Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP
Drag each OSPF security feature on the left to its description on the right.
Answer:
Explanation:
TTL security check:protects ospf neighbor sessions against CPU prefix length: protects the routers in an ospf neighbor session
Type0:Establishes OSPF sessions without authenthication Type1:Uses Clear-text authenthication to protect
Type2:Uses MD5 authenthication to protect
Q2. What feature on Cisco IOS router enables user identification and authorization based on per-user policies
A. CBAC
B. IPsec
C. Authentication proxy
D. NetFlow v9
E. Zone-based firewall
F. EEM
Answer: C
Q3. What protocol is responsible for issuing certificates?
A. SCEP
B. DTLS
C. ESP
D. AH
E. GET
Answer: A
Q4. Refer to the Exhibit. What is the effect of the given ACL policy ?
A. The policy will deny all IPv6 eBGP session.
B. The policy will disable IPv6 source routing.
C. The policy will deny all IPv6 routing packet.
D. The policy will deny all IPv6 routed packet.
Answer: B
Q5. What is the first step in performing a risk assessment?
A. Identifying critical services and network vulnerabilities and determining the potential impact of their compromise
or failure.
B. Investigating reports of data theft or security breaches and assigning responsibility.
C. Terminating any employee believed to be responsible for compromising security.
D. Evaluating the effectiveness and appropriateness of the organization’s current risk- management activities.
E. Establishing a security team to perform forensic examinations of previous known attacks.
Answer: A
Q6. Why is the IPv6 type 0 routing header vulnerable to attack?
A. It allows the receiver of a packet to control its flow.
B. It allows the sender to generate multiple NDP requests for each packet.
C. It allows the sender of a packet to control its flow.
D. It allows the sender to generate multiple ARP requests for each packet.
E. It allows the receiver of a packet to modify the source IP address.
Answer: C
Q7. Refer to the exhibit What type of attack is illustrated?
A. ICMP flood
B. ARP spoofing
C. IP address spoofing
D. CAM overflow
Answer: B
Q8. Refer to the exhibit.
If you apply the given command to a Cisco device running IOS or IOS XE, which two statements about connections to the HTTP server on the device are true?(Choose two)
A. The device will close each connection after 90 seconds even if a connection is actively processing a request.
B. Connections will close after 60 seconds without activity or 90 seconds with activity.
C. Connections will close after 60 seconds or as soon as the first request is processed.
D. When you apply the command , the device will immediately close any existing connections that have been open for longer than 90 seconds.
E. Connections will close after 60 seconds without activity or as soon as the first request is processed.
Answer: C,E
Q9. Which Two statement about the PCoIP protocol are true? (Choose two)
A. It support both loss and lossless compression
B. It is a client-rendered, multicast-codec protocol.
C. It is available in both software and hardware.
D. It is a TCP-based protocol.
E. It uses a variety of codec to support different operating system.
Answer: A,C
Q10. Which three IP resources is the IANA responsible? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q11. Refer to the exhibit.
While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?
A. The NTP continuously received the previous 8 packets.
B. The NTP process is waiting to receive its first acknowledgement.
C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.
D. The NTP process received only the most recent packet.
Answer: C
Q12. DRAG DROP
Drag and drop each RADIUS packet field on the left onto the matching decription on the right.
Answer:
Explanation: A-5,B-2,C-1,D-3,E-4
Q13. What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)
A. IMAP
B. RDP
C. MME
D. ICQ
E. POP3
F. IKE
Answer: A,D,E
Q14. Which two u.s government entities are authorized to execute and enforce the penalties for violations of the
Sarbanes-oxley(SOX)act?(choose two)
A. Federal trade commission (FTC.
B. internal Revenue service (IRS)
C. Office of Civil Rights (OCR)
D. federal reserve board
E. Securities and exchange commission (SEC.
F. United states Citizenship and immigration services (USCIS)
Answer: D,E
Q15. Refer to the exhibit.
After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?
A. R2 received a packet with an incorrect area form the loopback1 interface
B. OSPFv3 area authentication is missing
C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface
D. The SPI and the authentication key are unencrypted
E. The SPI value and the key are the same on both R1 and R2
Answer: C
Q16. Which of the following statement is true about the ARP attack?
A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.
B. Attackers sends the ARP request with the MAC address and IP address of its own.
C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.
D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.
Answer: D