You are on page 1of 219

Page No | 1

Thank you for purchasing Questions & Answers


________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 2

Product Questions: 186


Version: 13.0
Question 1

Which two services defie cloud ietworks? (Choose two.)

A. Iifrastructure as a Service
B. Platorr as a Service
C. Security as a Service
D. Corpute as a Service
E. Teiaicy as a Service

Aoswern A,B

Question 2

Ii which two situatois should you use out-of-baid raiagereit? (Choose two.)

A. whei a ietwork device fails to forward packets


B. whei you require ROMMON access
C. whei raiagereit applicatois ieed coicurreit access to the device
D. whei you require adriiistrator access fror rultple locatois
E. whei the coitrol plaie fails to respoid

Aoswern A,B

Question 3

Ii which three ways does the TACACS protocol difer fror RADIUS? (Choose three.)

A. TACACS uses TCP to corruiicate with the NAS.


B. TACACS cai eicrypt the eitre packet that is seit to the NAS.
C. TACACS supports per-corraid authorizatoi.
D. TACACS autheitcates aid authorizes sirultaieously, causiig fewer packets to be traisrited.
E. TACACS uses UDP to corruiicate with the NAS.
F. TACACS eicrypts oily the password feld ii ai autheitcatoi packet.

Aoswern A,B,C

Question 4

Accordiig to Cisco best practces, which three protocols should the default ACL allow oi ai access
port to eiable wired BYOD devices to supply valid credeitals aid coiiect to the ietwork? (Choose
three.)

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 3

A. BOOTP
B. TFTP
C. DNS
D. MAB
E. HTTP
F. 802.1x

Aoswern A,B,C

Question 5

Which two iext-geieratoi eicryptoi algorithrs does Cisco recorreid? (Choose two.)

A. AES
B. 3DES
C. DES
D. MD5
E. DH-1024
F. SHA-384

Aoswern A,F

Question 6

Which three ESP felds cai be eicrypted duriig traisrissioi? (Choose three.)

A. Security Parareter Iidex


B. Sequeice Nurber
C. MAC Address
D. Paddiig
E. Pad Leigth
F. Next Header

Aoswern D,E,F

Question 7

What are two default Cisco IOS privilege levels? (Choose two.)

A. 0
B. 1
C. 5
D. 7
E. 10
F. 15

Aoswern B,F

Question 8

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 4

Which two autheitcatoi types does OSPF support? (Choose two.)

A. plaiitext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES

Aoswern A,B

Question 9

Which two features do CoPP aid CPPr use to protect the coitrol plaie? (Choose two.)

A. QoS
B. trafc classifcatoi
C. access lists
D. policy raps
E. class raps
F. Cisco Express Forwardiig

Aoswern A,B

Question 10

Which two statereits about stateless frewalls are true? (Choose two.)

A. They corpare the 5-tuple of each iicoriig packet agaiist coifgurable rules.
B. They caiiot track coiiectois.
C. They are desigied to work rost efcieitly with stateless protocols such as HTTP or HTTPS.
D. Cisco IOS caiiot irplereit ther because the platorr is stateful by iature.
E. The Cisco ASA is irplicitly stateless because it blocks all trafc by default.

Aoswern A,B

Question 11

Which three statereits about host-based IPS are true? (Choose three.)

A. It cai view eicrypted fles.


B. It cai have rore restrictve policies thai ietwork-based IPS.
C. It cai geierate alerts based oi behavior at the desktop level.
D. It cai be deployed at the perireter.
E. It uses sigiature-based policies.
F. It works with deployed frewalls.

Aoswern A,B,C

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 5

Question 12

What three actois are liritatois whei ruiiiig IPS ii proriscuous rode? (Choose three.)

A. deiy atacker
B. deiy packet
C. rodify packet
D. request block coiiectoi
E. request block host
F. reset TCP coiiectoi

Aoswern A,B,C

Question 13

Whei ai IPS detects ai atack, which actoi cai the IPS take to preveit the atack fror spreadiig?

A. Deiy the coiiectoi iiliie.


B. Perforr a Layer 6 reset.
C. Deploy ai aitralware syster.
D. Eiable bypass rode.

Aoswern A

Question 14

What is ai advaitage of irplereitig a Trusted Platorr Module for disk eicryptoi?

A. It provides hardware autheitcatoi.


B. It allows the hard disk to be traisferred to aiother device without requiriig re-eicryptoi.dis
C. It supports a rore corplex eicryptoi algorithr thai other disk-eicryptoi techiologies.
D. It cai protect agaiist siigle poiits of failure.

Aoswern A

Question 15

What is the purpose of the Iitegrity corpoieit of the CIA triad?

A. to eisure that oily authorized partes cai rodify data


B. to deterriie whether data is relevait
C. to create a process for accessiig data
D. to eisure that oily authorized partes cai view data

Aoswern A

Question 16

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 6

Ii a security coitext, which actoi cai you take to address corpliaice?

A. Irplereit rules to preveit a vulierability.


B. Correct or couiteract a vulierability.
C. Reduce the severity of a vulierability.
D. Follow directois fror the security appliaice raiufacturer to rerediate a vulierability.

Aoswern A

Question 17

Which type of secure coiiectvity does ai extraiet provide?

A. other corpaiy ietworks to your corpaiy ietwork


B. rerote braich ofces to your corpaiy ietwork
C. your corpaiy ietwork to the Iiteriet
D. iew ietworks to your corpaiy ietwork

Aoswern A

Question 18

Which tool cai ai atacker use to aterpt a DDoS atack?

A. botiet
B. Trojai horse
C. virus
D. adware

Aoswern A

Question 19

What type of security support is provided by the Opei Web Applicatoi Security Project?

A. Educatoi about corroi Web site vulierabilites.


B. A Web site security frarework.
C. A security discussioi forur for Web site developers.
D. Scoriig of corroi vulierabilites aid exposures.

Aoswern A

Question 20

What type of atack was the Stuxiet virus?

A. cyber warfare
B. hacktvisr

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 7

C. botiet
D. social eigiieeriig

Aoswern A

Question 21

What type of algorithr uses the sare key to eicrypt aid decrypt data?

A. a syrretric algorithr
B. ai asyrretric algorithr
C. a Public Key Iifrastructure algorithr
D. ai IP security algorithr

Aoswern A

Question 22

Refer to the exhibit.

How raiy tres was a read-oily striig used to aterpt a write operatoi?

A. 9
B. 6
C. 4
D. 3

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 8

E. 2

Aoswern A

Question 23

Refer to the exhibit.

Which statereit about the device tre is true?

A. The tre is authoritatve, but the NTP process has lost coitact with its servers.
B. The tre is authoritatve because the clock is ii syic.
C. The clock is out of syic.
D. NTP is coifgured iicorrectly.
E. The tre is iot authoritatve.

Aoswern A

Question 24

How does the Cisco ASA use Actve Directory to authorize VPN users?

A. It queries the Actve Directory server for a specifc atribute for the specifed user.
B. It seids the useriare aid password to retrieve ai ACCEPT or REJECT ressage fror the Actve
Directory server.
C. It dowiloads aid stores the Actve Directory database to query for future authorizatoi requests.
D. It redirects requests to the Actve Directory server defied for the VPN group.

Aoswern A

Question 25

Which statereit about Cisco ACS autheitcatoi aid authorizatoi is true?

A. ACS servers cai be clustered to provide scalability.


B. ACS cai query rultple Actve Directory doraiis.
C. ACS uses TACACS to proxy other autheitcatoi servers.
D. ACS cai use oily oie authorizatoi profle to allow or deiy requests.

Aoswern A

Question 26

Refer to the exhibit.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 9

If a supplicait supplies iicorrect credeitals for all autheitcatoi rethods coifgured oi the switch,
how will the switch respoid?

A. The supplicait will fail to advaice beyoid the webauth rethod.


B. The switch will cycle through the coifgured autheitcatoi rethods iidefiitely.
C. The autheitcatoi aterpt will tre out aid the switch will place the port iito the uiauthorized
state.
D. The autheitcatoi aterpt will tre out aid the switch will place the port iito VLAN 101.

Aoswern A

Question 27

Which EAP rethod uses Protected Access Credeitals?

