Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F. It is an outbound policy.
Answer: A,C
Q2. What are two protocols that HTTP can use to secure sessions? (Choose two)
A. HTTPS
B. AES
C. TLS
D. AH
E. SSL
Answer: A,E
Q3. Which three IP resources is IANA responsible for? (Choose three.)
A. IP address allocation
B. detection of spoofed address
C. criminal prosecution of hackers
D. autonomous system number allocation
E. root zone management in DNS
F. BGP protocol vulnerabilities
Answer: A,D,E
Q4. Which two statements about the DES algorithm are true? (Choose two)
A. The DES algorithm is based on asymmetric cryptography.
B. The DES algorithm is a stream cipher.
C. The DES algorithm is based on symmetric cryptography.
D. The DES algorithm encrypts a block of 128 bits.
E. The DES algorithm uses a 56-bit key.
Answer: C,E
Q5. You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB
(B) Allocate interfaces G0/0 and G0/1 to contextA
(C) Allocate interfaces G0/0 and G0/2 to contextB
(D) The physical interface name for G0/1 within contextA should be "inside".
(E) All other context interfaces must be viewable via their physical interface names.
If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?
A. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible
B. context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible
C. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible
D. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2
E. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible
Answer: A
Q6. Which Statement about remote procedure calls is true?
A. They support synchronous and asynchronous requests.
B. They can emulate different hardware specifications on a single platform.
C. They support optimized data replication among multiple machines.
D. They use a special assembly instruction set to process remote code without conflicting with other remote processes.
E. They can be invoked by the client and the server.
Answer: D
Q7. Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?
A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.
B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.
C. AV pairs are only string values.
D. AV pairs are of two types: string and integer.
Answer: C
Q8. How can the tail drop algorithem support traffic when the queue is filled?
A. It drop older packet with a size of 64 byts or more until queue has more traffic
B. It drop older packet with a size of less than 64 byts until queue has more traffic
C. It drops all new packets until the queue has room for more traffic
D. It drops older TCP packets that are set to be redelivered due to error on the link until the queue has room for more traffic.
Answer: C
Q9. Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B
Q10. Which two u.s government entities are authorized to execute and enforce the penalties for violations of the
Sarbanes-oxley(SOX)act?(choose two)
A. Federal trade commission (FTC.
B. internal Revenue service (IRS)
C. Office of Civil Rights (OCR)
D. federal reserve board
E. Securities and exchange commission (SEC.
F. United states Citizenship and immigration services (USCIS)
Answer: D,E
Q11. Refer to the exhibit after you implement ingress filter 101 to deny all icmp traffic on your perimeter router user complained of poor web performance and the router and the router display increase CPU load. The debug ipicmp command returned the given output Which configuration you make to the router configuration to correct the problem?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
Q12. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?
A. Network translation mode
B. Single-context routed mode
C. Multiple-context mode
D. Transparent mode
Answer: B
Q13. DRAG DROP
Drag each IP transmission and fragmentation term on the left to the matching statement on the right?
Answer:
Explanation: DF bit: A value in the IP header that indicates whether packet fragmentation is permitted.
Fragment offset: A value in the IP packet that indicates the location of a fragment in the datagram.
MF bit: Indicates that this is last packet with the biggest offset.
MSS: The amount of data that the receiving host can accept in each TCP segment. MTU: A value representing the maximum acceptable length of a packet to be transmitted over a link. PMTUD: A technology used to prevent fragmentation as data travels between two end points.
Tunnel: A logical interface allows packet to be encapsulated inside a passenger protocol for transmission across a
different carrier protocol.
Q14. What are three protocol that support layer 7 class maps and policy maps for zone based firewalls? (choose three)
A. IMAP
B. RDP
C. MME
D. ICQ
E. POP3
F. IKE
Answer: A,D,E
Q15. Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)
A. It can run as more than one instance.
B. It supports both global and per-VRF commands and DoS parameters.
C. It can support VPN networks with overlapping address ranges without NAT.
D. It enables service providers to implement firewalls on PE devices.
E. It can generate syslog massages that are visible only to individual VPNs.
F. It enables service providers to deploy firewalls on customer devices.
Answer: A,D,E
Q16. Which two statements about the anti-replay feature are true? (Choose two)
A. By default, the sender uses a single 1024-packet sliding window
B. By default, the receiver uses a single 64-packet sliding window
C. The sender assigns two unique sequence numbers to each clear-text packet
D. The sender assigns two unique sequence numbers to each encrypted packet
E. the receiver performs a hash of each packet in the window to detect replays
F. The replay error counter is incremented only when a packet is dropped
Answer: B,D