Documente Academic
Documente Profesional
Documente Cultură
2
Exam Answers
96 Views 2by Admin
1. Which statement is true about the One-Step lockdown feature of the CCP
Security Audit wizard?
2. With the Cisco AnyConnect VPN wizard, which two protocols can be used
for tunnel group configuration? (Choose two.)
MPLS
SSH*
PPTP
ESP
IPsec*
_______________________________________________________________
4.
Refer to the exhibit. An administrator is implementing VPN support on an ASA
5505. What type of VPN support is being implemented?
The thin client mode functions without requiring any downloads or software.
It supports all client/server applications.
It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco
Easy VPN, and NAT.*
It has the option of only requiring an SSL-enabled web browser.*
It supports the same level of cryptographic security as an IPsec VPN.
_______________________________________________________________
Apply the ACL to the vty lines without the in or out option required when
applying ACLs to interfaces.
The ACL is applied to the Telnet port with the ip access-group command.
The ACL must be applied to each vty line individually.
The ACL should be applied to all vty lines in the in direction to
prevent an unwanted user from connecting to an unsecured port.*
_______________________________________________________________
7.
10.
11. What is a type of SSL VPN that provides access to a network without
requiring VPN software or a Java applet on the client?
clientless mode
Cisco VPN client mode*
full client mode
thin client mode
_______________________________________________________________
12. What are two reasons for a company to migrate from a classic firewall to
the ZPF model? (Choose two.)
The classic firewall will perform the same inspection on all traffic
that goes through a specific interface.*
The classic firewall can only have one policy that affects any given traffic.
The classic firewall security posture is to block unless explicitly allowed.
The classic firewall is limited to two interfaces.
The classic firewall relies heavily on ACLs.*
_______________________________________________________________
13. What is the main difference between the implementation of IDS and IPS
devices?
14. What information must an IPS track in order to detect attacks matching a
composite signature?
RSA keys
trusted keys
encrypted passwords
community strings*
_______________________________________________________________
17. What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?
ASA ACLs use the subnet mask in defining a network, whereas IOS
ACLs use the wildcard mask.*
ASA ACLs do not have an implicit deny all at the end, whereas IOS ACLs do.
ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny
ACEs.
Multiple ASA ACLs can be applied on an interface in the ingress direction,
whereas only one IOS ACL can be applied.
ASA ACLs are always named, whereas IOS ACLs can be named or numbered.
_______________________________________________________________
19. Why have corporations been shifting remote access security policies to
include support for ASA SSL VPNs?
20.
Refer to the exhibit. What is the purpose of the object group-based ACL?
21.
Refer to the exhibit. Based on the output from the show secure bootset
command on router R1, which three conclusions can be drawn about Cisco
IOS Resilience? (Choose three.)
The Cisco IOS image file is hidden and cannot be copied, modified, or
deleted.*
A copy of the router configuration file has been made.*
The Cisco IOS image filename will be listed when the show flash command is
issued on R1.
A copy of the Cisco IOS image file has been made.
The secure boot-config command was issued on R1.*
The copy tftp flash command was issued on R1.
_______________________________________________________________
23. Which three statements describe limitations in using privilege levels for
assigning command authorization? (Choose three.)
The root user must be assigned to each privilege level that is defined.
It is required that all 16 privilege levels be defined, whether they are used or
not.
Views are required to define the CLI commands that each user can access.
There is no access control to specific interfaces on a router.*
Creating a user account that needs access to most but not all
commands can be a tedious process.*
Commands set on a higher privilege level are not available for lower
privilege users.*
_______________________________________________________________
24. Which algorithm is used to automatically generate a shared secret for two
systems to use in establishing an IPsec VPN?
DES
DH*
3DES
ESP
AH
SSL
_______________________________________________________________
25. What type of security key is generated by the local user software when a
user is connecting to a Cisco ASA through a remote-access SSL VPN?
asymmetric key
digitally signed private key
shared-secret key*
digitally signed public key
_______________________________________________________________
26. What is one advantage of using a Cisco ASA for remote networking VPN
deployment compared to a Cisco ISR?
28. In what two phases of the system development life cycle does risk
assessment take place? (Choose two.)
operation and maintenance
disposition
implementation
initiation*
acquisition and development*
_______________________________________________________________
29. What is one benefit of implementing a secure email service by using the
Cisco Email Security Appliance (ESA)?
30.
Refer to the exhibit. The administrator can ping the S0/0/1 interface of
RouterB but is unable to gain Telnet access to the router by using the
password cisco123. What is a possible cause of the problem?
The Telnet connection between RouterA and RouterB is not working correctly.
The enable password and the Telnet password need to be the same.
The password cisco123 is wrong.*
The administrator does not have enough rights on the PC that is being used.
_______________________________________________________________
32. Which STP port type is permitted to forward traffic, but is not the port
closest to the root bridge?
root port
designated port*
backup port
alternate port*
_______________________________________________________________
33.
to deny inbound IPv6 and SSH traffic unless it originates from within the
organization
to allow inbound traffic from only designated sources
to allow SSH connections initiated from the Internet to enter the
network*
to deny all inbound traffic and log TCP and UDP transmissions
_______________________________________________________________
34.
36.
37. Which two security features can cause a switch port to become error-
disabled? (Choose two.)
storm control with the trap option
PortFast with BPDU guard enabled*
port security with the shutdown violation mode*
root guard
protected ports
_______________________________________________________________
38. What are three goals of a port scan attack? (Choose three.)
41. What are two characteristics of an acceptable use policy? (Choose two.)
42.
Refer to the exhibit. Which pair of crypto isakmp key commands would
correctly configure PSK on the two routers?
R1# crypto isakmp key ciscopass address 209.165.200.226
R2# crypto isakmp key secure address 209.165.200.227
43. What are two features of Cisco Easy VPN Server? (Choose two.)
44.
PortFast
BPDU guard*
root guard
BDPU filter
_______________________________________________________________
pattern-based detection
policy-based detection
honey pot-based detection
anomaly-based detection*
_______________________________________________________________
47. Why does a worm pose a greater threat than a virus poses?
49. Which two commands are needed on every IPv6 ACL to allow IPv6
neighbor discovery? (Choose two.)
permit ipv6 any any fragments
permit icmp any any nd-ns*
permit icmp any any echo-reply
permit icmp any any nd-na*
permit tcp any any ack
permit ipv6 any any routing
_______________________________________________________________
50. A network technician has been asked to design a virtual private network
between two branch routers. Which type of cryptographic key should be used
in this scenario?
asymmetric key*
hash key
symmetric key
digital signature
_______________________________________________________________
Refer to the exhibit. What is the purpose of the highlighted inspect line?