Cisco Final Exam

Description

Educación Quiz on Cisco Final Exam, created by Alejandro Lujan on 24/11/2024.
Alejandro Lujan
Quiz by Alejandro Lujan, updated about 5 hours ago
Alejandro Lujan
Created by Alejandro Lujan 3 days ago
0
0

Resource summary

Question 1

Question
ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.):
Answer
  • specifying internal hosts for NAT
  • identifying traffic for QoS
  • specifying source addresses for authentication
  • reorganizing traffic into VLANs
  • filtering VTP packets

Question 2

Question
What two features are added in SNMPv3 to address the weaknesses of previous versions of SNMP? (Choose two.)
Answer
  • authentication
  • authorization with community string priority
  • bulk MIB objects retrieval
  • ACL management filtering
  • encryption

Question 3

Question
What network testing tool is used for password auditing and recovery?
Answer
  • Nessus
  • Metasploit
  • L0phtcrack
  • SuperScan

Question 4

Question
Which type of firewall makes use of a server to connect to destination devices on behalf of clients?
Answer
  • packet filtering firewall
  • proxy firewall
  • stateless firewall
  • stateful firewall

Question 5

Question
Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5506-X?
Answer
  • host 192.168.1.4
  • range 192.168.1.10 192.168.1.20
  • host 192.168.1.3, host 192.168.1.4, and range 192.168.1.10 192.168.1.20
  • host 192.168.1.3
  • host 192.168.1.3 and host 192.168.1.4
  • host 192.168.1.4 and range 192.168.1.10 192.168.1.20

Question 6

Question
Refer to the exhibit. According to the command output, which three statements are true about the DHCP options entered on the ASA? (Choose three.)
Answer
  • The dhcpd address [ start-of-pool ]-[ end-of-pool ] inside command was issued to enable the DHCP server.
  • The dhcpd address [ start-of-pool ]-[ end-of-pool ] inside command was issued to enable the DHCP client.
  • The dhcpd enable inside command was issued to enable the DHCP server.
  • The dhcpd auto-config outside command was issued to enable the DHCP client.
  • The dhcpd auto-config outside command was issued to enable the DHCP server.
  • The dhcpd enable inside command was issued to enable the DHCP client.

Question 7

Question
Which two statements describe the characteristics of symmetric algorithms? (Choose two.)
Answer
  • They are commonly used with VPN traffic.
  • They use a pair of a public key and a private key.
  • They are commonly implemented in the SSL and SSH protocols.
  • hey provide confidentiality, integrity, and availability.
  • They are referred to as a pre-shared key or secret key.

Question 8

Question
A web server administrator is configuring access settings to require users to authenticate first before accessing certain web pages. Which requirement of information security is addressed through the configuration?
Answer
  • availability
  • integrity
  • scalability
  • confidentiality

Question 9

Question
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?
Answer
  • authentication
  • nonrepudiation
  • integrity
  • Diffie-Hellman
  • confidentiality

Question 10

Question
What function is provided by Snort as part of the Security Onion?
Answer
  • to generate network intrusion alerts by the use of rules and signatures
  • to normalize logs from various NSM data logs so they can be represented, stored, and accessed through a common schema
  • to display full-packet captures for analysis
  • to view pcap transcripts generated by intrusion detection tools

Question 11

Question
What are two drawbacks to using HIPS? (Choose two.)
Answer
  • With HIPS, the success or failure of an attack cannot be readily determined.
  • With HIPS, the network administrator must verify support for all the different operating systems used in the network.
  • HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.
  • If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.
  • HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.

Question 12

Question
In an AAA-enabled network, a user issues the configure terminal command from the privileged executive mode of operation. What AAA function is at work if this command is rejected?
Answer
  • authorization
  • authentication
  • auditing
  • accounting

Question 13

Question
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
Answer
  • automation
  • accounting
  • authentication
  • authorization

Question 14

Question
What is a characteristic of a DMZ zone?
Answer
  • Traffic originating from the inside network going to the DMZ network is not permitted.
  • Traffic originating from the outside network going to the DMZ network is selectively permitted.
  • Traffic originating from the DMZ network going to the inside network is permitted.
  • Traffic originating from the inside network going to the DMZ network is selectively permitted.