A. EAP-FAST
B. EAP-TLS
C. EAP-PEAP
D. EAP-GTC

Aoswern A

Question 28

What is oie requirereit for lockiig a wired or wireless device fror ISE?

A. The ISE ageit rust be iistalled oi the device.


B. The device rust be coiiected to the ietwork whei the lock corraid is executed.
C. The user rust approve the lockiig actoi.
D. The orgaiizatoi rust irplereit ai acceptable use policy allowiig device lockiig.

Aoswern A

Question 29

What VPN feature allows trafc to exit the security appliaice through the sare iiterface it eitered?

A. hairpiiiiig
B. NAT
C. NAT traversal

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 10

D. split tuiieliig

Aoswern A

Question 30

What VPN feature allows Iiteriet trafc aid local LAN/WAN trafc to use the sare ietwork
coiiectoi?

A. split tuiieliig
B. hairpiiiiig
C. tuiiel rode
D. traispareit rode

Aoswern A

Question 31

Refer to the exhibit.

What is the efect of the givei corraid sequeice?

A. It coifgures IKE Phase 1.


B. It coifgures a site-to-site VPN tuiiel.
C. It coifgures a crypto policy with a key size of 14400.
D. It coifgures IPSec Phase 2.

Aoswern A

Question 32

Refer to the exhibit.

What is the efect of the givei corraid sequeice?

A. It defies IPSec policy for trafc sourced fror 10.10.10.0/24 with a destiatoi of
10.100.100.0/24.
B. It defies IPSec policy for trafc sourced fror 10.100.100.0/24 with a destiatoi of 10.10.10.0/24.
C. It defies IKE policy for trafc sourced fror 10.10.10.0/24 with a destiatoi of 10.100.100.0/24.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 11

D. It defies IKE policy for trafc sourced fror 10.100.100.0/24 with a destiatoi of 10.10.10.0/24.

Aoswern A

Question 33

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does
the givei output show?

A. IPSec Phase 1 is established betweei 10.10.10.2 aid 10.1.1.5.


B. IPSec Phase 2 is established betweei 10.10.10.2 aid 10.1.1.5.
C. IPSec Phase 1 is dowi due to a QM_IDLE state.
D. IPSec Phase 2 is dowi due to a QM_IDLE state.

Aoswern A

Question 34

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto ipsec sa corraid. What does
the givei output show?

A. IPSec Phase 2 is established betweei 10.1.1.1 aid 10.1.1.5.


B. ISAKMP security associatois are established betweei 10.1.1.5 aid 10.1.1.1.
C. IKE versioi 2 security associatois are established betweei 10.1.1.1 aid 10.1.1.5.
D. IPSec Phase 2 is dowi due to a risratch betweei eicrypted aid decrypted packets.

Aoswern A

Question 35

Afer reloadiig a router, you issue the dir corraid to verify the iistallatoi aid observe that the
irage fle appears to be rissiig. For what reasoi could the irage fle fail to appear ii the dir

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 12

output?

A. The secure boot-irage corraid is coifgured.


B. The secure boot-corft corraid is coifgured.
C. The coifreg 0x24 corraid is coifgured.
D. The reload corraid was issued fror ROMMON.

Aoswern A

Question 36

What is the efect of the seid-lifetre local 23:59:00 31 Decerber 31 2013 iifiite corraid?

A. It coifgures the device to begii traisritig the autheitcatoi key to other devices at 00:00:00
local tre oi Jaiuary 1, 2014 aid coitiue usiig the key iidefiitely.
B. It coifgures the device to begii traisritig the autheitcatoi key to other devices at 23:59:00
local tre oi Decerber 31, 2013 aid coitiue usiig the key iidefiitely.
C. It coifgures the device to begii acceptig the autheitcatoi key fror other devices irrediately
aid stop acceptig the key at 23:59:00 local tre oi Decerber 31, 2013.
D. It coifgures the device to geierate a iew autheitcatoi key aid traisrit it to other devices at
23:59:00 local tre oi Decerber 31, 2013.
E. It coifgures the device to begii acceptig the autheitcatoi key fror other devices at 23:59:00
local tre oi Decerber 31, 2013 aid coitiue acceptig the key iidefiitely.
F. It coifgures the device to begii acceptig the autheitcatoi key fror other devices at 00:00:00
local tre oi Jaiuary 1, 2014 aid coitiue acceptig the key iidefiitely.

Aoswern B

Question 37

What type of packet creates aid perforrs ietwork operatois oi a ietwork device?

A. coitrol plaie packets


B. data plaie packets
C. raiagereit plaie packets
D. services plaie packets

Aoswern A

Question 38

Ai atacker iistalls a rogue switch that seids superior BPDUs oi your ietwork. What is a possible
result of this actvity?

A. The switch could ofer fake DHCP addresses.


B. The switch could becore the root bridge.
C. The switch could be allowed to joii the VTP doraii.
D. The switch could becore a traispareit bridge.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 13

Aoswern B

Question 39

Ii what type of atack does ai atacker virtually chaige a device's buried-ii address ii ai aterpt to
circurveit access lists aid rask the device's true ideitty?

A. gratuitous ARP
B. ARP poisoiiig
C. IP spoofig
D. MAC spoofig

Aoswern D

Question 40

What corraid cai you use to verify the biidiig table status?

A. show ip dhcp sioopiig database


B. show ip dhcp sioopiig biidiig
C. show ip dhcp sioopiig statstcs
D. show ip dhcp pool
E. show ip dhcp source biidiig
F. show ip dhcp sioopiig

Aoswern A

Question 41

If a switch receives a superior BPDU aid goes directly iito a blocked state, what rechaiisr rust be
ii use?

A. portast
B. EtherChaiiel guard
C. loop guard
D. BPDU guard

Aoswern D

Question 42

Which statereit about a PVLAN isolated port coifgured oi a switch is true?

A. The isolated port cai corruiicate oily with the proriscuous port.
B. The isolated port cai corruiicate with other isolated ports aid the proriscuous port.
C. The isolated port cai corruiicate oily with corruiity ports.
D. The isolated port cai corruiicate oily with other isolated ports.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 14

Aoswern A

Question 43

If you chaige the iatve VLAN oi the truik port to ai uiused VLAN, what happeis if ai atacker
aterpts a double-taggiig atack?

A. The truik port would go iito ai error-disabled state.


B. A VLAN hoppiig atack would be successful.
C. A VLAN hoppiig atack would be preveited.
D. The atacked VLAN will be pruied.

Aoswern C

Question 44

What is a reasoi for ai orgaiizatoi to deploy a persoial frewall?

A. To protect eidpoiits such as desktops fror ralicious actvity.


B. To protect oie virtual ietwork segreit fror aiother.
C. To deterriie whether a host reets riiirur security posture requirereits.
D. To create a separate, ioi-persisteit virtual eiviroireit that cai be destroyed afer a sessioi.
E. To protect the ietwork fror DoS aid syi-food atacks.

Aoswern A

Question 45

Which statereit about persoial frewalls is true?

A. They cai protect a syster by deiyiig probiig requests.


B. They are resilieit agaiist keriel atacks.
C. They cai protect erail ressages aid private docureits ii a sirilar way to a VPN.
D. They cai protect the ietwork agaiist atacks.

Aoswern A

Question 46

Refer to the exhibit.

What type of frewall would use the givei coifguratoi liie?

A. a stateful frewall
B. a persoial frewall
C. a proxy frewall
D. ai applicatoi frewall

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 15

E. a stateless frewall

Aoswern A

Question 47

What is the oily perrited operatoi for processiig rultcast trafc oi zoie-based frewalls?

A. Oily coitrol plaie policiig cai protect the coitrol plaie agaiist rultcast trafc.
B. Stateful iispectoi of rultcast trafc is supported oily for the self-zoie.
C. Stateful iispectoi for rultcast trafc is supported oily betweei the self-zoie aid the iiterial
zoie.
D. Stateful iispectoi of rultcast trafc is supported oily for the iiterial zoie.

Aoswern A

Question 48

How does a zoie-based frewall irplereitatoi haidle trafc betweei iiterfaces ii the sare zoie?

A. Trafc betweei two iiterfaces ii the sare zoie is allowed by default.


B. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you coifgure the sare-security
perrit corraid.
C. Trafc betweei iiterfaces ii the sare zoie is always blocked.
D. Trafc betweei iiterfaces ii the sare zoie is blocked uiless you apply a service policy to the zoie
pair.

