Documente Academic
Documente Profesional
Documente Cultură
Number: 210-260
Passing Score: 860
Time Limit: 45 min
File Version: 1.0
http://www.gratisexam.com/
http://www.gratisexam.com/
Exam A
QUESTION 1
Which SOURCEFIRE logging action should you choose to record the most detail about a connection?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
What type of algorithm uses the same key to encrypt and decrypt data?
A.
B.
C.
D.
a symmetric algorithm
an asymmetric algorithm
a Public Key infrastructure algorithm
an IP Security algorithm
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
If a packet matches more than one class map in an individual feature type's policy map, how does
the ASA handle the pa
A. The ASA will apply the actions from only the most specific matching class map if finds for
the feature type
B. The ASA will apply the actions from all matching class maps it finds for the feature type
C. The ASA will apply the actions from only the last matching class map it finds for the feature
type
D. The ASA will apply the actions from only the first matching class map it finds for the feature
type
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing
Security Intelligence IP address Reputation. A user calls and is not able to access a certain IP
address. What action can you take to allow the user access to the IP address?
A.
B.
C.
D.
E.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Whitelisting to eliminate false positiveswhen a blacklist is too broad in scope, or incorrectly
blocks traffic that you want to allow (for example, to vital resources), you can override a
blacklist with a custom whitelist
QUESTION 5
Which EAP method uses protected Access Credentials?
A.
B.
C.
D.
EAP-TLS
EAP-PEAP
EAP-FAST
EAP-CTC
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
In which two situations should you use out-of-band management? (Choose two)
A.
B.
C.
D.
E.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
the use of a dedicated channel for managing network devices. This allows the network
operator to establish trust boundaries in accessing the management function to apply it to
network resources. It also can be used to ensure management connectivity (including the
ability to determine the status of any network component) independent of the status of
other in-band network components.
QUESTION 7
Which statement about communication over failover interfaces is true?
A. All information that is sent over the failover interface is send as clear text, but the stateful
failover link is encrypted by default
B. All information that is sent over the failover and stateful failover interfaces is encrypted by
default
C. All information that is sent over the failover and stateful failover interfaces is sent as clear
text by default
D. Usernames, password and preshared keys are encrypted by default when they are sent
over the failover and stateful failover interfaces, but other information is in clear text
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
The failover configuration requires two identical security appliances connected to each
other through a dedicated and, optionally, a Stateful Failover link. The health of the active
interfaces and units is monitored to determine if specific failover conditions are met. If
those conditions are met, failover occurs.
The security appliance supports two failover configurations, Active/Active failover and
Active/Standby failover. Each failover configuration has its own method for determining
and performing failover.
With Active/Active failover, both units can pass network traffic. This also lets you configure
traffic sharing on your network. Active/Active failover is available only on units running in
multiple context mode.
With Active/Standby failover, only one unit passes traffic while the other unit waits in a
standby state. Active/Standby failover is available on units running in either single or
multiple context mode.
Both failover configurations support stateful or stateless (regular) failover.
All information sent over the failover and Stateful Failover links is sent in
clear text unless you secure the communication with a failover key. If the
security appliance is used to terminate VPN tunnels, this information
includes any usernames, passwords and preshared keys used for
establishing the tunnels. Transmitting this sensitive data in clear text could
pose a significant security risk. We recommend securing the failover
communication with a failover key if you are using the security appliance to
terminate VPN tunnels.
QUESTION 8
What features can protect the data plane? (Choose three)
A.
B.
C.
D.
policing
ACLs
IPS
antispoofing
E. QoS
F. DHCP-snooping
Correct Answer: BDF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
How many crypto map sets can you apply to a router interface?
A.
B.
C.
D.
3
2
4
1
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
What is the transition order of STP states on a Layer 2 switch interface?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Which sensor mode can deny attackers inline?
A.
B.
C.
D.
IPS
fail-close
IDS
fail=open
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Which options are filtering options used to display SDEE message types?
