit.
If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two)
A. The device will close each connection after 90 seconds even if a connection is actively processing a request.
B. Connections will close after 60 seconds without activity or 90 seconds with activity.
C. Connections will close after 60 seconds or as soon as the first request is processed.
D. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.
E. Connections will close after 60 seconds without activity or as soon as the first request is processed.
Answer: C,E
Q3. What feature enables extended secure access from non-secure physical location?
A. Port security
B. Strom control
C. NEAT
D. CBAC
E. 802 1x pot-based authentication
Answer: C
Q4. Which two statements about VPLS and VPWS are true? (Choose two)
A. VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementations
B. VPWS only sends the data payload over an MPLS core
C. VPLS is intended for applications that require point-to-point access
D. VPWS supports multicast using a hub-and-spoke architecture
E. VPLS is intended for applications that require multipoint or broadcast access
F. VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud
Answer: E,F
Q5. Which three statements about Unicast RPF in strict mode and loose mode are true? (choose three)
A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.
B. Strict mode requires a default route to be associated with the uplink network interface.
C. Both loose and strict modes are configured globally on the router.
D. Loose mode requires the source address to be present in the routing table.
E. Strict mode is recommended on interfaces that will receive packets only form the same subnet to which the interface is assigned.
F. Interfaces in strict mode drop traffic with return routes that point to the NULL 0 interface.
Answer: D,E,F
Q6. What is the maximum pattern length supported by FPM searches within a packet ?
A. 256 bytes
B. 1500 bytes
C. 512 bytes
D. 128 bytes
Answer: A
Q7. Refer to the exhibit, which configuration prevents R2 from become a PIM neighbor with R1?
A. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 1
B. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ipigmp access-group 10
C. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0 Ippimneighbour-filter 10
D. Access-list 10 permit 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 10
Answer: D
Q8. On Which encryption algorithm is CCMP based?
A. IDEA
B. BLOWFISH
C. RCS
D. 3DES
E. AES
Answer: E
Q9. Which three statements about the RSA algorithm are true? (Choose three.)
A. The RSA algorithm provides encryption but not authentication.
B. The RSA algorithm provides authentication but not encryption.
C. The RSA algorithm creates a pair of public-private keys that are shared by entities that perform encryption.
D. The private key is never sent across after it is generated.
E. The public key is used to decrypt the message that was encrypted by the private key.
F. The private key is used to decrypt the message that was encrypted by the public key.
Answer: C,D,F
Q10. You want to enable users in your company’s branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose?
A. TLS mode
B. H-REAP mode
C. Monitor mode
D. REAP mode
E. Local mode
Answer: B
Q11. Which two options are unicast address types for IPv6 addressing? (Choose two)
A. Established
B. Static
C. Global
D. Dynamic
E. Link-local
Answer: C,E
Q12. What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)
A. IMAP
B. RDP
C. MME
D. ICQ
E. POP3
F. IKE
Answer: A,D,E
Q13. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)
A. at the trusted and untrusted interfaces in the inbound direction.
B. at the trusted interface in the inbound direction.
C. at the trusted and untrusted interfaces in the outbound direction.
D. at the untrusted interface in the inbound direction.
E. at the trusted interface in the outbound direction.
F. at the trusted interface in the outbound direction.
Answer: B,F
Q14. What are two protocols that HTTP can use to secure sessions? (Choose two)
A. HTTPS
B. AES
C. TLS
D. AH
E. SSL
Answer: A,E
Q15. Which command sets the Key-length for the IPv6 send protocol?
A. IPv6 nd ns-interval
B. Ipv6 ndra-interval
C. IPv6 nd prefix
D. IPv6 nd inspection
E. IPv6 nd secured
Answer: E
Q16. Which two statements about the 3DES encryption protocol are true?(Choose two)
A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.
B. Its effective key length is 168 bits.
C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.
D. The algorithm is most efficient when it is implemented in software instead of hardware.
E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.
F. Its effective key length is 112 bits.
Answer: E,F