Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?
A. LDP
B. VXLAN
C. VRF
D. Extended VLAN ranges
Answer: B
Q2. Event Store is a component of which IPS application?
A. SensorApp
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Answer: C
Q3. CCMP (CCM mode Protocol) is based on which algorithm?
A. 3DES
B. Blowfish
C. RC5
D. AES
E. IDEA
Answer: D
Q4. Which three statements about SCEP are true?(Choose three)
A. It Supports online certification revocation.
B. Cryptographically signed and encrypted message are conveyed using PKCS#7.
C. The certificate request format uses PKCS#10.
D. It supports multiple cryptographic algorithms, including RSA.
E. CRL retrieval is support through CDP (Certificate Distribution Point) queries.
F. It supports Synchronous granting.
Answer: B,C,E
Q5. Refer to the exhibit.
Which effect of this configuration is true?
A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.
B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.
C. NUD retransmits Neighbor Solicitation messages every 4 seconds.
D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.
E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.
F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.
Answer: E
Q6. Refer to the exhibit. What IPSec function does the given debug output demonstrate?
A. DH exchange initiation
B. setting SPIs to pass traffic
C. PFS parameter negotiation
D. crypto ACL confirmation
Answer: B
Q7. MWhich three are RFC 5735 addresses? (Choose three.)
A. 171.10.0.0/24
B. 0.0.0.0/8
C. 203.0.113.0/24
D. 192.80.90.0/24
E. 172.16.0.0/12
F. 198.50.100.0/24
Answer: B,C,E
Q8. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: B,E
Q9. Which three options are methods of load-balancing data in an ASA cluster environment?(Choose three)
A. HSRP
B. spanned EtherChannel
C. distance-vector routing
D. PBR
E. floating static routes
F. ECMP
Answer: B,D,F
Q10. Which two statements about DTLS are true?(Choose two)
A. It uses two simultaneous IPSec tunnels to carry traffic.
B. If DPD is enabled, DTLS can fall back to a TLS connection.
C. Because it requires two tunnels, it may experience more latency issues than SSL connections.
D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E. It is disabled by default if you enable SSL VPN on the interface.
Answer: B,C
Q11. Which two statements about Cisco ASA authentication using LDAP are true? (Choose two)
A. It uses attribute maps to map the AD memberOf attribute to the cisco ASA Group-Poilcy attribute
B. It uses AD attribute maps to assign users to group policies configured under the WebVPN context
C. The Cisco ASA can use more than one AD memberOf attribute to match a user to multiple group policies
D. It can assign a group policy to a user based on access credentials
E. It can combine AD attributes and LDP attributes to configure group policies on the Cisco ASA
F. It is a closed standard that manages directory-information services over distributed networks
Answer: A,B
Q12. Which two network protocols can operate on the Application Layer?(Choose two)
A. DNS
B. UDP
C. TCP
D. NetBIOS
E. DCCP
F. SMB
Answer: A,F
Q13. Refer to the exhibit.
What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)
Refer to the exhibit What are two TLS inspection methods you could implement for- outbound Internet traffic that can prevent the given error? (Choose two)
A. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the client
B. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.
C. Download a copy of the private key from the content provider,
D. Update your organizational procedures to instruct users to click "I Understand the Risks" to accept the error and continue
E. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance
Answer: A,B
Q14. Which statement about ICMPv6 filtering is true?
A)
B)
C)
D)
E)
F)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q15. Refer to the exhibit . What is the meaning of the given error message?
A. The PFS groups are mismatched.
B. The pre-shared keys are mismatched.
C. The mirrored crypto ACLs are mismatched.
D. IKE is disabled on the remote peer.
Answer: B
Q16. Refer to the exhibit after you implement ingress filter 101 to deny all icmp traffic on your perimeter router user complained of poor web performance and the router and the router display increase CPU load. The debug ipicmp command returned the given output Which configuration you make to the router configuration to correct the problem?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D