Scribd Logo
Upload

Welcome to Scribd!

  • CCNA Security Dump Part 1

    Uploaded by

    SR DT
    24 views98 pages
    Ccna security

    Original Title

    CCNA Security dump part 1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Ccna security

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    24 views98 pages

    CCNA Security Dump Part 1

    Uploaded by

    SR DT
    Ccna security

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 98
    SUCRE ERE EERE Cisco CCNA Security Exam 210-260 Implementing Cisco Network Security ‘Questions No. 1 Refer to the exhibit tacacs server tacacsl address ipv4 1.1.1.1 timeout 20 single-connection tacacs server tacacs2 address ipv4 2.2.2.2 timeout 20 single-connection tacacs server tacacs3 address ipv4 3.3.3.3 timeout 20 single-connection ‘Which statement about the given configuration is true? ‘A. The single-connection command causes the device to establish one connection for all TACACS transactions. B. The single-connection command causes the device to process one TACACS request and then move to the next server. C. The timeout command causes the device to move to the next server after 20 TACACS inactivity. basin D. The router communicates with the NAS on the default port, TCP 1645 Answer (Single - connection) vey Tecass sora N a 'eh USE oil output I bodes Facacse Saveer SU bee Bd Sql comesti Be ula Question No : 2 Refer to the exhibit, dst src state 10.10.10.2 10.1.1.5 QM_IDLE While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command What does the given output show? \.. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. . IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5. . IPSec Phase 1 is down due to a QM_IDLE state. ._ IPSec Phase 2 is down due to a QM_IDLE state. \ Ans fio.io loaf 0i1-5] ou wy /\adoe) T sec Pratel al GH Conn-1d shes Question No: 3 In which two situations should you use in-band management? (Choose two.) ‘A. when management applications need concurrent access to the device B. when you require administrator access from multiple locations, CC. when a network device fails to forward packets D. when you require ROMMON access E. when the control plane falls to respond [rower Seed maregomevt St bos Qaeesas | Go In-loand natnagennent st it AA 3 9 TTA DNs 5\ 2011 3550 telnet SH If cele CorcuMtent—> bd E S— 2x0 eB Question No : 10 In a security context, which action can you take to address compliance? ‘A. Implement rules to prevent a vulnerability. B. Correct or counteract a vulnerability . Reduce the severity of a vuinerabilty 1D. Follow directions from the security appliance manufacturer to remediate a vulnerability SIIBIS ALAN ese seca, Roig WN So BS Compliance Sos Sis EULAN| cred) OF Guu lo d)\ a “RE wast do yuu Ge When You huve a welunk cbjecPox POUL _owed to We on Ty addiege ‘Question No : 11 Which two NAT types allows only objects or groups to reference an IP address? (choose two) A. dynamic NAT B. dynamic PAT . static NAT identity NAT LGU WB shacg® 22 Stic MAT a} dypamicweT — 1 er Tpeditengys 2) fad WMO Aw wt/s Tpaddrets 2 cil|Vy\ 90 le — Stefle MAT ‘Question No : 12 ; {In which configuration mode do you configure the jp ospf authentication-key 1 command? A. Interface B. routing process Lif YetR oseP authndinton tay 1| es Question No : 13 Which IOS command do you enter to test authentication against a AAA server? ‘A. dialer aaa suffix password B. ppp authentication chap pap test aaa authentication enable default test group tacacs+ test aaa-server authentication dialergroup username password, [anewerrb] test aaa-sonw authadision, Sialegjoup Set ane Lute fewer | Kune J Worrame More (0 Nok IVs DOESaj wa \p act Server M0 GithntiahioNNG avo Gow tot pe tere = = = al = Question No: 14 Refer to the exhibit. Nouterfahow crypts tpsec sa (hrartnce: rastetnernecd SYPEO Map tag: SUM GAP 1, loced addr 172.17.1.1 pesteetad vet: (none) ~ Foaaeg MMSE (Adde/mask/prot/port): (10.40.29.0/235.293.233.0/0/0) meen ane (4ddz/aaak/prot/port) : (19.50.30.0/298 248.288. 9/0/¢y Current peer 152.169.1.1 port $00 PERMIT, flagesiorigin is scl.) tpkts encaps Hpkts anes ‘ 2 encrypt fptee digess: 6# SPREA decaps: ¢, Opnte decrypt: 0, Ipkts verify. 