A.
B.
C.
D.
stop
none
error
all
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
SDEE Messages
QUESTION 13
When a company puts a security policy in place, what is the effect on the company's business?
A.
B.
C.
D.
Minimizing risk
Minimizing total cost of ownership
Minimizing liability
Maximizing compliance
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit.
authentication event fail action next-method
authentication event no-response action authorize vlan 101
authentication order mad dotlx webauth
authentication priority dotlx mab
authentication port-control auto
dotlx pae authenticator
If a supplicant supplies incorrect credentials for the authentication methods configured on the switch,
how will the switch respond?
A. The switch will cycle through the configured authentication methods indefinitely
0.0.0.31
0.0.0.27
0.0.0.224
0.0.0.225
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Which statements about reflexive access lists are true?
A.
B.
C.
D.
E.
F.
BOOTP
TFTP
DNS
MAB
HTTP
F. 802.1X
Correct Answer: ABC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18
Which actions can a promiscuous IPS take to mitigate an attack? (Choose three)
A.
B.
C.
D.
E.
F.
modifying packets
requesting connection blocking
denying packets
resetting the TCP connection
requesting host blocking
denying frames
FlexConfig
Device Manager
Report Manager
Health and Performance Monitor
The Health and Performance Monitor is a stand-alone application that you can launch from
the other stand-alone Security Manager applications (Configuration Manager, Event
Viewer, Report Manager, and Image Manager); from the Windows Start menu; or from its
icon on your desktop.
The HPM application complements the Event Viewer and Report Manager applications, as
follows:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
Which command is needed to enable SSH support on a Cisco Router?
A. crypto key lock rsa
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
B.
C.
D.
E.
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
What are the two purposes of the Internet Key Exchange in an IPsec VPN? (Choose two)
A.
B.
C.
D.
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 25
Which protocol provides security to Secure Copy?
A.
B.
C.
D.
IPsec
SSH
HTTPS
ESP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 26
A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the
menu option for Remote Desktop Which action should you take to begin troubleshooting?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
Which security zone is automatically defined by the system?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Which three ESP fields can be encrypted during transmission? (Choose three)
A.
B.
C.
D.
E.
F.
2002::/16
FE00::/8
2001::/32
FB00::/8
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
What is a possible reason for the error message?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
Which statements about smart tunnels on a Cisco firewall are true? (Choose two)
A.
B.
C.
D.
Smart tunnels can be used by clients that do not have administrator privileges
Smart tunnels support all operating systems
Smart tunnels offer better performance than port forwarding
Smart tunnels require the client to have the application installed locally
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
Which option describes information that must be considered when you apply an access list to a
physical interface?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Which source port does IKE use when NAT has been detected between two VPN gateways?
A. TCP 4500
B. TCP 500
C. UDP 4500
D. UDP 500
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
Which of the following are features of IPsec transport mode? (Choose three)
A.
B.
C.
D.
E.
F.
Tunnel mode protects the internal routing information by encrypting the IP header of the original
packet. The original packet is encapsulated by another set of IP headers.
Additional headers are added to the packet; so the payload MSS is less.
Transport mode:
The transport mode encrypts only the payload and ESP trailer; so the IP header of the original
packet is not encrypted.
The IPsec Transport mode is implemented for client-to-site VPN scenarios.
NAT traversal is not supported with the transport mode.
MSS is higher, when compared to Tunnel mode, as no additional headers are required.
The transport mode is usually used when another tunneling protocol (such as GRE, L2TP) is
used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel
packets.
QUESTION 35
Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?
A.
B.
C.
D.
no switchport nonnegotiate
switchport
no switchport mode dynamic auto
no switchport
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 36
Which command verifies phase 1 of an IPsec VPN on a Cisco router?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
What is the purpose of a honeypot IPS?
A.
B.
C.
D.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
Which type of firewall can act on behalf of the end device?