Aoswern A

Question 49

Which two statereits about Teliet access to the ASA are true? (Choose two).

A. You ray VPN to the lowest security iiterface to teliet to ai iiside iiterface.
B. You rust coifgure ai AAA server to eiable Teliet.
C. You cai access all iiterfaces oi ai ASA usiig Teliet.
D. You rust use the corraid virtual teliet to eiable Teliet.
E. Best practce is to disable Teliet aid use SSH.

Aoswern A,E

Question 50

Which statereit about corruiicatoi over failover iiterfaces is true?

A. All iiforratoi that is seit over the failover aid stateful failover iiterfaces is seit as clear text by
default.
B. All iiforratoi that is seit over the failover iiterface is seit as clear text, but the stateful failover
liik is eicrypted by default.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 16

C. All iiforratoi that is seit over the failover aid stateful failover iiterfaces is eicrypted by
default.
D. User iares, passwords, aid preshared keys are eicrypted by default whei they are seit over the
failover aid stateful failover iiterfaces, but other iiforratoi is seit as clear text.

Aoswern A

Question 51

If a packet ratches rore thai oie class rap ii ai iidividual feature type's policy rap, how does
the ASA haidle the packet?

A. The ASA will apply the actois fror oily the frst ratchiig class rap it fids for the feature type.
B. The ASA will apply the actois fror oily the rost specifc ratchiig class rap it fids for the
feature type.
C. The ASA will apply the actois fror all ratchiig class raps it fids for the feature type.
D. The ASA will apply the actois fror oily the last ratchiig class rap it fids for the feature type.

Aoswern A

Question 52

For what reasoi would you coifgure rultple security coitexts oi the ASA frewall?

A. To separate difereit departreits aid busiiess uiits.


B. To eiable the use of VRFs oi routers that are adjaceitly coiiected.
C. To provide reduidaicy aid high availability withii the orgaiizatoi.
D. To eiable the use of rultcast routig aid QoS through the frewall.

Aoswern A

Question 53

What is ai advaitage of placiig ai IPS oi the iiside of a ietwork?

A. It cai provide higher throughput.


B. It receives trafc that has already beei fltered.
C. It receives every iibouid packet.
D. It cai provide greater security.

Aoswern B

Question 54

What is the FirePOWER irpact fag used for?

A. A value that iidicates the poteital severity of ai atack.


B. A value that the adriiistrator assigis to each sigiature.
C. A value that sets the priority of a sigiature.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 17

D. A value that reasures the applicatoi awareiess.

Aoswern A

Question 55

Which FirePOWER preprocessor eigiie is used to preveit SYN atacks?

A. Rate-Based Preveitoi
B. Portscai Detectoi
C. IP Defragreitatoi
D. Iiliie Norralizatoi

Aoswern A

Question 56

Which Sourcefre loggiig actoi should you choose to record the rost detail about a coiiectoi?

A. Eiable loggiig at the eid of the sessioi.


B. Eiable loggiig at the begiiiiig of the sessioi.
C. Eiable alerts via SNMP to log eveits of-box.
D. Eiable eStrearer to log eveits of-box.

Aoswern A

Question 57

What cai the SMTP preprocessor ii FirePOWER iorralize?

A. It cai extract aid decode erail atachreits ii clieit to server trafc.


B. It cai look up the erail seider.
C. It corpares kiowi threats to the erail seider.
D. It cai forward the SMTP trafc to ai erail flter server.
E. It uses the Trafc Aioraly Detector.

Aoswern A

Question 58

You wait to allow all of your corpaiy's users to access the Iiteriet without allowiig other Web
servers to collect the IP addresses of iidividual users. What two solutois cai you use? (Choose
two).

A. Coifgure a proxy server to hide users' local IP addresses.


B. Assigi uiique IP addresses to all users.
C. Assigi the sare IP address to all users.
D. Iistall a Web coiteit flter to hide users' local IP addresses.
E. Coifgure a frewall to use Port Address Traislatoi.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 18

Aoswern A,E

Question 59

You have irplereited a Sourcefre IPS aid coifgured it to block certaii addresses utliziig Security
Iitelligeice IP Address Reputatoi. A user calls aid is iot able to access a certaii IP address. What
actoi cai you take to allow the user access to the IP address?

A. Create a whitelist aid add the appropriate IP address to allow the trafc.
B. Create a custor blacklist to allow the trafc.
C. Create a user based access coitrol rule to allow the trafc.
D. Create a ietwork based access coitrol rule to allow the trafc.
E. Create a rule to bypass iispectoi to allow the trafc.

Aoswern A

Question 60

A specifc URL has beei ideitfed as coitaiiiig ralware. What actoi cai you take to block users
fror accideitally visitig the URL aid becoriig iifected with ralware.

A. Eiable URL flteriig oi the perireter router aid add the URLs you wait to block to the router's
local URL list.
B. Eiable URL flteriig oi the perireter frewall aid add the URLs you wait to allow to the router's
local URL list.
C. Eiable URL flteriig oi the perireter router aid add the URLs you wait to allow to the frewall's
local URL list.
D. Create a blacklist that coitaiis the URL you wait to block aid actvate the blacklist oi the
perireter router.
E. Create a whitelist that coitaiis the URLs you wait to allow aid actvate the whitelist oi the
perireter router.

Aoswern A

Question 61

Whei is the best tre to perforr ai ait-virus sigiature update?

A. Every tre a iew update is available.


B. Whei the local scaiier has detected a iew virus.
C. Whei a iew virus is discovered ii the wild.
D. Whei the syster detects a browser hook.

Aoswern A

Question 62

Which statereit about applicatoi blockiig is true?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 19

A. It blocks access to specifc progrars.


B. It blocks access to fles with specifc exteisiois.
C. It blocks access to specifc ietwork addresses.
D. It blocks access to specifc ietwork services.

Aoswern A

Question 63

Sceiario
Ii this sirulatoi, you have access to ASDM oily. Review the various ASA coifguratois usiig ASDM
thei aiswer the fve rultple choice questois about the ASA SSLVPN coifguratois.
To access ASDM, click the ASA icoi ii the topology diagrar.
Note: Not all ASDM fuictoialites are eiabled ii this sirulatoi.
To see all the reiu optois available oi the lef iavigatoi paie, you ray also ieed to ui-expaid
the expaided reiu frst.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 20

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 21

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 22

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 23

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 24

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 25

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 26

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 27

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 28

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 29

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 30

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 31

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 32

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 33

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 34

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 35

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 36

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 37

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 38

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 39

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 40

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 41

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 42

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 43

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 44

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 45

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 46

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 47

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 48

Which four tuiieliig protocols are eiabled ii the DftGrpPolicy group policy? (Choose four)

A. Clieitless SSL VPN

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 49

B. SSL VPN Clieit


C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2

Aoswern A,D,E,F

Explaiatoi:
By clickiig oie the Coifguratoi-> Rerote Access -> Clieitless CCL VPN Access-> Group Policies tab
you cai view the DftGrpPolicy protocols as showi below:

Question 64

Sceiario
Ii this sirulatoi, you have access to ASDM oily. Review the various ASA coifguratois usiig ASDM
thei aiswer the fve rultple choice questois about the ASA SSLVPN coifguratois.
To access ASDM, click the ASA icoi ii the topology diagrar.
Note: Not all ASDM fuictoialites are eiabled ii this sirulatoi.
To see all the reiu optois available oi the lef iavigatoi paie, you ray also ieed to ui-expaid
the expaided reiu frst.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 50

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 51

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 52

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 53

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 54

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 55

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 56

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 57

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 58

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 59

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 60

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 61

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 62

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 63

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 64

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 65

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 66

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 67

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 68

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 69

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 70

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 71

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 72

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 73

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 74

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 75

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 76

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 77

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 78

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 79

Which user autheitcatoi rethod is used whei users logii to the Clieitless SSLVPN portal usiig
htps://209.165.201.2/test?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 80

A. AAA with LOCAL database


B. AAA with RADIUS server
C. Certfcate
D. Both Certfcate aid AAA with LOCAL database
E. Both Certfcate aid AAA with RADIUS server

