Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?
A. Allow only POST requests.
B. Mark all cookies as HTTP only.
C. Use per-session challenge tokens in links within your web application.
D. Always use the "secure" attribute for cookies.
E. Require strong passwords.
Answer: C
Q2. Which three IP resources is IANA responsible for? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q3. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: A,C,D
Q4. Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three)
A. HSRP
B. spanned EtherChannel
C. distance-vector routing
D. PBR
E. floating static routes
F. ECMP
Answer: B,D,F
Q5. Which two statements describe the Cisco TrustSec system correctly? (Choose two.)
A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
Answer: C,D
Q6. What security element must an organization have in place before it can implement a security audit and validate the audit results?
A. firewall
B. network access control
C. an incident response team
D. a security policy
E. a security operation center
Answer: D
Q7. DRAG DROP
Drag and drop the DNS record types from the left to the matching descriptions to the right
Answer:
Explanation:
DNSkEY: contains a public key for use by the resolver NSEC: Link to the zone's next record name
NSEC3 : contains a hashed link to the zone's next record name PRSIG: contains the record set's DNSSEC signature
NSEC3PARAM : used by authoritative DNS servers when responding to DNSSEC requests
DS : holds the delegated zone's name
Q8. Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?
A. The signature belongs to the IOS IPS Basic category.
B. The signature belongs to the IOS IPS Advanced category.
C. There is insufficient memory to compile the signature.
D. The signature is retired.
E. Additional signature must be complied during the compiling process.
Answer: C
Q9. Which three statements about SCEP are true?(Choose three)
A. It Supports online certification revocation.
B. Cryptographically signed and encrypted message are conveyed using PKCS#7.
C. The certificate request format uses PKCS#10.
D. It supports multiple cryptographic algorithms, including RSA.
E. CRL retrieval is support through CDP (Certificate Distribution Point) queries.
F. It supports Synchronous granting.
Answer: B,C,E
Q10. What functionality is provided by DNSSEC?
A. origin authentication of DNS data
B. data confidentiality of DNS queries and answers
C. access restriction of DNS zone transfers
D. storage of the certificate records in a DNS zone file
Answer: A
Q11. Refer to the exhibit.
Which two effect of this configuration are true ? (Choose two)
A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.
B. The Cisco ASA use the cisco directory as the starting point for the user search.
C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.
D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.
E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.
F. The admin user is authenticated against the members of the security.cisco.com group.
Answer: C,F
Q12. Which two statements about the ISO are true? (Choose two)
A. The ISO is a government-based organization.
B. The ISO has three membership categories: member, correspondent, and subscribers.
C. Only member bodies have voting rights.
D. Correspondent bodies are small countries with their own standards organization.
E. Subscriber members are individual organizations.
Answer: B,C
Q13. Which object table contains information about the clients know to the server in Cisco NHRP MIB
implementaion?
A. NHRP Server NHC Table
B. NHRP Client Statistics Table
C. NHRP Cache Table
D. NHRP Purge Request Table
Answer: A
Q14. Which two statements about ICMP redirect messages are true? (choose two)
A. By default, configuring HSRP on the interface disables ICMP redirect functionality.
B. They are generated when a packet enters and exits the same router interface.
C. The messages contain an ICMP Type 3 and ICMP code 7.
D. They are generated by the host to inform the router of an alternate route to the destination.
E. Redirects are only punted to the CPU if the packets are also source-routed.
Answer: A,B
Q15. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E
Q16. DRAG DROP
Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.
Answer:
Explanation:
A-4,B-3,C-1,D-2,E-5,F-7,G-6