Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: D,E
Q2. Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
A. In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors
B. The ASA supports policy-based routing with route maps
C. Routes to the Null0 interface cannot be configured to black-hole traffic
D. The translations table cannot override the routing table for new connections
Answer: C
Q3. What functionality is provided by DNSSEC?
A. origin authentication of DNS data
B. data confidentiality of DNS queries and answers
C. access restriction of DNS zone transfers
D. storage of the certificate records in a DNS zone file
Answer: A
Q4. What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three)
A. Avoid RFC1918 internet addressing.
B. Implement Cisco Express Forwarding.
C. Implement Unicast RPF.
D. Apply ingress filters for RFC1918 addresses.
E. Apply ingress ACL filters for BOGON routes.
F. Implement source NAT.
Answer: B,C,E
Q5. What are three QoS features supported on the ASA running version 8.x? (Choose Three)
A. Traffic shaping and standard priority queuing on the same interface.
B. IPSec-over-TCP priority queuing.
C. Traffic shaping within the class-default class map only.
D. Priority queuing.
E. Traffic shaping within any class map.
F. Traffic policing.
Answer: C,D,F
Q6. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)
A. at the trusted and untrusted interfaces in the inbound direction.
B. at the trusted interface in the inbound direction.
C. at the trusted and untrusted interfaces in the outbound direction.
D. at the untrusted interface in the inbound direction.
E. at the trusted interface in the outbound direction.
F. at the trusted interface in the outbound direction.
Answer: B,F
Q7. Refer to the exhibit.
While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?
A. The NTP continuously received the previous 8 packets.
B. The NTP process is waiting to receive its first acknowledgement.
C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.
D. The NTP process received only the most recent packet.
Answer: C
Q8. When you are configuring QoS on the Cisco ASA appliance Which four are valid traffic selection criteria? (Choose four)
A. default-inspection-traffic
B. qos-group
C. DSCP
D. VPN group
E. tunnel group
F. IP precedence
Answer: A,C,E,F
Q9. Which three statements about SCEP are true?(Choose three)
A. It Supports online certification revocation.
B. Cryptographically signed and encrypted message are conveyed using PKCS#7.
C. The certificate request format uses PKCS#10.
D. It supports multiple cryptographic algorithms, including RSA.
E. CRL retrieval is support through CDP (Certificate Distribution Point) queries.
F. It supports Synchronous granting.
Answer: B,C,E
Q10. How does a wireless association flood attack create a DoS?
A. It sends a high-power RF pulse that can damage the internals of the AP
B. It spoofs disassociation frames from the access point.
C. It uses a brute force attack to crack the encryption.
D. It exhausts the access client association table.
Answer: D
Q11. DRAG DROP
Drag and drop each syslog facility code on the left onto its description on the right.
Answer:
Explanation:
A:1,B2,C:3,D:4,E:5,F:6
Q12. Which two statements about SOX are true? (Choose two.)
A. SOX is an IEFT compliance procedure for computer systems security.
B. SOX is a US law.
C. SOX is an IEEE compliance procedure for IT management to produce audit reports.
D. SOX is a private organization that provides best practices for financial institution computer systems.
E. Section 404 of SOX is related to IT compliance.
Answer: B,E
Q13. What protocol does IPv6 Router Advertisement use for its messages?
A. TCP
B. ICMPv6
C. ARP
D. UDP
Answer: B
Q14. Which command can you enter to cause the locally-originated Multicast Source Discovery Protocol Source- Active to be prevented from going to specific peers?
A. ip msdp mesh-group mesh-name {<peer-address>|<peer-name>}
B. ip msdp redistribute [list <acl>][asn as-access-list][route-map <map>]
C. ip msdp sa-filter out <peer> [list<acl>] [route-map<map>]
D. ip msdp default-peer {<peer-address> | <peer-name>}[prefix-list<list>]
E. ip msdp sa-filter in <peer> [list<acl>][route-map <map>]
Answer: C
Q15. Which description of a virtual private cloud is true?
A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation
B. An on-demand configurable pool of shared data resources allocated within a private cloud environment,
which provides assigned DMZ zones
C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation
D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation
Answer: D
Q16. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: B,C