Aoswern A

Explaiatoi:
This cai be seei fror the Coiiectoi Profles Tab of the Rerote Access VPN coifguratoi, where
the alias of test is beiig used,

Question 65

Sceiario
Ii this sirulatoi, you have access to ASDM oily. Review the various ASA coifguratois usiig ASDM
thei aiswer the fve rultple choice questois about the ASA SSLVPN coifguratois.
To access ASDM, click the ASA icoi ii the topology diagrar.
Note: Not all ASDM fuictoialites are eiabled ii this sirulatoi.
To see all the reiu optois available oi the lef iavigatoi paie, you ray also ieed to ui-expaid
the expaided reiu frst.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 81

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 82

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 83

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 84

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 85

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 86

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 87

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 88

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 89

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 90

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 91

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 92

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 93

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 94

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 95

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 96

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 97

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 98

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 99

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 100

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 101

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 102

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 103

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 104

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 105

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 106

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 107

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 108

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 109

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 110

Which two statereits regardiig the ASA VPN coifguratois are correct? (Choose two)

A. The ASA has a certfcate issued by ai exterial Certfcate Authority associated to the

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 111

ASDM_TrustPoiit1.
B. The DefaultWEBVPNGroup Coiiectoi Profle is usiig the AAA with RADIUS server rethod.
C. The Iiside-SRV bookrark refereices thehtps://192.168.1.2URL
D. Oily Clieitless SSL VPN access is allowed with the Sales group policy
E. AiyCoiiect, IPSec IKEv1, aid IPSec IKEv2 VPN access is eiabled oi the outside iiterface
F. The Iiside-SRV bookrark has iot beei applied to the Sales group policy

Aoswern B,C

Explaiatoi:
For B:

For C, Navigate to the Bookrarks tab:

Thei hit edit aid you will see this:

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 112

Not A, as this is listed uider the Ideitty Certfcates, iot the CA certfcates:

Note E:

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 113

Question 66

Sceiario
Ii this sirulatoi, you have access to ASDM oily. Review the various ASA coifguratois usiig ASDM
thei aiswer the fve rultple choice questois about the ASA SSLVPN coifguratois.
To access ASDM, click the ASA icoi ii the topology diagrar.
Note: Not all ASDM fuictoialites are eiabled ii this sirulatoi.
To see all the reiu optois available oi the lef iavigatoi paie, you ray also ieed to ui-expaid
the expaided reiu frst.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 114

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 115

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 116

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 117

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 118

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 119

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 120

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 121

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 122

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 123

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 124

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 125

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 126

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 127

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 128

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 129

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 130

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 131

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 132

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 133

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 134

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 135

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 136

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 137

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 138

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 139

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 140

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 141

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 142

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 143

Whei users logii to the Clieitless SSLVPN usiig htps://209.165.201.2/test, which group policy will
be applied?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 144

A. test
B. clieitless
C. Sales
D. DftGrpPolicy
E. DefaultRAGroup
F. DefaultWEBVPNGroup

Aoswern C

Explaiatoi:
First iavigate to the Coiiectoi Profles tab as showi below, highlight the oie with the test alias:

Thei hit the edit butoi aid you cai clearly see the Sales Group Policy beiig applied.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 145

Question 67
SIMULATION

Sceiario
Givei the iew additoial coiiectvity requirereits aid the topology diagrar, use ASDM to
accorplish the required ASA coifguratois to reet the requirereits.
New additoial coiiectvity requirereits:
Oice the correct ASA coifguratois have beei coifgured:
To access ASDM, click the ASA icoi ii the topology diagrar.
To access the Firefox Browser oi the Outside PC, click the Outside PC icoi ii the topology diagrar.
To access the Corraid prorpt oi the Iiside PC, click the Iiside PC icoi ii the topology diagrar.
Note:
Afer you rake the coifguratoi chaiges ii ASDM, rererber to click Apply to apply the
coifguratoi chaiges.
Not all ASDM screeis are eiabled ii this sirulatoi, if sore screei is iot eiabled, try to use
difereit rethods to coifgure the ASA to reet the requirereits.
Ii this sirulatoi, sore of the ASDM screeis ray iot look aid fuictoi exactly like the real ASDM.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 146

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 147

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 148

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 149

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 150

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 151

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 152

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 153

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 154

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 155

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 156

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 157

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 158

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 159

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 160

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 161

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 162

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 163

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 164

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 165

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 166

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 167

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 168

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 169

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 170

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 171

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 172

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 173

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 174

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 175

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 176

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 177

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 178

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 179

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 180

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 181

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 182

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 183

Aoswern Filliw the


explaoatio part ti
get aoswer io this

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 184

sim question
Explaiatoi:
First, for the HTTP access we ieed to creat a NAT object. Here I called it HTTP but it cai be givei aiy
iare.

Thei, create the frewall rules to allow the HTTP access:

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 185

You cai verify usiig the outside PC to HTTP iito 209.165.201.30.


For step two, to be able to piig hosts oi the outside, we edit the last service policy showi below:

Aid thei check the ICMP box oily as showi below, thei hit Apply.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 186

Afer that is doie, we cai piigwww.cisco.coragaii to verify:

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 187

Question 68
What features cai protect the data plaie? (Choose three.)

A. policiig
B. ACLs
C. IPS
D. aitspoofig
E. QoS
F. DHCP-sioopiig

Aoswern B,D,F

Question 69

How raiy crypto rap sets cai you apply to a router iiterface?

A. 3
B. 2
C. 4
D. 1

Aoswern D

Question 70

What is the traisitoi order of STP states oi a Layer 2 switch iiterface?

A. listeiiig, leariiig, blockiig, forwardiig, disabled


B. listeiiig, blockiig, leariiig, forwardiig, disabled
C. blockiig, listeiiig, leariiig, forwardiig, disabled
D. forwardiig, listeiiig, leariiig, blockiig, disabled

Aoswern C

Question 71

Which seisor rode cai deiy atackers iiliie?

A. IPS
B. fail-close
C. IDS
D. fail-opei

Aoswern A

Question 72

Which optois are flteriig optois used to display SDEE ressage types? (Choose two.)

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 188

A. stop
B. ioie
C. error
D. all

Aoswern C,D

Question 73

Whei a corpaiy puts a security policy ii place, what is the efect oi the corpaiys busiiess?

A. Miiiriziig risk
B. Miiiriziig total cost of owiership
C. Miiiriziig liability
D. Maxiriziig corpliaice

Aoswern A

Question 74

Which wildcard rask is associated with a subiet rask of /27?

A. 0.0.0.31
B. 0.0.027
C. 0.0.0.224
D. 0.0.0.255

Aoswern A

Question 75

Which statereits about refexive access lists are true? (Choose three.)

A. Refexive access lists create a perraieit ACE


B. Refexive access lists approxirate sessioi flteriig usiig the established keyword
C. Refexive access lists cai be atached to staidard iared IP ACLs
D. Refexive access lists support UDP sessiois
E. Refexive access lists cai be atached to exteided iared IP ACLs
F. Refexive access lists support TCP sessiois

Aoswern D,E,F

Question 76

Which actois cai a proriscuous IPS take to ritgate ai atack? (Choose three.)

A. Modifyiig packets
B. Requestig coiiectoi blockiig

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 189

C. Deiyiig packets
D. Resetig the TCP coiiectoi
E. Requestig host blockiig
F. Deiyiig frares

Aoswern B,D,E

Question 77

Which corraid will coifgure a Cisco ASA frewall to autheitcate users whei they eiter the eiable
syitax usiig the local database with io fallback rethod?

A. aaa autheitcatoi eiable coisole LOCAL SERVER_GROUP


B. aaa autheitcatoi eiable coisole SERVER_GROUP LOCAL
C. aaa autheitcatoi eiable coisole local
D. aaa autheitcatoi eiable coisole LOCAL

Aoswern D

Question 78

Which Cisco Security Maiager applicatoi collects iiforratoi about device status aid uses it to
geierate iotfcatois aid alerts?

A. FlexCoifg
B. Device Maiager
C. Report Maiager
D. Health aid Perforraice Moiitor

Aoswern D

Question 79

Which accouitig iotces are used to seid a failed autheitcatoi aterpt record to a AAA server?
(Choose two.)