A.
B.
C.
D.
Stateful packet
Application
Packet
Proxy
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
Refer to the exhibit.
While troubleshooting site-to-site VPN, you issue the show crypto isakmp sa command. What does
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
What type of attack was the Stuxnet virus?
A.
B.
C.
D.
cyber warfare
hactivism
botnet
social engineering
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
Which type of secure connectivity does an extranet provide?
A.
B.
C.
D.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
After reloading a router, you issue the dir command to verify the installation and observe that
the image file appears to be file fail to appear in the dir output?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
What is a reason for an organization to deploy a personal firewall?
A.
B.
C.
D.
NAT traversal
Hairpinning
split tunneling
NAT
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
Which statement about Cisco ACS authentication and authorization is true?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
What is the only permitted operation for processing multicast traffic on zone-based firewalls?
A. Stateful inspection for multicast traffic is supported only between the self-zone and the internal
zone
B. Only control plane policing can protect the control plane against multicast traffic
C. Stateful inspection of multicast traffic is supported only for the self zone
D. Stateful inspection of multicast traffic is supported only for the internal zone
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
What is one requirement for locking a wired or wireless device from ISE?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibit. What type of firewall would use the given configuration line?
UPD outside 209.165.201.225:53 inside 10.0.0.10:52464, idle 0:00:01, bytes 226 flags A.
B.
C.
D.
E.
a stateless firewall
a stateful firewall
an application firewall
a proxy firewall
a personal firewall
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 50
For what reason would you configure multiple security contexts on the ASA firewall?
A.
B.
C.
D.
To enable the use of multicast routing and QoS through the firewall
To separate different departments and business units
To enable the use of VFRs on routers that are adjacently connected
To provide redundancy and high availability within the organization
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
Which FirePOWER preprocessor engine is used to prevent SYN attacks?
A.
B.
C.
D.
Portscan Detection
IP Defragmentation
Inline Normalization
Rate-Based Prevention
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 52
What are two default Cisco IOS privilege levels? (Choose two)
A.
B.
C.
D.
E.
F.
0
5
1
7
10
15
Correct Answer: CF
Section: (none)
Explanation
Explanation/Reference:
privilege level 0 Includes the disable, enable, exit, help, and logout commands.
privilege level 1 Normal level on Telnet; includes all user-level commands at the
router> prompt.
privilege level 15 Includes all enable-level commands at the router# prompt.
QUESTION 53
What is the effect of the given command sequence?
crypto map mymap 20
match address 201
access-list 201 permit ip 10.10.10.0 255.255.255.0 10.100.100.0 255.255.255.0
A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of
10.100.100.0/24
B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of
10.10.10.0/24
C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of
10.100.100.0/24
D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of
10.10.10.0/24
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54
Which tool can an attacker use to attempt a DDoS attack?
A.
B.
C.
D.
Trojan horse
botnet
virus
adware
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
How does the Cisco ASA use Active Directory to authorize VPN users?
A. It sends the username and password to retire an ACCEPT or Reject message from the Active
Directory server
B. It queries the Active Directory server for a specific attribute for the specific user
C. It downloads and stores the Active Directory database to query for future authorization
D. It redirects requests to the Active Directory server defined for the VPN group
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 56
Which statement about application blocking is true?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network
connection?
A.
B.
C.
D.
hairpinning
tunnel mode
split tunneling
transparent mode
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
When is the best time to perform an anti-virus signature update?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 59
What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?
A. It configures the device to begin transmitting the authentication key to other devices
at 00:00:00 local time on January indefinitely
B. It configures the device to begin transmitting the authentication key to other devices
at 23:59:00 local time on December indefinitely
C. It configures the device to begin accepting the authentication key from other devices
immediately
and stop accepting t December 31, 2013
D. It configures the device to generate a new authentication key and transmit it to other devices at
23:59:00 local time on
E. It configures the device to begin accepting the authentication key from other devices at
23:59:00 local time on December key indefinitely
F. It configures the device to begin accepting the authentication key from other devices at
00:00:00 local time on January indefinitely
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 60
What Statement about personal firewalls is true?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 61
Refer to the exhibit. While troubleshooting site-to-site VPN, you issue the show crypto ipsec sa
command.