9 For which reason is the tunnel unable to pass traffic? \. UDP port 500 is blocked. The IP address of the remote peer is incorrect. The tunnel is failing to receive traffic from the remote peer. |. The local peer is unable to encrypt the traffic. mnef JV0) deat 02\ Andl\ is io tu aa Yarond Ft | Question No : 15 Which three statements are characteristics of DHCP Spoofing? (choose three) ‘A. Arp Poisoning B. Modify Traffic in transit . Used to perform man-in-the-middle attack D. Physically modly the network gateway Beatie E. Protect the identity ofthe attacker by masking the DHCP address ae aad Nae “can access most network devices ‘Answer: A.B. — ARP ey = Modi 4 habit a Heng : used fo Petdoun Man-iw-the-midlle adfee/e Diep Speoheg MNpablass Question No : 16 z Gestion No does Cisco use to validate the integrity of downloaded images? A Shat . Sha2 M5 wihH Question No: 17 Refer to the exhibit dst sarc state 10.10.10.2 10.1.1.5 M4 NO_STATE While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show? ‘A. IKE Phase 1 main mode was created on 10.1.1.5, butit failed to negotiate with 10.10.10.2. B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10.10.2, G. IKE Phase 1 aggressive mode was created on 10.1.1.5, butit failed to negotiate with 10.10.10.2, D. IKE Phase 1 aggressive mode has successfully negotiated between 10.1.1.5 and 10.10.10.2, [Answer ar 4 ol ee eles AD AOAAG Colstas Plate dh ere re CAs edo ALE Ql (010-2 2 plicy Dido abs Leer 20-2 KE.) ankorne trey. Sacharge QD NS Led Y cdl Aadl aoboe Nalpleg Agerfiaer Iides Sey i te Cala )\ bee SI Nb 255 aula hater) 9 ttTithanan Question No : 18 What configure mode you used for the command ip ospf authentication-key erbe07 A. global B. privileged ©. intine Sane Sud [Answer Avr Be D ‘on ynode do Yau condyure the 1p ospfartledttahon key Commond A - trtarbace G- Youding Pieces C- Global D- Privileged [Prsen +A Question No : 19 Which option is a characteristic of the RADIUS protocol? A. uses TCP B. offers multiprotocol support C. combines authentication and authorization in one process D. supports bi-directional challenge cuhadodon Joo? Geta RAIS law ls at) 9 Wereds ¢ auinize thon J\s Question No : 20 Which of the following statements about access lists are true? (Choose three.) \.. Extended access lists should be placed as near as possible to the destination . Extended access lists should be placed as near as possible to the source | Standard access lists should be placed as near as possible to the destination |. Standard access lists should be placed as near as possible to the source . Standard access lists filter on the source address . Standard access lists fiter on the destination address Answer: B,.C.E | Novaesd O99 Eddonded Al - sun (3 Gombe ~ ONCE Jegino tion! 2 dew esp Paaket WGLag qureaddress J] PS slmdd Al Rack ef Jes source addiregs J 4 y? lol yfc Filia a Question No : 21 Which description of the nonsecret numbers that are used to start a true? a A. They are large pseudorandom numbers. B. They are very small numbers chosen from a table of known values . They are numeric values extracted from hashed system hostnames. D. They are preconfigured prime integers Question No : 22 What is a valid implicit permit rule for traffic that is traversing the ASA firewall? : ; me 3 Uneant t wa nons ngi socry merase ewer security terface sperm Unicast Ive vac rom a higher secur interface toa lower secu interface is pemited in D. "Only BPDUs tem higher securyintertace to a lower secur interface are permite in "Gn BPDUs fom a higher scuryintrtace toa lower secur interface are permite in routed mode Lop wa Prantl NG sb zeus ARFs Jal ; ail Prout! Nos Awe Je Frans pay ent mole Question No : 23, Refer to the exhibit, Stateful Firewall ~2 —— @—§-... Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16, 1.0 0.0. ‘what would be the resulting dynamically configured ACL for the retu ‘A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300 B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300 . permit top any eq 80 host 192.168.1.11 eq 2300, D._ permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300 ol s J ieegathst DAB Le call pled Sow inclcopl UF BSUS Yquett Helos Pe Answer: AF owl encyfliend! 