This action might not be possible to undo. Are you sure you want to continue?
1 When audit trails are enabled with the ip inspect audit-trail command, which messages will appear in the syslog? all packets that enter the specified interface all TCP packets all stateful inspection sessions all packets that match an ACL 2 [Picture X] Refer to the exhibit. An administrator has implemented a stateful IOS firewall configuration that allows internal users access to Internet websites. However, users have reported that they cannot do so. Based on the configuration in the exhibit, what change should be made to allow the firewall to function as planned? R1(config)# interface Fa0/1 R1(config-if)# no ip access-group DENY out R1(config-if)# ip access-group DENY in R1(config)# no ip inspect name FWALL http R1(config)# ip inspect name DENY http x R1(config)# interface Fa0/1 R1(config-if)# no ip inspect FWALL out R1(config-if)# ip inspect FWALL in R1(config)# no ip access-list extended DENY R1(config)# ip access-list extended DENY R1(config-ext-nacl)# permit ip any any 3 Which two security features could be implemented in the network control plane? (Choose two.) x which devices will exchange routing updates who can alter the configuration of a network device which locations can alter the configuration of network devices x which device will become the root device in an STP selection process who can access network device operational logs and interface statistics 4 [Picture X] Refer to the exhibit. Router R1 no longer receives routing updates from other EIGRP neighbors. Based on the output in the exhibit, what could be the cause of this problem? Interface FastEthernet 0/0 has been configured as a passive interface. Interface FastEthernet 0/0 has not been configured to support authentication. Interface FastEthernet 0/0 is administratively shut down. The EIGRP peer has not been configured to support authentication. There are no valid EIGRP neighbors connected to interface FastEthernet 0/0. 5 [Picture X] Refer to the exhibit. A legitimate user experienced a problem while attempting to gain access to the router EXEC shell. To investigate the situation, a network administrator issued debug tacacs and debug aaa authentication commands on the router. Based on the provided output, what could be the problem? The user credentials are rejected by the TACACS+ server. The user credentials stored in the local database do not match the credentials on the TACACS+ server. The user fails the authentication because the TACAS+ server does not have a profile set up to authorize CHAP. The user fails the authentication because router R1 cannot connect to the TACACS+ server. 6 [Picture X] Refer to the exhibit. Which statement about the debug radius authentication output is correct? The RADIUS server is unreachable.
2.The user raduser has been authenticated. Determine if the user should have connectivity based on the security policy of the organization and the type of traffic being generated. What step should the administrator take next? Move the workstation to a port that is configured for the VLAN. why is the 10. 11 [Picture X] Refer to the exhibit. 8 [Picture X] Refer to the exhibit. Determine if the connectivity problem is affecting all users.) ICMP must be denied. 12 A network administrator has received a report from a user about being unable to access the server that houses employee records. The network administrator has decided to create an IPsec tunnel between the HQ and BRANCH routers. TCP ports 50 and 51 must be permitted.252. The tunnel key has been improperly configured.31. 7 [Picture X] Refer to the exhibit. The ESP and AH protocols must be permitted. What two changes must be made to the existing ACL in order to allow the formation of the tunnel? (Choose two. The administrator has determined that the problem is with the branch office configuration.31. The tunnel is reported as being active at both ends. The tunnel encapsulation is improperly configured. A network administrator is attempting to connect a branch office to headquarters through a VPN tunnel. 10 What is the first step in troubleshooting connectivity issues in a secured network environment? Determine when the connectivity problem first appeared. The AAA security server has authorized the user Admin to use privilege level 15 EXEC commands. The tunnel destination end point has been improperly configured.50. The user Admin attempted to gain Telnet access to the device. The user raduser is on a device with the IP address of 10. The first method defined by the default authentication method list is TACACS+.2. 9 [Picture X] Refer to the exhibit.1. but the 10. Determine if any access lists were added or modified immediately prior to the reporting of the connectivity problems. Based on the debug aaa authentication and debug tacacs outputs. Based on the output as shown. The user with the IP address 172.15 has been authorized to use privileged EXEC mode.2.1.15 to log in to the router is unsuccessful. The established keyword must be removed from statement 10. The server is on a restricted VLAN and the user workstation is not assigned to this VLAN. which statement is true? The authentication process verifies the user credentials to the local database. The attempt of a remote user with the IP address 172.0/24 network not appearing in the routing table? The tunnel protocol is improperly set. Based on the provided debug aaa authorization and debug tacacs command output.2. Add the port connected to the workstation to the VLAN and test connectivity.60. UDP port 500 must be permitted.1. which statement is true? x The authorization method used for user Admin was TACACS+. Determine if disabling all security features on the network re-establishes connectivity. .60.0/24 network is not appearing in the routing table at the branch end. The IP address of the RADIUS server is 10. The tunnel bandwidth is insufficient for EIGRP updates. The AAA security server authorized the user Admin to perform the requested command. IP must be permitted between the two ends of the tunnel.50.
Set the default gateway of Computer1 to 128. The session will be blocked because of the NAT configuration on R1. 14 What would be the outcome of the no service password-recovery command enabled on the router? The secret password can be recovered but not the original configuration.Move the server to a trunk link so that multiple VLANs can access the records. 13 [Picture X] Refer to the exhibit. until closed or when the idle timer expires. Hosts from the Internet will be allowed to initiate sessions with internal hosts that are using HTTP. After the configuration is applied.) Dynamic Host Configuration Protocol (DHCP) First Hop Redundancy Protocols (FHRP) x Address Resolution Protocol (ARP) multicast routing protocols x unicast routing protocols x Spanning Tree Protocol (STP) 18 Which technology prevents CPU overloading of infrastructure devices? Simple Network Management Protocol Cisco Express Forwarding x Control Plane Policing Access Control Lists 19 [Picture X] Refer to the exhibit. SSH is not enabled on the VTY lines of a switch.229. HTTP sessions that are initiated from internal hosts to Internet hosts will be tracked and allowed. internal hosts cannot reach Internet hosts. tunnel 1 is flapping.) The limit of one HTTP session has been reached.50. An ACL is blocking TCP traffic to a server. What is the expected behavior of the configured firewall when internal hosts attempt to access web sites on the Internet? The rule FWALL will inspect all HTTP traffic for viruses before allowing the traffic through. Return traffic from the untrusted Internet host on port 80 will be permitted.107. 16 What is considered a control plane issue? x A wrong key is used by OSPF. The original configuration of the device can be recovered but not the secret password. The original configuration and passwords of the device can be recovered using the password recovery procedure. Review the security policy to determine if the user should have access to the VLAN. A network technician has just configured router East to establish a tunnel to router West. 17 Which three control plane protocols influence the data structures used by the data plane to forward unicast packets in the core network? (Choose three. The network administrator account is disabled on the RADIUS server. What needs to be done to stop this flapping? Make tunnel 1 on router East an EIGRP passive interface. What two facts can be determined from the output? (Choose two. The original configuration and passwords of the device cannot be recovered using the password recovery procedure. The firewall is tracking an HTTP session that was initiated by an internal trusted host. . 15 [Picture X] Refer to the exhibit. Because all IP traffic is blocked by the access-list DENY. A network administrator issued the show ip inspect sessions command on R1 to investigate the status of the firewall. The firewall has been configured to monitor SIS traffic.
25.) DHCP Snooping BPDU Guard Private VLANs BPDU Filtering IP Source Guard Dynamic ARP Inspection .2.133.219. Change the configuration on router East such that the destination of tunnel 1 is 192.0.168. 20 Which two features should be enabled to secure DHCP and ARP? (Choose two.Add a static route on router East out S0/0/0 to 198.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.