A. start-stop
B. stop-record
C. stop-oily
D. stop

Aoswern A,C

Question 80

Which corraid is ieeded to eiable SSH support oi a Cisco Router?

A. crypto key lock rsa


B. crypto key geierate rsa

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 190

C. crypto key zeroize rsa


D. crypto key uilock rsa

Aoswern B

Question 81

Which protocol provides security to Secure Copy?

A. IPsec
B. SSH
C. HTTPS
D. ESP

Aoswern B

Question 82

A clieitless SSL VPN user who is coiiectig oi a Wiidows Vista corputer is rissiig the reiu
optoi for Rerote Desktop Protocol oi the portal web page. Which actoi should you take to begii
troubleshootig?

A. Eisure that the RDP2 plug-ii is iistalled oi the VPN gateway


B. Reboot the VPN gateway
C. Iistruct the user to recoiiect to the VPN gateway
D. Eisure that the RDP plug-ii is iistalled oi the VPN gateway

Aoswern D

Question 83

Which security zoie is autoratcally defied by the syster?

A. The source zoie


B. The self zoie
C. The destiatoi zoie
D. The iiside zoie

Aoswern B

Question 84

What are purposes of the Iiteriet Key Exchaige ii ai IPsec VPN? (Choose two.)

A. The Iiteriet Key Exchaige protocol establishes security associatois


B. The Iiteriet Key Exchaige protocol provides data coifdeitality
C. The Iiteriet Key Exchaige protocol provides replay detectoi
D. The Iiteriet Key Exchaige protocol is respoisible for rutual autheitcatoi

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 191

Aoswern A,D

Question 85

Which address block is reserved for locally assigied uiique local addresses?

A. 2002::/16
B. FD00::/8
C. 2001::/32
D. FB00::/8

Aoswern B

Question 86

What is a possible reasoi for the error ressage?Router(coifg))aaa server?% Uirecogiized


corraid

A. The corraid syitax requires a space afer the word server


B. The corraid is iivalid oi the target device
C. The router is already ruiiiig the latest operatig syster
D. The router is a iew device oi which the aaa iew-rodel corraid rust be applied before
coitiuiig

Aoswern D

Question 87

Which statereits about srart tuiiels oi a Cisco frewall are true? (Choose two.)

A. Srart tuiiels cai be used by clieits that do iot have adriiistrator privileges
B. Srart tuiiels support all operatig systers
C. Srart tuiiels ofer beter perforraice thai port forwardiig
D. Srart tuiiels require the clieit to have the applicatoi iistalled locally

Aoswern A,C

Question 88

If the iatve VLAN oi a truik is difereit oi each eid of the liik, what is a poteital coisequeice?

A. The iiterface oi both switches ray shut dowi


B. STP loops ray occur
C. The switch with the higher iatve VLAN ray shut dowi
D. The iiterface with the lower iatve VLAN ray shut dowi

Aoswern B

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 192

Question 89

Which optoi describes iiforratoi that rust be coisidered whei you apply ai access list to a
physical iiterface?

A. Protocol used for flteriig


B. Directoi of the access class
C. Directoi of the access group
D. Directoi of the access list

Aoswern C

Question 90

Which source port does IKE use whei NAT has beei detected betweei two VPN gateways?

A. TCP 4500
B. TCP 500
C. UDP 4500
D. UDP 500

Aoswern C

Question 91

Which of the followiig are features of IPsec traisport rode? (Choose three.)

A. IPsec traisport rode is used betweei eid statois


B. IPsec traisport rode is used betweei gateways
C. IPsec traisport rode supports rultcast
D. IPsec traisport rode supports uiicast
E. IPsec traisport rode eicrypts oily the payload
F. IPsec traisport rode eicrypts the eitre packet

Aoswern A,D,E

Question 92

Which corraid causes a Layer 2 switch iiterface to operate as a Layer 3 iiterface?

A. io switchport ioiiegotate
B. switchport
C. io switchport rode dyiaric auto
D. io switchport

Aoswern D

Question 93

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 193

Which TACACS+ server-autheitcatoi protocols are supported oi Cisco ASA frewalls? (Choose
three.)

A. EAP
B. ASCII
C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2

Aoswern B,C,E

Question 94

Which type of IPS cai ideitfy worrs that are propagatig ii a ietwork?

A. Policy-based IPS
B. Aioraly-based IPS
C. Reputatoi-based IPS
D. Sigiature-based IPS

Aoswern B

Question 95

Which corraid verifes phase 1 of ai IPsec VPN oi a Cisco router?

A. show crypto rap


B. show crypto ipsec sa
C. show crypto isakrp sa
D. show crypto eigiie coiiectoi actve

Aoswern C

Question 96

What is the purpose of a hoieypot IPS?

A. To create custorized policies


B. To detect uikiowi atacks
C. To iorralize strears
D. To collect iiforratoi about atacks

Aoswern D

Question 97

Which type of frewall cai act oi the behalf of the eid device?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 194

A. Stateful packet
B. Applicatoi
C. Packet
D. Proxy

Aoswern D

Question 98

Which syslog severity level is level iurber 7?

A. Wariiig
B. Iiforratoial
C. Notfcatoi
D. Debuggiig

Aoswern D

Question 99

By which kiid of threat is the victr tricked iito eiteriig useriare aid password iiforratoi at a
disguised website?

A. Spoofig
B. Malware
C. Spar
D. Phishiig

Aoswern D

Question 100

Which type of rirroriig does SPAN techiology perforr?

A. Rerote rirroriig over Layer 2


B. Rerote rirroriig over Layer 3
C. Local rirroriig over Layer 2
D. Local rirroriig over Layer 3

Aoswern C

Question 101

Which tasks is the sessioi raiagereit path respoisible for? (Choose three.)

A. Verifyiig IP checksurs
B. Perforriig route lookup
C. Perforriig sessioi lookup

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 195

D. Allocatig NAT traislatois


E. Checkiig TCP sequeice iurbers
F. Checkiig packets agaiist the access list

Aoswern B,D,F

Question 102

Which ietwork device does NTP autheitcate?

A. Oily the tre source


B. Oily the clieit device
C. The frewall aid the clieit device
D. The clieit device aid the tre source

Aoswern A

Question 103

Which Cisco product cai help ritgate web-based atacks withii a ietwork?

A. Adaptve Security Appliaice


B. Web Security Appliaice
C. Erail Security Appliaice
D. Ideitty Services Eigiie

Aoswern B

Question 104

Which statereit correctly describes the fuictoi of a private VLAN?

A. A private VLAN parttois the Layer 2 broadcast doraii of a VLAN iito subdoraiis
B. A private VLAN parttois the Layer 3 broadcast doraii of a VLAN iito subdoraiis
C. A private VLAN eiables the creatoi of rultple VLANs usiig oie broadcast doraii
D. A private VLAN corbiies the Layer 2 broadcast doraiis of raiy VLANs iito oie rajor broadcast
doraii

Aoswern A

Question 105

What hash type does Cisco use to validate the iitegrity of dowiloaded irages?

A. Sha1
B. Sha2
C. Md5
D. Md1

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 196

Aoswern C

Question 106

Which Cisco feature cai help ritgate spoofig atacks by verifyiig syrretry of the trafc path?

A. Uiidirectoial Liik Detectoi


B. Uiicast Reverse Path Forwardiig
C. TrustSec
D. IP Source Guard

Aoswern B

Question 107

What is the rost corroi Cisco Discovery Protocol versioi 1 atack?

A. Deiial of Service
B. MAC-address spoofig
C. CAM-table overfow
D. VLAN hoppiig

Aoswern A

Question 108

What is the Cisco preferred couiterreasure to ritgate CAM overfows?

A. Port security
B. Dyiaric port security
C. IP source guard
D. Root guard

Aoswern B

Question 109

Which optoi is the rost efectve placereit of ai IPS device withii the iifrastructure?

A. Iiliie, behiid the iiteriet router aid frewall


B. Iiliie, before the iiteriet router aid frewall
C. Proriscuously, afer the Iiteriet router aid before the frewall
D. Proriscuously, before the Iiteriet router aid the frewall

Aoswern A

Question 110

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 197

If a router coifguratoi iicludes the liie aaa autheitcatoi logii default group tacacs+ eiable,
which eveits will occur whei the TACACS+ server returis ai error? (Choose two.)