0 Cisco | ~ AES - SHA-384 CCCCCCLLL11111900570m Question No : 32 ‘What is one requirement for locking a wired or wireless device from ISE? ‘A. The ISE agent must be installed on the device. B. The device must be connected to the network when the lock command is executed: C. The user must approve the locking action. | The organization must Implement an acceptable use policy allowing device locking: } Answer: a\ Question No : 33 Which three ESP fields can be encrypted during transmission? (Choose three.) . Security Parameter Index . Sequence Number MAC Address Padding :. Pad Length Next Header Question No : 34 With which preprocesor do you detect incomplete TCP handshakes? ‘A. rate based prevention B. portscan detection Baacttion Ulul iypeot OHenawon quae Wold You expect te be we uth Wored om a Cuveless devi ce), P= Grraupu B- Grourt C- Groups ® Grok 2 ‘Ques ‘Which option is the default value for the Diffie-Hellman group when configuring a site-to site VPN on an ASA device? — Foue 2 Qusshior whidn ofthe Diffie. i Helwon Aroup are N Product Cohseccert(t] ct soaaltthalapyty) Question No : 36 Refer to the exhibit ‘Oct13 19:46:06,170: ARA/ MEMORY: create_user (Ov4CSELF60) user tecteam user NULL ds0=0 ports ttyS15'rem_addr='10.0.2.13' authen_type=ASCI servico=EMABLE priv=15 inital_task_kl= 0, r= (id=0) | (0ct13 19:46:06.170: AAA/ALITHEN/START (2600878790): port= ttyS15 list= | action=LOGIn service=ENABLE (0ct13.19:46-06.170: AAA/AUTHEN/START (2600878790): console enable - default to ‘enable password (ifany) (Oct 13 19:46:06,170: AAA/ALITHEN/START (2600878790): Method=ENABLE ‘Oct13 19:46:06,170: AAA/ALITHEN (2600878790}:statu (Oct 13 19:46:07,266: AAA/ALITHEN/CONT (2600878790): cont (user=(undeny’) | (0¢113 19:46:07 266: AAA/AUTHEN (2600878790): statu (Oct 13 19:46:07,266: AAA/AUTHEN/CONT (2600878790): Metho (0ct13 19:46:07,266: AAA/ALTHEN(2600878790): «s (Oct 13 19:46:07-266: AAA/ALITHEN (2600878790): status = FAIL (Oct 13 19:46:07.266: MVA/MEMORY:free_user (Ox4CSELF60) user! NULL user NULL ports'ttyS15'rem_addr="10.0.2.13'authen_type=ASCIIservice=ENABLE Which statement about this output is true? The user logged into the router with the incorrect username and password. . The login failed because there was no default enable password. . The login failed because the password entered was incorrect. The user logged in and was given privilege level 15. Ws Rous ING) cu Vso)! fla Question No : 37 What are two challenges faced when deploying host-level IPS? (Choose Two) ‘A. The deployment must support multiple operating systems. B. It does not provide protection for offsite computers. C. tis unable to provide a complete network picture of an attack D. itis unable to determine the outcome of every attack that it detects. E. Itis unable to detect fragmentation attacks. Pr ESP US — Pris eat two oud & Comphedg neduorlf pickracort an ott a bd Se “Ace HG pe Ac Question: AS hich three’ a. [ASA trea pers in id H a a ot peas ee LY Nate e / / / ie i i ff yostin no 139) Coane ee as oe Ne ere nbpyied during Farissan? (chido thet) iC z ( culty Parameter Index Sequence Number €. MAC Address D. Padding &—Pad-Longt F._ Next Header |Answer: 0.E,F | Question No : 40 Which two protocols enable Cisco Configuration Professional t iter? (Chiooss'tec.) nal to pull IPS alerts from a Cisco ISR syslog . SDEE . FIP. TRIP SSH HTTPS Answer: gant ge Question No : 43 An attacker installs a rogue switch result of this activity? that sends superior BPDUs on your network. What is @ possible ‘A. The switch could offer fake DHCP addresses. . The switch could become the root bridge. The switch could be allowed to join the VTP domain. The switch could become a transparent bridge. Leah Gore's superior BPYUs s Question No: 44 Which two devices are components of the it 7 paces ees sre comoce: BYOD architectural framework? B. Nexus 7010 Switch C. Cisco 3945 Router D. Wireless Access Points E. Identity Services Engine Answer: AE QYoD (Brey Your own device) cunts —fwme iv Prasteuctere ~ Wholly Soyvices engine bed Question No : 45 ‘ ‘Which two characteristics apply to an intrusion Prevention System (IPS) ?