Professional Documents
Culture Documents
Engineers
Demo
A. DES
B. 3DES
C. RC5
D. IDEA
E. ECC
F. AES
Answer: F
2. Which Cisco software agent uses content scanning to identify sensitive content and controls the
transfer of sensitive content off the local endpoint over removable storage, locally or network-attached
hardware, or network applications?
Answer: D
3. Cisco Security MARS and Cisco Security Manager can work together to perform which two
functions? (Choose two.)
E. false-positive tuning
F. incident-vector analysis
Answer: CD
B. XAUTH
C. mode configuration
E. Diffie-Hellman (DH)
F. pre-shared key
Answer: B
5. Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs
is correct?
A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames
and passwords.
B. VPN servers authenticate by using digital certificates, and users authenticate by using
usernames and passwords.
C. VPN servers authenticate by using digital certificates, and users authenticate by using
pre-shared keys.
Answer: B
6. Cisco IOS Flexible Packet Matching (FPM) is an example of which kind of network security
technology?
E. proxy firewall
F. IPS
Answer: A
A. pre-login assessment
B. application plug-ins
C. secure vault
D. Cache Cleaner
F. smart tunnel
Answer: ACDE
8. Which of the followings are two of the key criteria to use when sizing which Cisco Security
MARS model to deploy? (Choose two.)
A. monitoring and reporting protocols being used (e.g., syslog versus SNMP)
C. events-storage requirements
D. database-reporting requirements
F. auto-mitigation requirements
Answer: CE
9. What should be configured to maintain symmetric flow of traffic when using the Gateway Load
Balancing Protocol to enable high-availability Cisco IOS firewalls?
A. policy-based routing
B. static routing
C. dynamic routing
D. CEF
F. reflexive ACL
Answer: E
Test4Exam help you Test any it exam! http://www.Test4Exam.com
Test 4 Exam
10. Which Cisco Security Management product supports both Cisco and third party security
products?
A. Cisco IME
B. Cisco ASDM
F. Cisco SDM
Answer: D
11. What is the primary reason that GET VPN is not deployed over the public Internet?
B. because GET VPN preserves the original source and destination IP addresses, which may be
private addresses that are not routable over the Internet
C. because GET VPN uses IPsec transport mode, which would expose the IP addresses to the
public if using the Internet
D. because the GET VPN group members use multicast to register with the key servers
E. because the GET VPN key servers and group members requires a secure path to exchange the
Key Encryption Key (KEK) and the Trafflc Encryption Key (TEK)
Answer: B
12. What are two differences between symmetric and asymmetric encryption algorithms?
(Choose two.)
A. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk
encryption.
C. Asymmetric encryption requires a much larger key size to achieve the same level of protection
as symmetric encryption.
Answer: BC
Test4Exam help you Test any it exam! http://www.Test4Exam.com
Test 4 Exam
13. What is implemented on Cisco IP Phones so that they can authenticate itself before gaining
network access?
D. AAA client
F. one-time password
Answer: C
14. The Cisco ASA can use which three network controls or technologies to filter network traffic?
(Choose three.)
E. XML firewalling
Answer: ABF
15. The Cisco ACE 4710 Appliance can be used in the enterprise data center to provide which
three functions? (Choose three.)
B. anti-spoofing protection
C. XML firewalling
Answer: ADEr: C