Question 15

Question
Which measure can a security analyst take to perform effective security monitoring against network traffic encrypted by SSL technology?
Answer
  • Use a Syslog server to capture network traffic.
  • Deploy a Cisco SSL Appliance.
  • Require remote access connections through IPsec VPN.
  • Deploy a Cisco ASA.

Question 16

Question
Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?
Answer
  • Frames from PC1 will be forwarded since the switchport port-security violation command is missing.
  • Frames from PC1 will be forwarded to its destination, and a log entry will be created.
  • Frames from PC1 will be forwarded to its destination, but a log entry will not be created.
  • Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
  • Frames from PC1 will be dropped, and there will be no log of the violation.
  • Frames from PC1 will be dropped, and a log message will be created.

Question 17

Question
What security countermeasure is effective for preventing CAM table overflow attacks?
Answer
  • DHCP snooping
  • Dynamic ARP Inspection
  • IP source guard
  • port security

Question 18

Question
What are two examples of DoS attacks? (Choose two.)
Answer
  • SQL injection
  • ping of death
  • port scanning
  • phishing
  • buffer overflow

Question 19

Question
Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel?
Answer
  • transform sets
  • a permit access list entry
  • hashing algorithms
  • a security association

Question 20

Question
When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
Answer
  • the hash
  • the peer
  • encryption
  • the ISAKMP policy
  • a valid access list
  • IP addresses on all active interfaces
  • the IKE Phase 1 policy

Question 21

Question
How does a firewall handle traffic when it is originating from the public network and traveling to the DMZ network?
Answer
  • Traffic that is originating from the public network is inspected and selectively permitted when traveling to the DMZ network.
  • Traffic that is originating from the public network is usually permitted with little or no restriction when traveling to the DMZ network.
  • Traffic that is originating from the public network is usually forwarded without inspection when traveling to the DMZ network.
  • Traffic that is originating from the public network is usually blocked when traveling to the DMZ network.

Question 22

Question
A client connects to a Web server. Which component of this HTTP connection is not examined by a stateful firewall?
Answer
  • the source IP address of the client traffic
  • the destination port number of the client traffic
  • the actual contents of the HTTP connection
  • the source port number of the client traffic

Question 23

Question
Which network monitoring technology uses VLANs to monitor traffic on remote switches?
Answer
  • IPS
  • IDS
  • TAP
  • RSPAN

Question 24

Question
Which rule action will cause Snort IPS to block and log a packet?
Answer
  • log
  • drop
  • alert
  • Sdrop

Question 25

Question
What is typically used to create a security trap in the data center facility?
Answer
  • IDs, biometrics, and two access doors
  • high resolution monitors
  • redundant authentication servers
  • a server without all security patches applied

Question 26

Question
A company is concerned with leaked and stolen corporate data on hard copies. Which data loss mitigation technique could help with this situation?
Answer
  • strong PC security settings
  • strong passwords
  • shredding
  • encryption

Question 27

Question
Upon completion of a network security course, a student decides to pursue a career in cryptanalysis. What job would the student be doing as a cryptanalyst?
Answer
  • cracking code without access to the shared secret key
  • creating hashing codes to authenticate data
  • making and breaking secret codes
  • creating transposition and substitution ciphers

Question 28

Question
What command is used on a switch to set the port access entity type so the interface acts only as an authenticator and will not respond to any messages meant for a supplicant?
Answer
  • dot1x pae authenticator
  • authentication port-control auto
  • aaa authentication dot1x default group radius
  • dot1x system-auth-control

Question 29

Question
What are two disadvantages of using an IDS? (Choose two.)
Answer
  • The IDS does not stop malicious traffic.
  • The IDS works offline using copies of network traffic.
  • The IDS has no impact on traffic.
  • The IDS analyzes actual forwarded packets.
  • The IDS requires other devices to respond to attacks.

Question 30

Question
Refer to the exhibit. The ip verify source command is applied on untrusted interfaces. Which type of attack is mitigated by using this configuration?
Answer
  • DHCP spoofing
  • DHCP starvation
  • STP manipulation
  • MAC and IP address spoofing

Question 31

Question
What ports can receive forwarded traffic from an isolated port that is part of a PVLAN?
Answer
  • other isolated ports and community ports
  • only promiscuous ports
  • all other ports within the same community
  • only isolated ports

Question 32

Question
A user complains about being locked out of a device after too many unsuccessful AAA login attempts. What could be used by the network administrator to provide a secure authentication access method without locking a user out of a device?
Answer
  • Use the login delay command for authentication attempts.
  • Use the login local command for authenticating user access.
  • Use the aaa local authentication attempts max-fail global configuration mode command with a higher number of acceptable failures.
  • Use the none keyword when configuring the authentication method list.

