Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which statement about ICMPv6 filtering is true?
A)
B)
C)
D)
E)
F)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q2. You have configured an authenticator switch in access mode on a network configured with NEAT what radius attribute must the ISE server return to change the switch’s port mode to trunk?
A. device-traffic-class=switch
B. device-traffic-class=trunk
C. framed-protocol=1
D. EAP-message-switch
E. Authenticate=Administrative
F. Acct-Authentic=radius
Answer: A
Q3. Refer to the exhibit. What is the effect of the given configuration?
A. It sets the duplicate address detection interval to 60 second and sets the IPv6 neighbor reachable time to 3600 milliseconds.
B. It sets the number of neighbor solicitation massages to 60 and sets the retransmission interval to
3600 milliseconds.
C. It sets the number of duplicate address detection attempts to 60 and sets the duplicate address detection interval to 3600 millisecond.
D. It sets the number of neighbor solicitation massage to 60 and set the duplicate address detection interval to 3600 second.
E. It sets the duplicate address detection interval to 60 second and set the IPv6 neighbor solicitation interval to 3600 millisecond.
Answer: E
Q4. Which two statements about VPLS and VPWS are true? (Choose two)
A. VPLS Layer 2 VPNs support both full-mesh and hub-and-spoke implementations
B. VPWS only sends the data payload over an MPLS core
C. VPLS is intended for applications that require point-to-point access
D. VPWS supports multicast using a hub-and-spoke architecture
E. VPLS is intended for applications that require multipoint or broadcast access
F. VPWS supports point-to-point integration of Layer 2 and Layer 3 services over an MPLS cloud
Answer: E,F
Q5. What context-based access control (CBAC. command sets the maximum time that a router
running Cisco IOS Will wait for a new TCP session to reach the established state?
A. IP inspect max-incomplete
B. IP inspect tcp finwait-time
C. Ip inspect udp idle-time
D. Ip inspect tcpsynwait-time
E. Ip inspect tcp idle-time
Answer: D
Q6. Refer to the exhibit. A signature failed to compile and returned the given error messages. What is a possible reason for the problem?
A. The signature belongs to the IOS IPS Basic category.
B. The signature belongs to the IOS IPS Advanced category.
C. There is insufficient memory to compile the signature.
D. The signature is retired.
E. Additional signature must be complied during the compiling process.
Answer: C
Q7. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: A,C,D
Q8. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: B,E
Q9. Refer to the exhibit.
After you configured routes R1 and R2 for IPv6 OSPFv3 authentication as shown, the OSPFv3 neighbor adjacency failed to establish. What is a possible reason for the problem?
A. R2 received a packet with an incorrect area form the loopback1 interface
B. OSPFv3 area authentication is missing
C. R1 received a packet with an incorrect area from the FastEthernet0/0 interface
D. The SPI and the authentication key are unencrypted
E. The SPI value and the key are the same on both R1 and R2
Answer: C
Q10. Which two characteristics of DTLS are true? (Choose two)
A. It includes a congestion control mechanism
B. It supports long data transfers and connections data transfers
C. It completes key negotiation and bulk data transfer over a single channel
D. It is used mostly by applications that use application layer object-security protocols
E. It includes a retransmission method because it uses an unreliable datagram transport
F. It cannot be used if NAT exists along the path
Answer: A,E
Q11. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?
A. On MAC Filter Failure
B. Pass through
C. Splash Page Web Redirect
D. Conditional Web Redirect
E. Authentication
Answer: A
Q12. Why is the IPv6 type 0 routing header vulnerable to attack?
A. It allows the receiver of a packet to control its flow.
B. It allows the sender to generate multiple NDP requests for each packet.
C. It allows the sender of a packet to control its flow.
D. It allows the sender to generate multiple ARP requests for each packet.
E. It allows the receiver of a packet to modify the source IP address.
Answer: C
Q13. In ISO 27002, access control code of practice for information Security Management servers which of the following objective?
A. Implement protocol control of user, network and application access
B. Optimize the audit process
C. Prevent the physical damage of the resources
D. Educating employees on security requirements and issues
Answer: A
Q14. Event Store is a component of which IPS application?
A. SensorApp
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Answer: C
Q15. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?
A. Allow only POST requests.
B. Mark all cookies as HTTP only.
C. Use per-session challenge tokens in links within your web application.
D. Always use the "secure" attribute for cookies.
E. Require strong passwords.
Answer: C
Q16. What is the default communication port used by RSA SDI and ASA ?
A. UDP 500
B. UDP 848
C. UDP 4500
D. UDP 5500
Answer: D