What does the given output show?
current_peer: 10.1.1.5 PERMIT, flags=[origin_is_acl, }
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 62
Which statement about a PVLAN isolated port configured on a switch is true?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 63
Which three statements about host-based IPS are true? (Choose three)
A.
B.
C.
D.
E.
F.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 65
Refer to the exhibit. Which statement about the device time is true?
R1> show clock detail
.22:22:35.123 UTC Tue Feb 26 2013 Time source is NTP
A.
B.
C.
D.
E.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Symbol
Description
(blank)
Time is authoritative.
Examples
QUESTION 66
In what type of attack does an attacker virtually change a device's burned in address in an attempt
to circumvent access list and mask the device's true identity?
A.
B.
C.
D.
gratuitous ARP
ARP poisoning
IP Spoofing
MAC Spoofing
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 67
How does a zone-based firewall implementation handle traffic between interfaces in the same
zone?
A. Traffic between two interfaces in the same zone is allowed by default
B. Traffic between interfaces in the same zone is blocked unless you apply a service policy to
the zone pair
C. Traffic between interfaces in the same zone is always blocked
D. Traffic between interfaces in the same zone is blocked unless you configure the samesecurity permit command
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 68
An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible
result of this activity?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 69
Which two next generation encryption algorithms does Cisco recommend? (Choose two)
A.
B.
C.
D.
E.
F.
AES
3Des
DES
MD5
DH-1024
SHA-384
Correct Answer: AF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 70
What three actions are limitations when running IPS in promiscuous mode? (Choose three)
A.
B.
C.
D.
E.
F.
deny attacker
request block connection
deny packet
modify packet
request block host
reset TCP connection
access lists
traffic classification
policy maps
QoS
class maps
Cisco Express Forwarding
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 72
What is an advantage of implementing a Trusted Platform Module for disk encryption?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 73
Refer to the exhibit. What is the effect of the given command sequence?
crypto ikev1 policy 1 encryption aes hash md5
authentication pre-share group 2
lifetime 14400
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 74
A specific URL has been identified as containing malware. What action can you take to block
users from accidentally visiting the URL and becoming infected with malware?
A. Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the
routers local URL list
B. Enable URL filtering on the perimeter router and add the URLs you want to allow to the
firewalls local URL list
C. Create a blacklist that contains the URL you want to block and activate the blacklist on the
perimeter router
D. Enable URL filtering on the perimeter router and add the URLs you want to block to the
routers local URL list
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the
perimeter router
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Border, or perimeter, routers are responsible for forwarding packets from a trusted
network to an untrusted network which is beyond the control of your organization, and
filtering packet coming FROM the untrusted network. Sometimes called a screening
router, since it is the first line of defenerce, doing filtering.
QUESTION 75
If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attack
attempts a double tagging attack?
A.
B.
C.
D.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
What is an advantage of placing an IPS on the inside of a network?
A.
B.
C.
D.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 77
Which tasks is the session management path responsible for? (Choose three)
A.
B.
C.
D.
E.
F.
Verifying IP checksums
Performing route lookup
Performing session lookup
Allowing NAT translations
Checking TCP sequence numbers
Checking packets against the access list
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 79
Which two statements about stateless firewalls are true? (Choose two.)
A. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS.
B.
C.
D.
E.
They compare the 5-tuple of each incoming packet against configurable rules.
Cisco IOS cannot implement them because the platform is stateful by nature.
They cannot track connections.