Question 33

Question
What are two drawbacks in assigning user privilege levels on a Cisco router? (Choose two.)
Answer
  • Only a root user can add or remove commands.
  • Privilege levels must be set to permit access control to specific device interfaces, ports, or slots.
  • Assigning a command with multiple keywords allows access to all commands using those keywords.
  • Commands from a lower level are always executable at a higher level.
  • AAA must be enabled.

Question 34

Question
Refer to the exhibit. Which conclusion can be made from the show crypto map command output that is shown on R1?
Answer
  • The crypto map has not yet been applied to an interface.
  • The current peer IP address should be 172.30.2.1.
  • There is a mismatch between the transform sets.
  • The tunnel configuration was established and can be tested with extended pings.

Question 35

Question
What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)
Answer
  • to prevent data traffic from being redirected and then discarded
  • to ensure faster network convergence
  • to provide data security through encryption
  • to prevent redirection of data traffic to an insecure link
  • to ensure more efficient routing

Question 36

Question
Which three functions are provided by the syslog logging service? (Choose three.)
Answer
  • gathering logging information
  • authenticating and encrypting data sent over the network
  • retaining captured messages on the router when a router is rebooted
  • specifying where captured information is stored
  • distinguishing between information to be captured and information to be ignored
  • setting the size of the logging buffer

Question 37

Question
What two ICMPv6 message types must be permitted through IPv6 access control lists to allow resolution of Layer 3 addresses to Layer 2 MAC addresses? (Choose two.)
Answer
  • neighbor solicitations
  • echo requests
  • neighbor advertisements
  • echo replies
  • router solicitations
  • router advertisements

Question 38

Question
Which three services are provided through digital signatures? (Choose three.)
Answer
  • accounting
  • authenticity
  • compression
  • nonrepudiation
  • integrity
  • encryption

Question 39

Question
A technician is to document the current configurations of all network devices in a college, including those in off-site buildings. Which protocol would be best to use to securely access the network devices?
Answer
  • FTP
  • HTTP
  • SSH
  • Telnet

Question 40

Question
An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.)
Answer
  • All devices must be insured against liability if used to compromise the corporate network.
  • All devices must have open authentication with the corporate network.
  • Rights and activities permitted on the corporate network must be defined.
  • Safeguards must be put in place for any personal device being compromised.
  • The level of access of employees when connecting to the corporate network must be defined.
  • All devices should be allowed to attach to the corporate network flawlessly.

Question 41

Question
What is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall?
Answer
  • logging of rejected or dropped packets
  • inspecting traffic between zones for traffic control
  • tracking the state of connections between zones
  • forwarding traffic from one zone to another

Question 42

Question
Refer to the exhibit. Based on the security levels of the interfaces on ASA1, what traffic will be allowed on the interfaces?
Answer
  • Traffic from the Internet and DMZ can access the LAN.
  • Traffic from the Internet and LAN can access the DMZ.
  • Traffic from the Internet can access both the DMZ and the LAN.
  • Traffic from the LAN and DMZ can access the Internet.

Question 43

Question
What network testing tool can be used to identify network layer protocols running on a host?
Answer
  • SIEM
  • Nmap
  • L0phtcrack
  • Tripwire

Question 44

Question
In the implementation of security on multiple devices, how do ASA ACLs differ from Cisco IOS ACLs?
Answer
  • Cisco IOS routers utilize both named and numbered ACLs and Cisco ASA devices utilize only numbered ACLs.
  • Cisco IOS ACLs are configured with a wildcard mask and Cisco ASA ACLs are configured with a subnet mask.
  • Cisco IOS ACLs are processed sequentially from the top down and Cisco ASA ACLs are not processed sequentially.
  • Cisco IOS ACLs utilize an implicit deny all and Cisco ASA ACLs end with an implicit permit all.

Question 45

Question
Which statement describes an important characteristic of a site-to-site VPN?
Answer
  • It must be statically set up.
  • It is ideally suited for use by mobile workers.
  • It requires using a VPN client on the host PC.
  • After the initial connection is established, it can dynamically change connection information.
  • It is commonly implemented over dialup and cable modem networks.