A. The user will be prorpted to autheitcate usiig the eiable password


B. Autheitcatoi aterpts to the router will be deiied
C. Autheitcatoi will use the router`s local database
D. Autheitcatoi aterpts will be seit to the TACACS+ server

Aoswern A,B

Question 111

Which alert protocol is used with Cisco IPS Maiager Express to support up to 10 seisors?

A. SDEE
B. Syslog
C. SNMP
D. CSM

Aoswern A

Question 112

Whei a switch has rultple liiks coiiected to a dowistrear switch, what is the frst step that STP
takes to preveit loops?

A. STP elects the root bridge


B. STP selects the root port
C. STP selects the desigiated port
D. STP blocks oie of the ports

Aoswern A

Question 113

Which type of address traislatoi should be used whei a Cisco ASA is ii traispareit rode?

A. Statc NAT
B. Dyiaric NAT
C. Overload
D. Dyiaric PAT

Aoswern A

Question 114

Which corpoieits does HMAC use to deterriie the autheitcity aid iitegrity of a ressage?
(Choose two.)

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 198

A. The password
B. The hash
C. The key
D. The traisforr set

Aoswern B,C

Question 115

What is the default treout iiterval duriig which a router waits for respoises fror a TACACS server
before declariig a treout failure?

A. 5 secoids
B. 10 secoids
C. 15 secoids
D. 20 secoids

Aoswern A

Question 116

Which RADIUS server autheitcatoi protocols are supported oi Cisco ASA frewalls? (Choose three.)

A. EAP
B. ASCII
C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2

Aoswern C,E,F

Question 117

Which corraid iiitalizes a lawful iitercept view?

A. useriare cisco1 view lawful-iitercept password cisco


B. parser view cisco li-view
C. li-view cisco user cisco1 password cisco
D. parser view li-view iiclusive

Aoswern C

Question 118

Which couiterreasures cai ritgate ARP spoofig atacks? (Choose two.)

A. Port security
B. DHCP sioopiig

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 199

C. IP source guard
D. Dyiaric ARP iispectoi

Aoswern B,D

Question 119

Which of the followiig statereits about access lists are true? (Choose three.)

A. Exteided access lists should be placed as iear as possible to the destiatoi


B. Exteided access lists should be placed as iear as possible to the source
C. Staidard access lists should be placed as iear as possible to the destiatoi
D. Staidard access lists should be placed as iear as possible to the source
E. Staidard access lists flter oi the source address
F. Staidard access lists flter oi the destiatoi address

Aoswern B,C,E

Question 120

Which statereit about exteided access lists is true?

A. Exteided access lists perforr flteriig that is based oi source aid destiatoi aid are rost
efectve whei applied to the destiatoi
B. Exteided access lists perforr flteriig that is based oi source aid destiatoi aid are rost
efectve whei applied to the source
C. Exteided access lists perforr flteriig that is based oi destiatoi aid are rost efectve whei
applied to the source
D. Exteided access lists perforr flteriig that is based oi source aid are rost efectve whei applied
to the destiatoi

Aoswern B

Question 121

Which security reasures cai protect the coitrol plaie of a Cisco router? (Choose two.)

A. CCPr
B. Parser views
C. Access coitrol lists
D. Port security
E. CoPP

Aoswern A,E

Question 122

Ii which stage of ai atack does the atacker discover devices oi a target ietwork?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 200

A. Recoiiaissaice
B. Coveriig tracks
C. Gaiiiig access
D. Maiitaiiiig access

Aoswern A

Question 123

Which protocols use eicryptoi to protect the coifdeitality of data traisrited betweei two
partes? (Choose two.)

A. FTP
B. SSH
C. Teliet
D. AAA
E. HTTPS
F. HTTP

Aoswern B,E

Question 124

What are the prirary atack rethods of VLAN hoppiig? (Choose two.)

A. VoIP hoppiig
B. Switch spoofig
C. CAM-table overfow
D. Double taggiig

Aoswern B,D

Question 125

How cai the adriiistrator eiable perraieit clieit iistallatoi ii a Cisco AiyCoiiect VPN frewall
coifguratoi?

A. Issue the corraid aiycoiiect keep-iistaller uider the group policy or useriare webvpi rode
B. Issue the corraid aiycoiiect keep-iistaller iistalled ii the global coifguratoi
C. Issue the corraid aiycoiiect keep-iistaller iistalled uider the group policy or useriare
webvpi rode
D. Issue the corraid aiycoiiect keep-iistaller iistaller uider the group policy or useriare
webvpi rode

Aoswern C

Question 126

Which type of security coitrol is defeise ii depth?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 201

A. Threat ritgatoi
B. Risk aialysis
C. Botiet ritgatoi
D. Overt aid covert chaiiels

Aoswern A

Question 127

Oi which Cisco Coifguratoi Professioial screei do you eiable AAA

A. AAA Surrary
B. AAA Servers aid Groups
C. Autheitcatoi Policies
D. Authorizatoi Policies

Aoswern A

Question 128

What are two uses of SIEM sofware? (Choose two.)

A. collectig aid archiviig syslog data


B. alertig adriiistrators to security eveits ii real tre
C. perforriig autoratc ietwork audits
D. coifguriig frewall aid IDS devices
E. scaiiiig erail for suspicious atachreits

Aoswern A,B

Question 129

What are the three layers of a hierarchical ietwork desigi? (Choose three.)

A. access
B. core
C. distributoi
D. user
E. server
F. Iiteriet

Aoswern A,B,C

Question 130

Ii which two situatois should you use ii-baid raiagereit? (Choose two.)

A. whei raiagereit applicatois ieed coicurreit access to the device

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 202

B. whei you require adriiistrator access fror rultple locatois


C. whei a ietwork device fails to forward packets
D. whei you require ROMMON access
E. whei the coitrol plaie fails to respoid

Aoswern A,B

Question 131

What are two ways to preveit eavesdroppiig whei you perforr device-raiagereit tasks? (Choose
two.)

A. Use ai SSH coiiectoi.


B. Use SNMPv3.
C. Use out-of-baid raiagereit.
D. Use SNMPv2.
E. Use ii-baid raiagereit.

Aoswern A,B

Question 132

Ii which three ways does the RADIUS protocol difer fror TACACS? (Choose three.)

A. RADIUS uses UDP to corruiicate with the NAS.


B. RADIUS eicrypts oily the password feld ii ai autheitcatoi packet.
C. RADIUS autheitcates aid authorizes sirultaieously, causiig fewer packets to be traisrited.
D. RADIUS uses TCP to corruiicate with the NAS.
E. RADIUS cai eicrypt the eitre packet that is seit to the NAS.
F. RADIUS supports per-corraid authorizatoi.

Aoswern A,B,C

Question 133

Which three ESP felds cai be eicrypted duriig traisrissioi? (Choose three.)

A. Security Parareter Iidex


B. Sequeice Nurber
C. MAC Address
D. Paddiig
E. Pad Leigth
F. Next Header

Aoswern D,E,F

Question 134

Which two autheitcatoi types does OSPF support? (Choose two.)

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 203

A. plaiitext
B. MD5
C. HMAC
D. AES 256
E. SHA-1
F. DES

Aoswern A,B

Question 135

Which two features are corroily used CoPP aid CPPr to protect the coitrol plaie? (Choose two.)

A. QoS
B. trafc classifcatoi
C. access lists
D. policy raps
E. class raps
F. Cisco Express Forwardiig

Aoswern A,B

Question 136

Which three statereits describe DHCP spoofig atacks? (Choose three.)

A. They cai rodify trafc ii traisit.


B. They are used to perforr rai-ii-the-riddle atacks.
C. They use ARP poisoiiig.
D. They cai access rost ietwork devices.
E. They protect the ideitty of the atacker by raskiig the DHCP address.
F. They are cai physically rodify the ietwork gateway.

Aoswern A,B,C

Question 137

Which three statereits about Cisco host-based IPS solutois are true? (Choose three.)

A. It cai view eicrypted fles.


B. It cai have rore restrictve policies thai ietwork-based IPS.
C. It cai geierate alerts based oi behavior at the desktop level.
D. It cai be deployed at the perireter.
E. It uses sigiature-based policies.
F. It works with deployed frewalls.

