Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer to the Exhibit. What is the effect of the given ACL policy ?
A. The policy will deny all IPv6 eBGP session.
B. The policy will disable IPv6 source routing.
C. The policy will deny all IPv6 routing packet.
D. The policy will deny all IPv6 routed packet.
Answer: B
Q2. Refer to the exhibit. Which statement about the effect of this configuration is true?
A. reply protection is disable
B. It prevent man-in-the-middle attacks
C. The replay window size is set to infinity
D. Out-of-order frames are dropped
Answer: D
Q3. What message does the TACACS+ daemon send during the AAA authentication process to request additional authentication information?
A. ACCEPT
B. REJECT
C. CONTINUE
D. ERROR
E. REPLY
Answer: C
Q4. In which class of applications security threads does HTTP header manipulation reside?
A. Session management
B. Parameter manipulation
C. Software tampering
D. Exception managements
Answer: A
Q5. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)
A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any
interface FastEthernet0/0
ipv6 traffic-filter Deny_Loose_Source_Routing in
B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any
Interface FastEthernet/0 Ipv6 tr
Affic-filter Deny_Loose_Source_Routing in
C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0
Permit ipv6 any any Interface FastEthernet0/0
Ipv6 traffic –filter Deny_Loose_Routing in
D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0
Deny ipv6 any any routing –type 0 Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic –filter Deny_Loose_Source_Routing in
E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input
Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in
Answer: C,D
Q6. DRAG DROP
Drag each MACsec term on the left to the right matching statement on the right?
Answer:
Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange
SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco
Q7. On Which encryption algorithm is CCMP based?
A. IDEA
B. BLOWFISH
C. RCS
D. 3DES
E. AES
Answer: E
Q8. What is the maximum pattern length supported by FPM searches within a packet ?
A. 256 bytes
B. 1500 bytes
C. 512 bytes
D. 128 bytes
Answer: A
Q9. IANA is responsible for which three IP resources? (Choose three.)
A. IP address allocation
B. Detection of spoofed address
C. Criminal prosecution of hackers
D. Autonomous system number allocation
E. Root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q10. Your 1Pv6 network uses a CA and trust anchor to implement secure network discover. What extension must your CA certificates support?
A. extKeyUsage
B. nameConstrainsts
C. id-pe-ipAddrBlocks
D. Id-pe-autonomousSysldsE. Ia-ad-calssuers
E. keyUsage
Answer: B
Q11. What ASA feature can do use to restrict a user to a specific VPN group?
A. A webtypeACL
B. MPF
C. A VPN filter
D. Group-lock
Answer: D
Q12. DRAG DROP
Drag each ISE probe on the left to the matching statement on the right.
Answer:
Q13. DRAG DROP
Drag and drop ESP header field on the left to the appropriate field length on the right
Answer:
Q14. Which of the following statement is true about the ARP attack?
A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.
B. Attackers sends the ARP request with the MAC address and IP address of its own.
C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.
D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.
Answer: D
Q15. Which three statements about the keying methods used by MAC Sec are true (Choose Three)
A. MKA is implemented as an EAPoL packet exchange
B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
C. SAP is supported on SPAN destination ports
D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA
E. SAP is not supported on switch SVIs .
F. A valid mode for SAP is NULL
Answer: A,B,F
Q16. Which two options are disadvantages of MPLS layers 3 VPN services? (choose two)
A. They requires cooperation with the service provider to implement transport of non-IP traffic.
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Answer: D,E