Question 46

Question
Which two options are security best practices that help mitigate BYOD risks? (Choose two.)
Answer
  • Use paint that reflects wireless signals and glass that prevents the signals from going outside the building.
  • Keep the device OS and software updated.
  • Only allow devices that have been approved by the corporate IT team.
  • Only turn on Wi-Fi when using the wireless network.
  • Decrease the wireless antenna gain level.
  • Use wireless MAC address filtering.

Question 47

Question
Refer to the exhibit. A network administrator configures AAA authentication on R1. Which statement describes the effect of the keyword single-connection in the configuration?
Answer
  • R1 will open a separate connection to the TACACS+ server for each user authentication session.
  • The authentication performance is enhanced by keeping the connection to the TACACS+ server open.
  • The TACACS+ server only accepts one successful try for a user to authenticate with it.
  • R1 will open a separate connection to the TACACS server on a per source IP address basis for each authentication session.

Question 48

Question
A recently created ACL is not working as expected. The admin determined that the ACL had been applied inbound on the interface and that was the incorrect direction. How should the admin fix this issue?
Answer
  • Delete the original ACL and create a new ACL, applying it outbound on the interface.
  • Add an association of the ACL outbound on the same interface.
  • Fix the ACE statements so that it works as desired inbound on the interface.
  • Remove the inbound association of the ACL on the interface and reapply it outbound.

Question 49

Question
What characteristic of the Snort term-based subscriptions is true for both the community and the subscriber rule sets?
Answer
  • Both have a 30-day delayed access to updated signatures.
  • Both use Cisco Talos to provide coverage in advance of exploits.
  • Both are fully supported by Cisco and include Cisco customer support.
  • Both offer threat protection against security threats.

Question 50

Question
A security analyst is configuring Snort IPS. The analyst has just downloaded and installed the Snort OVA file. What is the next step?
Answer
  • Verify Snort IPS.
  • Configure Virtual Port Group interfaces.
  • Enable IPS globally or on desired interfaces.
  • Activate the virtual services.

Question 51

Question
The security policy in a company specifies that employee workstations can initiate HTTP and HTTPS connections to outside websites and the return traffic is allowed. However, connections initiated from outside hosts are not allowed. Which parameter can be used in extended ACLs to meet this requirement?
Answer
  • dscp
  • precedence
  • eq
  • established

Question 52

Question
A researcher is comparing the differences between a stateless firewall and a proxy firewall. Which two additional layers of the OSI model are inspected by a proxy firewall? (Choose two.)
Answer
  • Layer 3
  • Layer 4
  • Layer 5
  • Layer 6
  • Layer 7

Question 53

Question
Refer to the exhibit. A network administrator is configuring a VPN between routers R1 and R2. Which commands would correctly configure a pre-shared key for the two routers?
Answer
  • R1(config)# username R2 password 5tayout! R2(config)# username R1 password 5tayout!
  • R1(config)# crypto isakmp key 5tayout! address 64.100.0.2 R2(config)# crypto isakmp key 5tayout! address 64.100.0.1
  • R1(config)# crypto isakmp key 5tayout! hostname R1 R2(config)# crypto isakmp key 5tayout! hostname R2
  • R1(config-if)# ppp pap sent-username R1 password 5tayout! R2(config-if)# ppp pap sent-username R2 password 5tayout!

Question 54

Question
Refer to the exhibit. Which statement is true about the effect of this Cisco IOS zone-based policy firewall configuration?
Answer
  • The firewall will automatically drop all HTTP, HTTPS, and FTP traffic.
  • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0 and will track the connections. Tracking the connection allows only return traffic to be permitted through the firewall in the opposite direction.
  • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from s0/0/0 to g0/0, but will not track the state of connections. A corresponding policy must be applied to allow return traffic to be permitted through the firewall in the opposite direction.
  • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0 and will track the connections. Tracking the connection allows only return traffic to be permitted through the firewall in the opposite direction.
  • return traffic to be permitted through the firewall in the opposite direction.
  • The firewall will automatically allow HTTP, HTTPS, and FTP traffic from g0/0 to s0/0/0, but will not track the state of connections. A corresponding policy must be applied to allow return traffic to be permitted through the firewall in the opposite direction.