The Cisco ASA is implicitly stateless because it blocks all traffic by default.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
A stateless firewall filter, also known as an access control list (ACL), does not statefully
inspect traffic. Instead, it evaluates packet contents statically and does not keep track of the
state of network connections. In contrast, a stateful firewall filter uses connection state
information derived from other applications and past communications in the data flow to
make dynamic control decisions.
The basic purpose of a stateless firewall filter is to enhance security through the use of
packet filtering. Packet filtering enables you to inspect the components of incoming or
outgoing packets and then perform the actions you specify on packets that match the
criteria you specify. The typical use of a stateless firewall filter is to protect the Routing
Engine processes and resources from malicious or untrusted packets.
QUESTION 80
Which syslog severity level is level number 7?
A.
B.
C.
D.
Warning
Debugging
Informational
Notification
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 81
Which type of mirroring does SPAN technology perform?
A. Local mirroring over Layer 3
B. Local mirroring over Layer 2
C. Remote mirroring over Layer 2
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 83
What hash type does Cisco use to validate the integrity of downloaded images?
A.
B.
C.
D.
Sha1
Sha2
MD5
MD1
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 84
Which option is the most effective placement of an IPS device within the infrastructure?
A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 85
If a router configuration includes the line aaa authentication login default group tacacs+ enable,
which events will occur when the TACACS+ server returns an error (Choose two)
A.
B.
C.
D.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 86
Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?
A.
B.
C.
D.
CSM
SDEE
Syslog
SNMP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The Security Device Event Exchange (SDEE) protocol was developed to communicate the
events generated by security devices.
The SDEE client establishes a session with the server by successfully authenticating with
that server. Once authenticated, a session ID or session cookie is given to the client, which
is included with all future requests.
SDEE supports two methods for retrieving events:
a. An event query.
b. Event subscription.
Both methods use SSL to query the SDEE server and retrieve the events.
Systems that use SDEE to communicate events to clients are referred to as SDEE
providers. SDEE specifies that events can be transported using the HTTP or HTTP
over SSL and TLS protocols. When HTTP or HTTPS is used, SDEE providers act
as HTTP servers, while SDEE clients are the initiators of HTTP requests.
IPS includes Web Server, which processes HTTP or HTTPS requests. Web Server
uses run-time loadable servlets to process the different types of HTTP requests.
Each servlet handles HTTP requests that are directed to the URL associated with
the servlet. The SDEE server is implemented as a web server servlet.
The SDEE server only processes authorized requests. A request is authorized if it
originates from a web server to authenticate the identity of the client and determine
the privilege level of the client.
IME uses SDEE to retrieve events from the event store of IPS. Any 3rd party SDEE server
can also connect to the IPS and pull events from it.
QUESTION 87
Which components does HMAC use to determine the authenticity and integrity of a message?
A.
B.
C.
D.
The password
The hash
The key
The transform set
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
BPDU guard
loop guard
root guard
Etherchannel guard
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 89
Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose
three)
A.
B.
C.
D.
E.
F.
EAP
ASCII
PAP
PEAP
MS-CHAPv2
MS-CHAPv1
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 91
Which security measures can protect the control plane of a Cisco router? (Choose two)
A.
B.
C.
D.
E.
Port security
CoPP
CPPr
Access control lists
Parser views
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 92
Which statement about extended access lists is true?
A. Extended access lists perform filtering that is based on source and are most effective when
applied to the destination.
B. Extended access lists perform filtering that is based on source and destination and are
most effective when applied to the destination.
C. Extended access lists perform filtering that is based on destination and are most effective
when applied to the source.
D. Extended access lists perform filtering that is based on source and destination and are
most effective when applied to the source.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 93
Which type of address translation should be used when a Cisco ASA is in transparent mode?
A.
B.
C.
D.
Dynamic PAT
Static NAT
Overload
Dynamic NAT
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 94
Which protocols use encryption to protect the confidentiality of data transmitted between two
parties? (Choose two)
A.
B.
C.
D.
E.
F.