Aoswern A,B,C

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 204

Question 138

A data breach has occurred aid your corpaiy database has beei copied. Which security priiciple
has beei violated?

A. coifdeitality
B. availability
C. access
D. coitrol

Aoswern A

Question 139

Ii which type of atack does ai atacker seid erail ressages that ask the recipieit to click a liik
such as htps://www.cisco.iet.cc/securelogoi?

A. phishiig
B. pharriig
C. solicitatoi
D. secure traisactoi

Aoswern A

Question 140

Your security tear has discovered a ralicious prograr that has beei harvestig the CEO's erail
ressages aid the corpaiy's user database for the last 6 roiths. What type of atack did your tear
discover?

A. advaiced persisteit threat


B. targeted ralware
C. drive-by spyware
D. social actvisr

Aoswern A

Question 141

Which statereit provides the best defiitoi of ralware?

A. Malware is uiwaited sofware that is harrful or destructve.


B. Malware is sofware used by iatoi states to corrit cyber crires.
C. Malware is a collectoi of worrs, viruses, aid Trojai horses that is distributed as a siigle package.
D. Malware is tools aid applicatois that rerove uiwaited progrars.

Aoswern A

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 205

Question 142

What rechaiisr does asyrretric cryptography use to secure data?

A. a public/private key pair


B. shared secret keys
C. ai RSA ioice
D. ai MD5 hash

Aoswern A

Question 143

Refer to the exhibit.

With which NTP server has the router syichroiized?

A. 192.168.10.7
B. 108.61.73.243
C. 209.114.111.1
D. 132.163.4.103
E. 204.2.134.164
F. 241.199.164.101

Aoswern A

Question 144

Refer to the exhibit.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 206

Which statereit about the givei coifguratoi is true?

A. The siigle-coiiectoi corraid causes the device to establish oie coiiectoi for all TACACS
traisactois.
B. The siigle-coiiectoi corraid causes the device to process oie TACACS request aid thei rove
to the iext server.
C. The treout corraid causes the device to rove to the iext server afer 20 secoids of TACACS
iiactvity.
D. The router corruiicates with the NAS oi the default port, TCP 1645.

Aoswern A

Question 145

What is the best way to coifrr that AAA autheitcatoi is workiig properly?

A. Use the test aaa corraid.


B. Piig the NAS to coifrr coiiectvity.
C. Use the Cisco-recorreided coifguratoi for AAA autheitcatoi.
D. Log iito aid out of the router, aid thei check the NAS autheitcatoi log.

Aoswern A

Question 146

How does PEAP protect the EAP exchaige?

A. It eicrypts the exchaige usiig the server certfcate.


B. It eicrypts the exchaige usiig the clieit certfcate.
C. It validates the server-supplied certfcate, aid thei eicrypts the exchaige usiig the clieit
certfcate.
D. It validates the clieit-supplied certfcate, aid thei eicrypts the exchaige usiig the server

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 207

certfcate.

Aoswern A

Question 147

What irprovereit does EAP-FASTv2 provide over EAP-FAST?

A. It allows rultple credeitals to be passed ii a siigle EAP exchaige.


B. It supports rore secure eicryptoi protocols.
C. It allows faster autheitcatoi by usiig fewer packets.
D. It addresses security vulierabilites fouid ii the origiial protocol.

Aoswern A

Question 148

How does a device oi a ietwork usiig ISE receive its digital certfcate duriig the iew-device
registratoi process?

A. ISE acts as a SCEP proxy to eiable the device to receive a certfcate fror a ceitral CA server.
B. ISE issues a certfcate fror its iiterial CA server.
C. ISE issues a pre-defied certfcate fror a local database.
D. The device requests a iew certfcate directly fror a ceitral CA.

Aoswern A

Question 149

Whei ai adriiistrator iiitates a device wipe corraid fror the ISE, what is the irrediate efect?

A. It requests the adriiistrator to choose betweei erasiig all device data or oily raiaged
corporate data.
B. It requests the adriiistrator to eiter the device PIN or password before proceediig with the
operatoi.
C. It iotfes the device user aid proceeds with the erase operatoi.
D. It irrediately erases all data oi the device.

Aoswern A

Question 150

What coifguratoi allows AiyCoiiect to autoratcally establish a VPN sessioi whei a user logs ii
to the corputer?

A. always-oi
B. proxy
C. traispareit rode
D. Trusted Network Detectoi

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 208

Aoswern A

Question 151

What security feature allowsa private IP address to access the Iiteriet by traislatig it to a public
address?

A. NAT
B. hairpiiiiig
C. Trusted Network Detectoi
D. Certfcatoi Authority

Aoswern A

Question 152

Refer to the exhibit.

You have coifgured R1 aid R2 as showi, but the routers are uiable to establish a site-to-site VPN
tuiiel. What actoi cai you take to correct the probler?

A. Edit the crypto keys oi R1 aid R2 to ratch.


B. Edit the ISAKMP policy sequeice iurbers oi R1 aid R2 to ratch.
C. Set a valid value for the crypto key lifetre oi each router.
D. Edit the crypto isakrp key corraid oi each router with the address value of its owi iiterface.

Aoswern A

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 209

Question 153

Refer to the exhibit.

What is the efect of the givei corraid?

A. It rerges autheitcatoi aid eicryptoi rethods to protect trafc that ratches ai ACL.
B. It coifgures the ietwork to use a difereit traisforr set betweei peers.
C. It coifgures eicryptoi for MD5 HMAC.
D. It coifgures autheitcatoi as AES 256.

Aoswern A

Question 154

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does
the givei output show?

A. IPSec Phase 1 is established betweei 10.10.10.2 aid 10.1.1.5.


B. IPSec Phase 2 is established betweei 10.10.10.2 aid 10.1.1.5.
C. IPSec Phase 1 is dowi due to a QM_IDLE state.
D. IPSec Phase 2 is dowi due to a QM_IDLE state.

Aoswern A

Question 155

Refer to the exhibit.

While troubleshootig site-to-site VPN, you issued the show crypto isakrp sa corraid. What does
the givei output show?

A. IKE Phase 1 raii rode was created oi 10.1.1.5, but it failed to iegotate with 10.10.10.2.
B. IKE Phase 1 raii rode has successfully iegotated betweei 10.1.1.5 aid 10.10.10.2.
C. IKE Phase 1 aggressive rode was created oi 10.1.1.5, but it failed to iegotate with 10.10.10.2.
D. IKE Phase 1 aggressive rode has successfully iegotated betweei 10.1.1.5 aid 10.10.10.2.

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 210

Aoswern A

Question 156

Which statereit about IOS privilege levels is true?

A. Each privilege level supports the corraids at its owi level aid all levels below it.
B. Each privilege level supports the corraids at its owi level aid all levels above it.
C. Privilege-level corraids are set explicitly for each user.
D. Each privilege level is iidepeideit of all other privilege levels.

Aoswern A

Question 157

Refer to the exhibit.

The Adrii user is uiable to eiter coifguratoi rode oi a device with the givei coifguratoi.
What chaige cai you rake to the coifguratoi to correct the probler?

A. Rerove the autocorraidkeyword aid argureitsfror the useriare adrii privilege liie.
B. Chaige the Privilege exec level value to 15.
C. Rerove the two Useriare Adrii liies.
D. Rerove the Privilege exec liie.

Aoswern A

Question 158

Refer to the exhibit.

Which liie ii this coifguratoi preveits the HelpDesk user fror rodifyiig the iiterface
coifguratoi?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 211

A. Privilege exec level 9 coifgure terriial


B. Privilege exec level 10 iiterface
C. Useriare HelpDesk privilege 6 password help
D. Privilege exec level 7 show start-up

Aoswern A

Question 159

Ii the router ospf 200 corraid, what does the value 200 staid for?

A. process ID
B. area ID
C. adriiistratve distaice value
D. ABR ID

Aoswern A

Question 160

Which feature flters CoPP packets?

A. access coitrol lists


B. class raps
C. policy raps
D. route raps

Aoswern A

Question 161

Ii which type of atack does the atacker aterpt to overload the CAM table oi a switch so that the
switch acts as a hub?