Question 55

Question
Which privilege level has the most access to the Cisco IOS?
Answer
  • level 0
  • level 15
  • level 7
  • level 16
  • level 1

Question 56

Question
Refer to the exhibit. A network administrator has configured NAT on an ASA device. What type of NAT is used?
Answer
  • inside NAT
  • static NAT
  • bidirectional NAT
  • outside NAT

Question 57

Question
A network analyst is configuring a site-to-site IPsec VPN. The analyst has configured both the ISAKMP and IPsec policies. What is the next step?
Answer
  • Configure the hash as SHA and the authentication as pre-shared.
  • Apply the crypto map to the appropriate outbound interfaces.
  • Issue the show crypto ipsec sa command to verify the tunnel.
  • Verify that the security feature is enabled in the IOS.

Question 58

Question
When an inbound Internet-traffic ACL is being implemented, what should be included to prevent the spoofing of internal networks?
Answer
  • ACEs to prevent traffic from private address spaces
  • ACEs to prevent broadcast address traffic
  • ACEs to prevent ICMP traffic
  • ACEs to prevent HTTP traffic
  • ACEs to prevent SNMP traffic

Question 59

Question
Which two types of attacks are examples of reconnaissance attacks? (Choose two.)
Answer
  • brute force
  • port scan
  • ping sweep
  • man-in-the-middle
  • SYN flood

Question 60

Question
Which Cisco solution helps prevent ARP spoofing and ARP poisoning attacks?
Answer
  • Dynamic ARP Inspection
  • IP Source Guard
  • DHCP Snooping
  • Port Security

Question 61

Question
When the Cisco NAC appliance evaluates an incoming connection from a remote device against the defined network policies, what feature is being used?
Answer
  • posture assessment
  • remediation of noncompliant systems
  • authentication and authorization
  • quarantining of noncompliant systems

Question 62

Question
Which two steps are required before SSH can be enabled on a Cisco router? (Choose two.)
Answer
  • Give the router a host name and domain name.
  • Create a banner that will be displayed to users when they connect.
  • Generate a set of secret keys to be used for encryption and decryption.
  • Set up an authentication server to handle incoming connection requests.
  • Enable SSH on the physical interfaces where the incoming connection requests will be received.

Question 63

Question
The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee?
Answer
  • confidentiality
  • authentication
  • integrity
  • nonrepudiation

Question 64

Question
What functionality is provided by Cisco SPAN in a switched network?
Answer
  • It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.
  • It protects the switched network from receiving BPDUs on ports that should not be receiving them.
  • It prevents traffic on a LAN from being disrupted by a broadcast storm.
  • It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.
  • It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.
  • It mitigates MAC address overflow attacks.

Question 65

Question
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
Answer
  • Filter unwanted traffic before it travels onto a low-bandwidth link.
  • Place standard ACLs close to the destination IP address of the traffic.
  • Place standard ACLs close to the source IP address of the traffic.
  • Place extended ACLs close to the destination IP address of the traffic.
  • Place extended ACLs close to the source IP address of the traffic.
  • For every inbound ACL placed on an interface, there should be a matching outbound ACL.

Question 66

Question
What function is performed by the class maps configuration object in the Cisco modular policy framework?
Answer
  • identifying interesting traffic
  • applying a policy to an interface
  • applying a policy to interesting traffic
  • restricting traffic through an interface

Question 67

Question
In an attempt to prevent network attacks, cyber analysts share unique identifiable attributes of known attacks with colleagues. What three types of attributes or indicators of compromise are helpful to share? (Choose three.)
Answer
  • IP addresses of attack servers
  • changes made to end system software
  • netbios names of compromised firewalls
  • features of malware files
  • BIOS of attacking systems
  • system ID of compromised systems

Question 68

Question
What two assurances does digital signing provide about code that is downloaded from the Internet? (Choose two.)
Answer
  • The code is authentic and is actually sourced by the publisher.
  • The code contains no errors.
  • The code has not been modified since it left the software publisher.
  • The code contains no viruses.
  • The code was encrypted with both a private and public key.

