Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP
Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?
Answer:
Explanation:
1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.
Q2. In which class of applications security threads does HTTP header manipulation reside?
A. Session management
B. Parameter manipulation
C. Software tampering
D. Exception managements
Answer: A
Q3. Which three fields are part of the AH header? (Choose three)
A. Destination address
B. Protocol ID
C. Packet ICV
D. SPI identifying SA
E. Next header
F. Application port
G. Source address
Answer: C,D,E
Q4. Which two statements about the 3DES encryption protocol are true?(Choose two)
A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.
B. Its effective key length is 168 bits.
C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.
D. The algorithm is most efficient when it is implemented in software instead of hardware.
E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.
F. Its effective key length is 112 bits.
Answer: E,F
Q5. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)
A. at the trusted and untrusted interfaces in the inbound direction.
B. at the trusted interface in the inbound direction.
C. at the trusted and untrusted interfaces in the outbound direction.
D. at the untrusted interface in the inbound direction.
E. at the trusted interface in the outbound direction.
F. at the trusted interface in the outbound direction.
Answer: B,F
Q6. What is the default communication port used by RSA SDI and ASA ?
A. UDP 500
B. UDP 848
C. UDP 4500
D. UDP 5500
Answer: D
Q7. Which two statements about the MD5 Hash are true? (Choose two.)
A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Answer: B,E
Q8. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. L2TP-Encryption
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Answer: B,D,E
Q9. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)
A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any
interface FastEthernet0/0
ipv6 traffic-filter Deny_Loose_Source_Routing in
B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any
Interface FastEthernet/0 Ipv6 tr
Affic-filter Deny_Loose_Source_Routing in
C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0
Permit ipv6 any any Interface FastEthernet0/0
Ipv6 traffic –filter Deny_Loose_Routing in
D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0
Deny ipv6 any any routing –type 0 Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic –filter Deny_Loose_Source_Routing in
E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input
Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in
Answer: C,D
Q10. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?
A. The finger service
B. A BOOTp server
C. A TCP small server
D. The PAD service
Answer: C
Q11. What are two protocols that HTTP can use to secure sessions? (Choose two)
A. HTTPS
B. AES
C. TLS
D. AH
E. SSL
Answer: A,E
Q12. Which of the following Cisco IPS signature engine has relatively high memory usage ?
A. The STRING-TCP engine
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine
Answer: C
Q13. Which three statements about the IANA are true? (Choose three.)
A. IANA is a department that is operated by the IETF
B. IANA oversees global IP address allocation.
C. IANA managed the root zone in the DNS.
D. IANA is administered by the ICANN.
E. IANA defines URI schemes for use on the Internet.
Answer: B,C,D
Q14. DRAG DROP
Drag each ISE probe on the left to the matching statement on the right.
Answer:
Q15. How can the tail drop algorithem support traffic when the queue is filled?
A. It drop older packet with a size of 64 byts or more until queue has more traffic
B. It drop older packet with a size of less than 64 byts until queue has more traffic
C. It drops all new packets until the queue has room for more traffic
D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.
Answer: C
Q16. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E