FTP
SSH
Telnet
AAA
HTTP
HTTPS
Correct Answer: BF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 95
What are the primary attack methods of VLAN hopping? (Choose two)
A. VoIP hopping
B. CAM-table overflow
C. Switch spoofing
D. Double tagging
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 96
What is the default timeout interval during which a router waits for responses from a TACACS server
before declaring a timeout failure?
A.
B.
C.
D.
20 seconds
5 seconds
15 seconds
10 seconds
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 97
How can the administrator enable permanent client installation in a Cisco AnyConnect VPN
firewall configuration?
A. Issue the command anyconnect keep-installer installed under the group policy or username
webvpn mode
B. Issue the command anyconnect keep-installer installed in the global configuration
C. Issue the command anyconnect keep-installer under the group policy or username webvpn
mode
D. Issue the command anyconnect keep-installer under the group policy or username webvpn
mode
Correct Answer: C A
Section: (none)
Explanation
Explanation/Reference:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-policy)# anyconnect keep-installer installed none
QUESTION 98
What is the FirePOWER impact flag used for?
A. A value that measures the application awareness
The impact level assigned to the intrusion event. You select any of the following along with
operators that specify is, is not, is greater than, and so on:
0 gray (Unknown)
1 red (Vulnerable)
2 orange (Potentially Vulnerable)
3 yellow (Currently Not Vulnerable)
4 blue (Unknown Target)
QUESTION 99
Which two services define cloud networks? (Choose two)
A.
B.
C.
D.
E.
Infrastructure as a Service
Platform as a Service
Compute as a Service
Security as a Service
Tenancy as a Service
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 100
In a security context, which action can you take to address compliance?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 101
How many times was a read-only string used to attempt a write operation?
A.
B.
C.
D.
E.
6
2
9
3
4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 102
What can the SMTP preprocessor in a FirePOWER normalize?
A.
B.
C.
D.
E.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 103
You want to allow all of your companies users to access the internet without allowing other
web servers to collect the IP addresses of individual users. What two solutions can you use?
(Choose two)
A.
B.
C.
D.
E.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 104
Which two authentication types does OSPF support? (Choose two)
A.
B.
C.
D.
E.
F.
plaintext
MD5
HMAC
AES 256
SHA-1
DES
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 105
Refer to the exhibit. The Admin user is unable to enter configuration mode on a device with the
given configuration. What to correct the problem?
A. Remove the Autocommand keyword and arguments from the Username Admin privilege line
A.
B.
C.
D.
Correct Answer: ABCD
Section: (none)
Explanation
Explanation/Reference:
Step1: Firewall > Configuration > NAT Rules > Add Network Object. Name=http, IP
version=IPv4, IP address = 209.165.201.30, Static NAT = 172.16.1.2
Step2: Firewall > Configuration > NAT Rules > Add Access Rule. Interface=Outside,
Action=Permit, Source=any, Destination=209.165.201.30, Service=tcp/http
Step3: Firewall > Configuration> Service policy Rules > Click Global Policy and edit, Rule
Action tab, Click ICMP and apply
Step4: Ping www.cisco.com from Inside P
http://www.gratisexam.com/
QUESTION 108
In this simulation, you have access to ASDM only. Review the various ASA configurations
using ASDM then answer the fi ASA SSL VPN configurations.
Which four tunneling protocols are enabled in the DfltGrpPolicy group policy? (Choose four)
A.
B.
C.
D.
E.
F.
IPsec IKEv1
IPsec IKEv2
L2TP/IPsec
Clientless SSL VPN
SSL VPN Client
PPTP
QUESTION 109
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM
then answer the fi ASA SSL VPN configurations.
Which two statements regarding the ASA VPN configurations are correct? (Choose two)
A.
B.
C.
D.
E.
F.