(Choose two) Does not add delay to the original traffic, Cabled directly inline with the flow of the network traffic. Can drop traffic based on a set of rules. Runs in promoscous mode. Cannot drop the packet on its own Chovactonitlin of IPs — Cabled divect ly inline With The How ot the nefoork deffic — Can dyog tefic based ong seteof ruleg Ath Qc =o Bc Question No : 46 ‘What configuration allows AnyConnect to ti lis ceontouste Ce automatically establish a VPN session when a user logs in A. always-on B. proxy C. transparent mode D. Trusted Network Detection [alaays- access core distribution user server Intemet [27 ™moop nswer: A,B,C | ~ access oye Y — Gtyibution (yey ~ Cove Lay Question No : 77 ‘Which two characteristics of the TACACS+ protocol are true? (Choose two.) A uses UDP ports 1645 or 1812 B. separates AAA functions encrypts the body of every packet ). offers extensive accounting capabilities . iS an open RFC standard protocol -Serarates AAA Funadons - encwypts the bodys evany fookef moop Question No : 78 hich ‘wo options are advantages of an application layer firewall? (Choose two.) A. provides high-performance filtering . makes DoS attacks difficult *- Supports a large number of applications . authenticates devices - authenticates individuals Sel inspect alba aplication Lye fru él of Skt applicaton tayey —makes Nos athek diffeui’ Jos Jicebc Ws fort No TP dl kOe — aublintades iadivdeald doh BE RE aa =ES0 Question No : 92 Which statement about Cisco ACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability B. ACS can query multiple Active Directory domains. C. ACS uses TACACS to proxy other authentication servers. D._ACS can use only one authorization profile to allow or deny requests, Answer: A aubisr'talen)! 9 authentication pes 9} Ue Ars Jj SeWers ell ELS eam 2.2) Question No : 93, ‘Which two authentication types does OSPF support? (Choose two.) A. plaintext B. MDS HMAC am: D. AES 256 E. SHAY F. DES answer: A. + x p Meda ation types Question No : 94 Refer tothe exhibit. authentication event fail action next-method authentication event no-responae action authorize vlan 101 authentication order mab dotle webauth authentication priority dotix mab authentication port-control auto dotix pae authenticator If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how wil the switch respond? . ‘A. The supplicant will fail to advance beyond the webauth method. B. Tho switch will cycle through the configured authentication methods indefinitely . The authentication attempt wil time out and the switch will place the port into the unauthorized state D. The authentication attempt will ime out and the switch wil place the por into VLAN 101 iswer: A He edn CLE Joab sito Css lobia mab dette Webauth Yes down o.0) oI aadhodiabr aig 0/1 Loo) Ves Co WA JIG) 50 df Si) « Webarth | 2 Question No : 95 What is an advantage of implementing a Trusted Platform Module for disk encryption? ‘A. It provides hardware authentication. B. Itallows the hard disk to be transferred to another device without requiring re- encryption. dis . It supports a more complex encryption algorithm than other disk-encryption technologies. D. Itcan protect against single points of failure. swer: A atl duthedistialacl Trusted etfrm Ji gl ae ie (roduh ‘Question No : 99 Refer to the exhibit, crypto ipsec trensform-set myset esp-mdS-hmac esp-aes-256 What are two effects of the given command? (Choose two.) A. Itconfigures authentication to use AES 256 BB. It configures authentication to use MD5 HMAC. C. Itconfigures authorization use AES 256 D. It configures encryption to use MD5 HMAC. E. It configures encryption to use AES 256. = athodiotes — eneryphir aN ef esp-mdh-Wmas esp-del-2h) Cryple Ipsec tyamsformn-seb My Question No : 100 ‘You have implemented a Sourcefire IPS and configured ito block certain addresses utilizing Security Inteligence IP Address Reputation, A user calls and is notable to access a certain IP address. What action can you take to allow the user access to the IP address? ‘A. Create a whitelist and add the appropriate IP address to allow the traffic. Create a custom blacklist to allow the traffic. Create a user based access control rule to allow the traffic. . Create a network based access control rule to allow the traffic. Create a rule to bypass inspection to allow the traffic. depo cals J\doell Wey Sree age ¢ BBRBRASD ON) 6) gay tad Pon SLL LAL Leese Question No : 101 Refer to the exhibit, Usernane Engineer privilege 9 password 0 configure Username Monitor privilege 8 password 0 watcher Username HelpDesk privilege € password help Privilege exec level € show running Privilege exec level 7 show start-up Privilege exec level § configure terminal Privilege exec level 10 interface Which line in this configuration prevents the HelpDesk user from modifying the interface configuration? \ ‘A. Privilege exec level 9 configure terminal