Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two options are differences between automation and orchestration? (Choose two)
A. Automation is to be used to replace human intervention
B. Automation is focused on automating a single or multiple tasks
C. Orchestration is focused on an end-to-end process or workflow
D. Orchestration is focused on multiple technologies to be integrated together
E. Automation is an IT workflow composed of tasks, and Orchestration is a technical task
Answer: B,C
Q2. Refer to the exhibit, which effect of this configuration is true?
A. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes
B. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes
C. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
D. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
E. The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
Answer: D
Q3. Which of the following two statements apply to EAP-FAST? (Choose two.)
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
D. EAP-FAST is a client/client security architecture.
Answer: A,C
Q4. IKEv2 provide greater network attack resiliency against a DoS attack than IKEv1 by utilizing which two functionalities?(Choose two)
A. with cookie challenge IKEv2 does not track the state of the initiator until the initiator respond with cookie.
B. Ikev2 perform TCP intercept on all secure connections
C. IKEv2 only allows symmetric keys for peer authentication
D. IKEv2 interoperates with IKEv1 to increase security in IKEv1
E. IKEv2 only allows certificates for peer authentication
F. An IKEv2 responder does not initiate a DH exchange until the initiator responds with a cookie
Answer: A,F
Q5. From what type of server can you to transfer files to ASA’s internal memory ?
A. SSH
B. SFTP
C. Netlogon
D. SMB
Answer: D
Q6. What port has IANA assigned to the GDOI protocol?
A. UDP 4500
B. UDP 500
C. UDP 1812
D. UDP 848
Answer: D
Q7. Which object table contains information about the clients know to the server in Cisco NHRP MIB
implementation?
A. NHRP Cache Table
B. NHRP Client Statistics Table
C. NHRP Purge Request Table
D. NHRP Server NHC Table
Answer: D
Q8. Refer to the exhibit, what Is the effect of the given command sequence?
A. The router telnet to the on port 2002
B. The AP console port is shut down.
C. A session is opened between the router console and the AP.
D. The router telnet to the router on port 2002.
Answer: C
Q9. Refer to the exhibit. What protocol format is illustrated?
A. GR
B. AH
C. ESP
D. IP
Answer: B
Q10. DRAG DROP
Drag each SSI encryption algorithm on the left to the encryption and hashing values it uses on the Right?
Answer:
Explanation: 3DES-sha1: 168 bit encryption with 160 bit hash DES-sha1: 56 bit encryption with 160 bit hash Null sha1: 160 bit hash without encryption
RC4-md5: 128 bit with 128 bit hash RC4-sha1: 128 bit with 160 bit hash.
Q11. Refer to the exhibit . Which Statement about this configuration is true?
A. The ASA stops LSA type 7 packets from flooding into OSPF area 1.
B. The ASA injects a static default route into OSPF area 1.
C. The ASA redistributes routes from one OSPF process to another.
D. The ASA redistributes routes from one routing protocol to another.
E. The ASA injects a static default route into OSPF process 1.
Answer: C
Q12. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?
A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater
B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets
C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes
D. It configures the interface to fragment packets on connections with MTUs of 1024 or less
E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes
Answer: E
Q13. Refer to the exhibit
which two statement about the given IPV6 ZBF configuration are true? (Choose two)
A. It provides backward compability with legacy IPv6 inspection
B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.
C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.
D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.
E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.
F. It provide backward compatibility with legacy IPv4 inseption.
Answer: A,B
Q14. Refer to the exhibit
Flexible NetFlow is failing to export flow records from RouterA to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle
A. Set the NetFlow export protocol to v5
B. Configure the output-features command for the IPV4-EXPORTER
C. Add the ipv6 cef command to the configuration
D. Remove the ip cef command from the configuration
E. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor
Answer: D
Q15. Refer the exhibit.
Which of the following is the correct output of the above executed command?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Q16. Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B