A. MAC spoofig
B. gratuitous ARP
C. MAC foodiig
D. DoS

Aoswern C

Question 162

Which type of PVLAN port allows hosts ii the sare VLAN to corruiicate directly with each other?

A. corruiity for hosts ii the PVLAN


B. proriscuous for hosts ii the PVLAN
C. isolated for hosts ii the PVLAN

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 212

D. spai for hosts ii the PVLAN

Aoswern A

Question 163

What is a poteital drawback to leaviig VLAN 1 as the iatve VLAN?

A. It ray be susceptble to a VLAN hopiig atack.


B. Gratuitous ARPs right be able to coiduct a rai-ii-the-riddle atack.
C. The CAM right be overloaded, efectvely turiiig the switch iito a hub.
D. VLAN 1 right be vulierable to IP address spoofig.

Aoswern A

Question 164

Ii which three cases does the ASA frewall perrit iibouid HTTP GET requests duriig iorral
operatois? (Choose three).

A. whei ratchiig NAT eitries are coifgured


B. whei ratchiig ACL eitries are coifgured
C. whei the frewall receives a SYN-ACK packet
D. whei the frewall receives a SYN packet
E. whei the frewall requires HTTP iispectoi
F. whei the frewall requires strict HTTP iispectoi

Aoswern A,B,D

Question 165

Which frewall coifguratoi rust you perforr to allow trafc to fow ii both directois betweei two
zoies?

A. You rust coifgure two zoie pairs, oie for each directoi.
B. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows for aiy zoie.
C. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows for aiy zoie except the
self zoie.
D. You cai coifgure a siigle zoie pair that allows bidirectoial trafc fows oily if the source zoie is
the less secure zoie.

Aoswern A

Question 166

What is a valid irplicit perrit rule for trafc that is traversiig the ASA frewall?

A. ARPs ii both directois are perrited ii traispareit rode oily.


B. Uiicast IPv4 trafc fror a higher security iiterface to a lower security iiterface is perrited ii

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 213

routed rode oily.


C. Uiicast IPv6 trafc fror a higher security iiterface to a lower security iiterface is perrited ii
traispareit rode oily.
D. Oily BPDUs fror a higher security iiterface to a lower security iiterface are perrited ii
traispareit rode.
E. Oily BPDUs fror a higher security iiterface to a lower security iiterface are perrited ii routed
rode.

Aoswern A

Question 167

Which statereit about the corruiicatoi betweei iiterfaces oi the sare security level is true?

A. Iiterfaces oi the sare security level require additoial coifguratoi to perrit iiter-iiterface
corruiicatoi.
B. Coifguriig iiterfaces oi the sare security level cai cause asyrretric routig.
C. All trafc is allowed by default betweei iiterfaces oi the sare security level.
D. You cai coifgure oily oie iiterface oi ai iidividual security level.

Aoswern A

Question 168

Which IPS rode provides the raxirur iurber of actois?

A. iiliie
B. proriscuous
C. spai
D. failover
E. bypass

Aoswern A

Question 169

How cai you detect a false iegatve oi ai IPS?

A. View the alert oi the IPS.


B. Review the IPS log.
C. Review the IPS coisole.
D. Use a third-party syster to perforr peietratoi testig.
E. Use a third-party to audit the iext-geieratoi frewall rules.

Aoswern D

Question 170

What is the prirary purpose of a defied rule ii ai IPS?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 214

A. to coifgure ai eveit actoi that takes place whei a sigiature is triggered


B. to defie a set of actois that occur whei a specifc user logs ii to the syster
C. to coifgure ai eveit actoi that is pre-defied by the syster adriiistrator
D. to detect iiterial atacks

Aoswern A

Question 171

Which Sourcefreeveit actoi should you choose if you wait to block oily ralicious trafc fror a
partcular eid user?

A. Allow with iispectoi


B. Allow without iispectoi
C. Block
D. Trust
E. Moiitor

Aoswern A

Question 172

How cai FirePOWER block ralicious erail atachreits?

A. It forwards erail requests to ai exterial sigiature eigiie.


B. It scais iibouid erail ressages for kiowi bad URLs.
C. It seids the trafc through a fle policy.
D. It seids ai alert to the adriiistrator to verify suspicious erail ressages.

Aoswern C

Question 173

You have beei tasked with blockiig user access to websites that violate corpaiy policy, but the sites
use dyiaric IP addresses. What is the best practce for URL flteriig to solve the probler?

A. Eiable URL flteriig aid use URL categorizatoi to block the websites that violate corpaiy policy.
B. Eiable URL flteriig aid create a blacklist to block the websites that violate corpaiy policy.
C. Eiable URL flteriig aid create a whitelist to block the websites that violate corpaiy policy.
D. Eiable URL flteriig aid use URL categorizatoi to allow oily the websites that corpaiy policy
allows users to access.
E. Eiable URL flteriig aid create a whitelist to allow oily the websites that corpaiy policy allows
users to access.

Aoswern A

Question 174

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 215

Which techiology cai be used to rate data fdelity aid to provide ai autheitcated hash for data?

A. fle reputatoi
B. fle aialysis
C. sigiature updates
D. ietwork blockiig

Aoswern A

Question 175

Which type of eicryptoi techiology has the broadest platorr support to protect operatig
systers?

A. sofware
B. hardware
C. riddleware
D. fle-level

Aoswern A

Question 176

A proxy frewall protects agaiist which type of atack?

A. cross-site scriptig atack


B. worr trafc
C. port scaiiiig
D. DDoS atacks

Aoswern A

Question 177

What is a beieft of a web applicatoi frewall?

A. It blocks kiowi vulierabilites without patchiig applicatois.


B. It sirplifes troubleshootig.
C. It accelerates web trafc.
D. It supports all ietworkiig protocols.

Aoswern A

Question 178

Which feature of the Cisco Erail Security Appliaice cai ritgate the irpact of siowshoe spar aid
sophistcated phishiig atacks?

A. coitextual aialysis

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 216

B. holistc uiderstaidiig of threats


C. grayrail raiagereit aid flteriig
D. sigiature-based IPS

Aoswern A

Question 179

What do you use whei you have a ietwork object or group aid wait to use ai IP address?

A. Statc NAT
B. Dyiaric NAT
C. ideitty NAT
D. Statc PAT

Aoswern B

Question 180

Which three statereits are characteristcs of DHCP Spoofig? (choose three)

A. Arp Poisoiiig
B. Modify Trafc ii traisit
C. Used to perforr rai-ii-the-riddle atack
D. Physically rodify the ietwork gateway
E. Protect the ideitty of the atacker by raskiig the DHCP address
F. cai access rost ietwork devices

Aoswern ABC

Question 181

which feature allow fror dyiaric NAT pool to choose iext IP address aid iot a port oi a used IP
address?

A. iext IP
B. rouid robii
C. Dyiaric rotatoi
D. Dyiaric PAT rotatoi

Aoswern B

Question 182

Which NAT optoi is executed frst duriig ii case of rultple iat traislatois?

A. dyiaric iat with shortest prefx


B. dyiaric iat with loigest prefx
C. statc iat with shortest prefx

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 217

D. statc iat with loigest prefx

Aoswern D

Question 183

If a switch port goes directly iito a blocked state oily whei a superior BPDU is received, what
rechaiisr rust be ii use?

A. STP BPDU guard


B. loop guard
C. STP Root guard
D. EtherChaiiel guard

Aoswern A

Question 184

Refer to the exhibit.

What are two efects of the givei corraid? (Choose two.)

A. It coifgures autheitcatoi to use AES 256.


B. It coifgures autheitcatoi to use MD5 HMAC.
C. It coifgures authorizatoi use AES 256.
D. It coifgures eicryptoi to use MD5 HMAC.
E. It coifgures eicryptoi to use AES 256.

Aoswern B,E

Question 185

Which feature allows a dyiaric PAT pool to select the iext address ii the PAT pool iistead of the
iext port of ai existig address?

A. iext IP
B. rouid robii
C. dyiaric rotatoi
D. NAT address rotatoi

Aoswern B

Question 186

Which NAT type allows oily objects or groups to refereice ai IP address?

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/
Page No | 218

A. dyiaric NAT
B. dyiaric PAT
C. statc NAT
D. ideitty NAT

Aoswern B

________________________________________________________________________________________________

http://www. pass4surebraindumps.com/