Question 69

Question
Refer to the exhibit. What algorithm is being used to provide public key exchange?
Answer
  • SHA
  • RSA
  • Diffie-Hellman
  • AES

Question 70

Question
Which two statements describe the use of asymmetric algorithms? (Choose two.)
Answer
  • Public and private keys may be used interchangeably.
  • If a public key is used to encrypt the data, a public key must be used to decrypt the data.
  • If a private key is used to encrypt the data, a public key must be used to decrypt the data.
  • If a public key is used to encrypt the data, a private key must be used to decrypt the data.
  • If a private key is used to encrypt the data, a private key must be used to decrypt the data.

Question 71

Question
Which statement is a feature of HMAC?
Answer
  • HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
  • HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.
  • HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
  • HMAC is based on the RSA hash function.

Question 72

Question
What is the purpose of the webtype ACLs in an ASA?
Answer
  • to inspect outbound traffic headed towards certain web sites
  • to restrict traffic that is destined to an ASDM
  • to monitor return traffic that is in response to web server requests that are initiated from the inside interface
  • to filter traffic for clientless SSL VPN users

Question 73

Question
Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)
Answer
  • The first 28 bits of a supplied IP address will be matched.
  • The last four bits of a supplied IP address will be matched.
  • The first 28 bits of a supplied IP address will be ignored.
  • The last four bits of a supplied IP address will be ignored.
  • The last five bits of a supplied IP address will be ignored.
  • The first 32 bits of a supplied IP address will be matched.

Question 74

Question
Which type of firewall is the most common and allows or blocks traffic based on Layer 3, Layer 4, and Layer 5 information?
Answer
  • stateless firewall
  • packet filtering firewall
  • next generation firewall
  • stateful firewall

Question 75

Question
Which protocol or measure should be used to mitigate the vulnerability of using FTP to transfer documents between a teleworker and the company file server?
Answer
  • SCP
  • TFTP
  • ACLs on the file server
  • out-of-band communication channel

Question 76

Question
Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?
Answer
  • HTTPS packets to PC1
  • ICMPv6 packets that are destined to PC1
  • packets that are destined to PC1 on port 80
  • neighbor advertisements that are received from the ISP router

Question 77

Question
What tool is available through the Cisco IOS CLI to initiate security audits and to make recommended configuration changes with or without administrator input?
Answer
  • Control Plane Policing
  • Cisco AutoSecure
  • Cisco ACS
  • Simple Network Management Protocol

Question 78

Question
Refer to the exhibit. Which pair of crypto isakmp key commands would correctly configure PSK on the two routers?
Answer
  • R1(config)# crypto isakmp key cisco123 address 209.165.200.227 R2(config)# crypto isakmp key cisco123 address 209.165.200.226
  • R1(config)# crypto isakmp key cisco123 address 209.165.200.226 R2(config)# crypto isakmp key cisco123 address 209.165.200.227
  • R1(config)# crypto isakmp key cisco123 hostname R1 R2(config)# crypto isakmp key cisco123 hostname R2
  • R1(config)# crypto isakmp key cisco123 address 209.165.200.226 R2(config)# crypto isakmp key secure address 209.165.200.227

Question 79

Question
Which two technologies provide enterprise-managed VPN solutions? (Choose two.)
Answer
  • Layer 3 MPLS VPN
  • Frame Relay
  • site-to-site VPN
  • remote access VPN
  • Layer 2 MPLS VPN

Question 80

Question
What are the three components of an STP bridge ID? (Choose three.)
Answer
  • the date and time that the switch was brought online
  • the hostname of the switch
  • the MAC address of the switch
  • the extended system ID
  • the bridge priority value
  • the IP address of the management VLAN
Show full summary Hide full summary

Similar

diapositivas constructivismo
Katita Salgado
Introducción a Desarrollo de Habilidades de Pensamiento (DHP)
Sebastian Moreno Rodriguez
Pedagogía general para la enseñanza de las ciencias
Leonardo Ibañez Calvo
EL CENTRO ESCOLAR COMO ORGANIZACIÓN, SISTEMA SOCIAL Y COMUNIDAD
Lorena Hernandez
TEORÍAS EDUCATIVAS/UNIVERSIDAD PANAMERICANA
Teodoro Alberto Pérez Duering
MAPA MENTAL
blanca beatriz m
Las TIC y la Educación
Carlos Vásquez
Propuesta de Investigación
Luz Angela Cardona Arce
Test sobre la Biodiversidad
Kathya Franco
planificacion del proceso didáctico: objetivos y fines
Angelica Barreto