Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. According to RFC 4890, which three message must be dropped at the transit firewall/router?(Choose three.)
A. Router Renumbering(Type 138)
B. Node Information Query(Type 139)
C. Router Solicitation(Type 133)
D. Node information Response(Type
E. Router Advertisement(Type 134)
F. Neighbor Solicitaion(Type 135)
Answer: A,B,D
Q2. What are three QoS features supported on the ASA running version 8.x? (Choose Three)
A. Traffic shaping and standard priority queuing on the same interface.
B. IPSec-over-TCP priority queuing.
C. Traffic shaping within the class-default class map only.
D. Priority queuing.
E. Traffic shaping within any class map.
F. Traffic policing.
Answer: C,D,F
Q3. Which two statements about SGT Exchange Protocol are true? (Choose two)
A. It propagates the IP-to-SGT binding table across network devices that do not have the ability to perform
SGT tagging at Layer 2 to devices that support it
B. SXP runs on UDP port 64999
C. A connection is established between a “listener” and a “speaker”
D. SXP is only supported across two hops
E. SXPv2 introduces connection security via TLS
Answer: A,C
Q4. You have discovered unwanted device with MAC address 001c.0f12.badd on port FastEthernet1/1 on
VLAN 4.what command or command sequence can you enter on the switch to prevent the
MAC address from passing traffic on VLAN 4?
A)
B)
C)
D)
E)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Q5. How does a wireless association flood attack create a DoS?
A. It sends a high-power RF pulse that can damage the internals of the AP
B. It spoofs disassociation frames from the access point.
C. It uses a brute force attack to crack the encryption.
D. It exhausts the access client association table.
Answer: D
Q6. Which two statements about role-based access control are true?(Choose two)
A. Server profile administrators have read and write access to all system logs by default.
B. If the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account.
C. A view is created on the Cisco IOS device to leverage role-based access controls.
D. Network administrators have read and write access to all system logs by default.
E. The user profile on an AAA server is configured with the roles that grant user privileges.
Answer: D,E
Q7. DRAG DROP
Drag each step in the configuration of flexiblenetflow IPv6 traffic Unicast flows on the left into the Correct order of operation on the right?
Answer:
Explanation:
Step 1: Configure the flow exporter
Step 2: configure flow record Step 3: configure flow monitor Step 4: Apply flow monitor Step 5: Configure data export.
Q8. Refer to the exhibit, which conclusion can be drawn from this output?
A. The license of the device supports multiple virtual firewalls
B. The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform
C. The license of the device allows for it to be used in a failover set
D. The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher
Answer: A
Q9. DRAG DROP
Drag each EAP variant in the 802.1x framework to the matching statement on the right?
Answer:
Explanation: EAP-FAST: An encapsulated EAP variant that can travel through TLS tunnel EAP-MD5: When used, EAP servers provide authentication to EAP peers only EAP-OTP: Authenticates using a single-use token
EAP-PEAP: Performs secure tunnel authentication
EAP-SIM: Enables GSM users to access both voice and data services with unified authentication. EAP-TLS: Provides EAP message fragmentation.
EAP-TTLS: An early EAP variant that uses certificates based authentication of both client and server
LEAP: A simplified EAP variant that uses password as shared service.
Q10. MWhich three are RFC 5735 addresses? (Choose three.)
A. 171.10.0.0/24
B. 0.0.0.0/8
C. 203.0.113.0/24
D. 192.80.90.0/24
E. 172.16.0.0/12
F. 198.50.100.0/24
Answer: B,C,E
Q11. DRAG DROP
Drag and drop each syslog facility code on the left onto its description on the right.
Answer:
Explanation:
A:1,B2,C:3,D:4,E:5,F:6
Q12. Refer to the exhibit.
Which effect of this Cisco ASA policy map is true?
A. The Cisco ASA is unable to examine the TLS session.
B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.
C. it prevents a STARTTLS session from being established.
D. The Cisco ASA logs SMTP sessions in clear text.
Answer: B
Q13. DRAG DROP
Drag and drop the desktop-security terms from the left onto their right definitions on the right?
Answer:
Explanation:
governance = directing and controlling information and communications technology penetration testing = using hacking techniques to attempt to bypass existing security phishing = attempting to elict information from users by sending targeted emails
SSO = allowing users to sign in to multiple systems without reentering their credentials two factor authentication = using more than one mechanism to verify a user login
Q14. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
Q15. Refer to the Exhibit, What is a possible reason for the given error?
A. One or more require application failed to respond.
B. The IPS engine is busy building cache files.
C. The IPS engine I waiting for a CLI session to terminate.
D. The virtual sensor is still initializing.
Answer: D
Q16. Which two statements about the SHA-1 algorithm are true? (Choose two)
A. The SHA-1 algorithm is considered secure because it always produces a unique hash for the same message.
B. The SHA-1 algorithm takes input message of any length and produces 160-bit hash output.
C. The SHA-1 algorithm is considered secure because it is possible to find a message from its hash.
D. The purpose of the SHA-1 algorithm is to provide data confidentiality.
E. The purpose of the SHA-1 algorithm is to provide data authenticity.
Answer: B,E