Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer to the exhibit, which conclusion can be drawn from this output?
A. The license of the device supports multiple virtual firewalls
B. The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform
C. The license of the device allows for it to be used in a failover set
D. The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher
Answer: A
Q2. Which two options are benefits of shortcut Switching Enhancements for NHRP on DMVPN networks? (choose two)
A. Its enables the NHRP FIB lookup process to perform route summarization on the hub.
B. It allows data packets to be fast switched while spoke-to-spoke tunnels are being established.
C. It is most beneficial with partial full-mesh DVMPN setup.
D. It supports layered network topologies with the central hubs and direct spoke-to –spoke tunnels between
spokes on different hubs.
E. It enables spokes to use a summary route to build spoke-to-spoke tunnels.
Answer: B,E
Q3. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
Q4. Refer to the exhibit.
What are three effect of the given firewall configuration? (Choose three.)
A. The firewall allows Echo Request packets from any source to pass server.
B. The firewall allows time Exceeded error messages from any source to pass to the server.
C. PCs outside the firewall are unable to communicate with the server over HTTP
D. The firewall allows Echo Reply packets from any source to pass to the server.
E. The firewall allows Destination Unreachable error messages from any source to pass to the server.
F. The firewall allows Packet too big error messages from any source to pass to the server.
Answer: A,D,F
Q5. DRAG DROP
Drag each MACsec term on the left to the right matching statement on the right?
Answer:
Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange
SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco
Q6. Which two statement about MSDP ate true? (Choose three)
A. It can connect to PIM-SM and PIM-DM domains
B. It announces multicast sources from a group
C. The DR sends source data to the rendezvous point only at the time the source becomes active
D. It can connect only to PIM-DM domains
E. It registers multicast sources with the rendezvous point of a domain
F. It allows domains to discover multicast sources in the same or different domains.
Answer: B,E,F
Q7. Refer to the exhibit.
A. Modify the tunnel keys to match on the hub and spoke
B. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
C. Modify the NHRP hold times to match on the hub and spoke
D. Modify the NHRP network IDs to match on the hub and spoke
Answer: A
Q8. Which protocol does VNC use for remote access to a GUI?
A. RTPS
B. RARP
C. E6
D. SSH
E. RFB
Answer: D
Q9. Which two statement about Infrastructure ACLs on Cisco IOS software are true? (Choose two.)
A. Infrastructure ACLs are used to block-permit the traffic in the router forwarding path.
B. Infrastructure ACLs are used to block-permit the traffic handled by the route processor.
C. Infrastructure ACLs are used to block-permit the transit traffic.
D. Infrastructure ACLs only protect device physical management interface.
Answer: B,D
Q10. Which two statements about the ISO are true? (Choose two)
A. The ISO is a government-based organization.
B. The ISO has three membership categories: member, correspondent, and subscribers.
C. Only member bodies have voting rights.
D. Correspondent bodies are small countries with their own standards organization.
E. Subscriber members are individual organizations.
Answer: B,C
Q11. What IOS feature can prevent header attacks by using packet-header information to classify traffic?
A. CAR
B. FPM
C. TOS
D. LLQ
E. TTL
Answer: B
Q12. DRAG DROP
Drag and drop ESP header field on the left to the appropriate field length on the right
Answer:
Q13. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?
A. Allow only POST requests.
B. Mark all cookies as HTTP only.
C. Use per-session challenge tokens in links within your web application.
D. Always use the "secure" attribute for cookies.
E. Require strong passwords.
Answer: C
Q14. Which category to protocol mapping for NBAR is correct?
A. Category:internet Protocol:FTP,HTTP,TFTP
B. )Category:Network management Protocol:ICMP,SNMP,SSH,telent
C. Category:network mail services Protocol:mapi,pop3,smtp
D. Category:Enterprise applications Protocal:citrixICA,PCAnywhere,SAP,IMAP
Answer: A
Q15. Which description of a virtual private cloud is true?
A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation
B. An on-demand configurable pool of shared data resources allocated within a private cloud environment,
which provides assigned DMZ zones
C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation
D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation
Answer: D
Q16. DRAG DROP
Drag and drop the desktop-security terms from the left onto their right definitions on the right?
Answer:
Explanation:
governance = directing and controlling information and communications technology penetration testing = using hacking techniques to attempt to bypass existing security phishing = attempting to elict information from users by sending targeted emails
SSO = allowing users to sign in to multiple systems without reentering their credentials two factor authentication = using more than one mechanism to verify a user login