Ad) B. Privilege exec level 10 interface a C. Username HelpDesk privilege 6 password help A - D. Privilege exec level 7 show start-up ip) Politi pee att More \ectrictive Policier thom Netupy te - Ttcan generde alorh lated ov behavicy atthe desktop Level. dees / QuestionNo : 107 2 Ra ys fot ch i al eerme A/ securing wisolé6s transmissions, B)- securing data in files. Se , securing real-time traffic. D, seotiring data at rest [Ani | is Soetaving aye af yest y i Geilo Rekhy] C Cie condi doltalily indent analoility) LoltereWweuld lau Yash ly. rake A- Ms on fil BR Doda at Best Ne Question No : 108 Which EAP method uses Protected Access Credentials? A. EAP-FAST B. EAP-TLS C. EAP-PEAP D. EAP-GTC Question No : 111 2 In what type of attack does an attacker Virtually change a device's bumned-in address in an attempt to Gircumvent access lists and mask the device's true identity? A. gratuitous ARP B. ARP poisoning ©. IP spoofing D. MAG spoofing GL FY) Maraddresd! oP burmed-inadhes) 5 | Made) AZul héde@ alark se (at Speeding packets 31 Mucwls WUE aall to Question No : 112 Which tasks is the session management path responsible for? (Choose three.) Verifying IP checksums . Performing route lookup Performing session lookup |. Allocating NAT translations =. Checking TCP sequence numbers . Checking packets against the access list Answer: B,D,F Asks Sgelests 9 aes Voce Pasket I) erin PSA Jey patket 9) 0's Nb dy gaurd pl YAR S\ pay haw ID) Session Mangemont Path SIs oy ein Season JIS AN O8 Iybaeo =P» - Rordorming Ywte lookup = AUocading VAT trnswaen, = Checking patkes agaist fhe access List Question No: 115 Which type of mirroring does SPAN technology perform? ‘A. Remote mirroring over Layer 2 B. Remote mirroring over Layer 3 ©. Local mirroring over Layer 2 ..D. Local mirroring over Layer 3 A Cents 2 VLA ) Swill loger2 JI ay SPAMII YI J Loy? clude Scuittch J) ase Yocat miyrori (parts #V lems J Gusltdh lyst oils RSPAM J vs Swit GG montbred R NIB gal Sartich f Rie ae dovice Question No : 116 What VPN feature allows Internet traffic and local LANWAN traffic to use the same network connection? A. split tunneling B. hairpinning . tunnel mode D. transparent mode a selit dunn efing Question No : 117 How can you proect CDP from reconnaissance attacks? A. Enable dottx on all ports that are connected to other switches. B. Disable COP on ports connected to endpoints. €._Disbale COP on trunk ports . Enable dynamic ARP inspection on all untrusted ports ‘Answer: B | ~Disable CD? on Parts Cc nnected 4 Question No: 118 By which kind of threat is the victim tricked into entering usemame and password information at a disguised website? A. Spoofing B. Malware c. Spam D. Phishing _ phi ching Question No: 119 Which statement about college campus is true? ‘A. College campus has geographical poston, B. College campus Hasn't got internet access. . G;_Catege campus Has mile subdomains, [Arwen “Mf ba orp beantifel girls - College Cormpus has 2&0 wanders > =a Question No : 120 Which statement is a benefit of using Cisco 10S IPS? ‘A. Ituses the underlying routing infrastructure to provide an additional layer of security. B. It works in passive mode so as not to impact traffic flow. C._ It supports the complete signature database as a Cisco IPS sensor appliance, 1D. The signature database is tied closely with the Cisco lO image. — It uses underlying Young inhastuohre fe Provide an g Aitionnh (oyu cof Seautity. EP ‘Question No : 121 Afer Teloading a router, you issue the dir command to verify the installation and observe that the image fle appears tobe missing. For what reason could te mage le fail o appear in the dir A. The secure bootimage command is configured. B. The secure boot-comfit command is configured. ©. The confreg 0x24 command is configured, D. The reload command was issued from ROMMON. | Answer: A\ AHSecuye boot image a m SS commend enibler ordisables The Securing ef the tuna Ico fos Lng be fauge Yh. oi gee SHENG cervmand has the flctol “hig tn YUnning ings Question No : 122 Which statement about zone-based firewall configuration is true? ‘A. Traffic is implicitly denied by default between interfaces the same zone B. Traffic that is desired to or sourced from the self-zone is denied by default C. The zone must be configured before a can be assigned D. You can assign an interface to more than one interface ‘Answer: _ the Zone Must be cao: jure bebre a can be adigned A come a oe cere es ee Question No : 123 Which firewall configuration must you perform to allow trafic to flow in both directions between two zones: ‘A. You must configure two zone pairs, one for each direction B. You can configure a single zone pair that allows bidirectional traffic flows for any zone. C. You can configure a single zone pair that allows bidirectional traffic flows for any zone except the self zone. D. You can configure a single zone pair that allows bidirectional trafic flows only if the source zone is the less secure zone. [Anewerr] outside Bone Bas ~ You must oon! une Jwwo Zone fairs, ane fr eath director Question No : 124 A proxy firewall protects against which type of attack? A. cross-site scripting attack B. worm traffic, C. port scanning D. DDoS attacks Janswors iP, AeSbtenaay ~ COS Sie seviphioy CELL LLLLLALGiiit A. Itcan extract and decode email attachments in client to server traffic. B. It can look up the email sender. C. It compares known threats to the email sender. D. Itcan forward the SMTP traffic to an email filter server. E. Ituses the Traffic Anomaly Detector. ~ Haan erhactond deode enailatichments in Client dosav p, tra ic Question No : 126 Which command help usert to use enable disable,exit&etc commands? \._ catalyst! (config)#usemame user1 privilege 0 secret ustpass . catalyst! (config}#username user1 privilege 1 secret uspass catalyst (config}#username user privilege 2 secret ustpass . catalyst (config}#usemame user1 privilege 5 secret ustpass Piivilegeo GR -~~-0 ext 1 disble , eadle Hale) a5 1S | Catalyst (cooks if username User Privileyeo Sectel USLpers Question No : 127 Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other? ‘A. community for hosts in the PVLAN B. promiscuous for hosts in the PVLAN C. isolated for hosts in the PVLAN D. span for hosts in the PVLAN | Answer: | — Community Sor Weds inthe PNLAN s NGL GANS € el poet paleo Cormmunily pert frank port & Promistout pert 19 a2!) c emmunily pel: Question No : 128 How to verify that TACACS+ connectivity to a device? . You successfully log in to the device by using the local credentials. ‘You connect to the device using SSH and receive the login prompt. | You successfully log in to the device by using ACS credentials, You connect via console port and receive the login prompt. — You connect tothe device ding SSH and Yeceive the login Prompt wo 8 Question No : 129 Which Cisco product can help mitigate web-based attacks within a network? ‘A. Adaptive Security Appliance B. Web Security Appliance ©. Email Security Appliance D. Identity Services Engine = Web seunity Appliance uted to Mitigate Web- buted actteok Question No : 130 ‘what causes a client to be placed in a quest or restricted VLAN on an 802.1x enabled network? A. client entered wrong credentials multiple times. B. client entered wrong credentials First time. — — Clint onored Loront. credouticl twwAtiele times quest \ tom Wwe Vetted Voss emapentad SNE Mit IIe @ Us © 90 lo oe othe Gi es at ae A Question No : 131 lf a switch port goes into a blocked state only when a superior BPDU is received, what mechanism must be in use? A. STP root guard B. EtherChannel guard . loop guard D. STP BPDU guard Question No : 132 Which filter uses in Web reputation to prevent from Web Based Attacks? (Choose two) outbreak filter buffer overflow filter bayesian overflow filter ‘web reputation . exploit filtering 2 Question No: 143 A? fi a Whal technology cgh you use to proyid data confidertialiy data integrity and data origin Authentication’ on your network? / A. Certificate Authority, } B. IKE / ©. Ipsec / ata Encryption Standards; oy A det ty wd om ty oust hot cule yy J ; Y / Cah Ayoile A v V Question No : 134 What is an advantage of placing an IPS on the inside of a network? ‘A. It can provide higher throughput. B. It receives traffic that has already been fitered. C. It receives every inbound packet. D. Itcan provide greater security. ao Pee thot had already. been Peltoved “tr veewer Tre qe TPs Nucl s dala M Fitlavog Joo) Firat! | Qt gor = Frrewell 3 ey O24, Shi cell) deg inspection owls Sitlie Sc @ Mel PY tbh J kay TPe Mgt Hhy Arrennth 1S \ interface Gigabitéthemet0/1 |p address 192.168.10.1 255.255.255.0 ip ospf authentication message-digest 'p ospf message-

    You might also like