The Inside-SRV bookmark has not been applied to the Sales group policy
The ASA has a certificate issued by an external Certificate Authority associated to the ASDM_Trustpoit1
The Inside-SRV bookmark references the https://192.168.1.2 URL
Any Connect, IPSec IKEv1 and IPSec IKEv2 VPN access is enabled on the outside interface
Only Clientless SSL VPN VPN access is allowed with the Sales group Policy
The DefaultWEBVPNGroup Connection Profile is using the AAA with Radius server method
Correct Answer: CF
Section: (none)
Explanation
Explanation/Reference:
Via - Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal >
Bookmarks AND
Via - Configuration > Remote Access VPN > Certificate Management > Identity Certificates
QUESTION 110
In this simulation, you have access to ASDM only. Review the various ASA configurations using
ASDM then answer the fi ASA SSL VPN configurations.
When users login to the Clientless SSL VPN using https://209.165.201.2/test, which group policy will
be applied?
A.
B.
C.
D.
E.
F.
test
Sales
DefaultRAGroup
DefaultWEBVPNGroup
clientless
DFTGrpPolicy
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Via - Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles
> Edit
http://www.gratisexam.com/
QUESTION 111
In this simulation, you have access to ASDM only. Review the various ASA configurations using ASDM then answer the fi
A.
B.
C.
D.
E.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Via - Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles
Which of encryption technology has the broadcast platform support to protect operating systems?
A. Middleware
B. Hardware
C. software
D. file-level
Answer: D
Explanation:
NEW QUESTION 139
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe
spam and sophisticated phishing attack?
A. holistic understanding of threats
Which Sourfire secure action should you choose if you want to block only malicious traffic
from a particular end-user?
A. Trust
B. Block
C. Allow without inspection
D. Monitor
E. Allow with inspection
Answer: E
Explanation:
Allow with Inspection allows all traffic except for malicious traffic from a particular end-user.
The other options are too restrictive, too permissive, or don't exist.
NEW QUESTION 141
Q. A proxy firewall protects against which type of attacks?
A. Cross-site scripting
B. DDoS
C. Port scanning
D. Worm traffic
Answer: B
NEW QUESTION 142
What do you use when you have a network object or group and want to use an IP address?
A. Static PAT
B. Dynamic NAT
C. Static NAT
D. Identity NAT
E. Dynamic PAT
Answer: B
Static NATA consistent mapping between a real and mapped IP address. Allows bidirectional
traffic initiation.
Dynamic NATA group of real IP addresses are mapped to a (usually smaller) group of mapped
IP addresses, on a first come, first served basis. Only the real host can initiate traffic.
Dynamic Port Address Translation (PAT)A group of real IP addresses are mapped to a single IP
address using a unique source port of that IP address.
Identity NATStatic NAT lets you translate a real address to itself, essentially bypassing NAT.
You might want to configure NAT this way when you want to translate a large group of addresses,
but then want to exempt a smaller subset of addresses.
communication between two parties who believe they are directly communicating with each
other.
NEW QUESTION 146
A data breach has occurred and your company database has been copied. Which security principle
has been violated?
A. availability
B. access
C. confidentiality
D. control
Correct Answer: C
D. The single-connection command causes the device to establish one connection for all TACACS
transactions.
Correct Answer: D
PEAP authenticates the server with a public key certificate and carries the authentication in
a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN
stations and the authentication server can authenticate themselves. Each station gets an
individual encryption key. When used in conjunction with Temporal Key Integrity Protocol
(TKIP), each key has a finite lifetime.
NEW QUESTION 152
How does a device on a network using ISE receive its digital certificate during the new-device
registration process?
A. ISE issues a certificate from its internal CA server.
B. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server.
C. ISE issues a pre-defined certificate from a local database.
D. The device requests a new certificate directly from a central CA.
Correct Answer: B
Correct Answer: A
Correct Answer: D
mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in
transparent mode only.
D. ARPs in both directions are permitted in transparent mode only.
E. Only BPDUs from a higher security interface to a lower security interface are permitted in routed
mode.
Correct Answer: D
Correct Answer: BE