web analytics

If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?

A. STP BPDU guard B. loop guard C. STP Root guard D. EtherChannel guard Correct Answer: A Section: (none) Explanation

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

A. when a matching TCP connection is found B. when the firewall requires strict HTTP inspection C. when the firewall […]

What are two effects of the given command? (Choose two.)

A. It configures authentication to use AES 256. B. It configures authentication to use MD5 HMAC. C. It configures authorization […]

Your security team has discovered a malicious program that has been harvesting the CEO’s email messages and the company’s user database for the last 6 months. What are two possible types of attacks your team discovered? (Choose two.)

A. social activism B. E Polymorphic Virus C. advanced persistent threat D. drive-by spyware E. targeted malware Correct Answer: CE […]

Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?

A. next IP B. round robin C. dynamic rotation D. NAT address rotation Correct Answer: B Section: (none) Explanation Explanation/Reference:

Which NAT type allows only objects or groups to reference an IP address?

A. dynamic NAT B. dynamic PAT C. static NAT D. identity NAT Correct Answer: B Section: (none) Explanation Explanation/Reference:

Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?

A. contextual analysis B. holistic understanding of threats C. graymail management and filtering D. signature-based IPS Correct Answer: A Section: […]

What is a benefit of a web application firewall?

A. It blocks known vulnerabilities without patching applications. B. It simplifies troubleshooting. C. It accelerates web traffic. D. It supports […]

A proxy firewall protects against which type of attack?

A. cross-site scripting attack B. worm traffic C. port scanning D. DDoS attacks Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which type of encryption technology has the broadest platform support to protect operating systems?

A. software B. hardware C. middleware D. file-level Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which technology can be used to rate data fidelity and to provide an authenticated hash for data?

A. file reputation B. file analysis C. signature updates D. network blocking Correct Answer: A Section: (none) Explanation Explanation/Reference:

You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URL filtering to solve the problem?

A. Enable URL filtering and use URL categorization to block the websites that violate company policy. B. Enable URL filtering […]

How can FirePOWER block malicious email attachments?

A. It forwards email requests to an external signature engine. B. It scans inbound email messages for known bad URLs. […]

Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?

A. Allow with inspection B. Allow without inspection C. Block D. Trust E. Monitor Correct Answer: A Section: (none) Explanation […]

What is the primary purpose of a defined rule in an IPS?

A. to configure an event action that takes place when a signature is triggered B. to define a set of […]

How can you detect a false negative on an IPS?

A. View the alert on the IPS. B. Review the IPS log. C. Review the IPS console. D. Use a […]

Which IPS mode provides the maximum number of actions?

A. inline B. promiscuous C. span D. failover E. bypass Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which statement about the communication between interfaces on the same security level is true?

A. Interfaces on the same security level require additional configuration to permit inter-interface communication. B. Configuring interfaces on the same […]

What is a valid implicit permit rule for traffic that is traversing the ASA firewall?

A. ARPs in both directions are permitted in transparent mode only. B. Unicast IPv4 traffic from a higher security interface […]

Which firewall configuration must you perform to allow traffic to flow in both directions between two zones?

A. You must configure two zone pairs, one for each direction. B. You can configure a single zone pair that […]

In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).

A. when matching NAT entries are configured B. when matching ACL entries are configured C. when the firewall receives a […]

What is a potential drawback to leaving VLAN 1 as the native VLAN?

A. It may be susceptible to a VLAN hoping attack. B. Gratuitous ARPs might be able to conduct a man-in-the-middle […]

Which type of PVLAN port allows hosts in the same VLAN to communicate directly with each other?

A. community for hosts in the PVLAN B. promiscuous for hosts in the PVLAN C. isolated for hosts in the […]

In which type of attack does the attacker attempt to overload the CAM table on a switch so that the switch acts as a hub?

A. MAC spoofing B. gratuitous ARP C. MAC flooding D. DoS Correct Answer: C Section: (none) Explanation Explanation/Reference:

Which feature filters CoPP packets?

A. access control lists B. class maps C. policy maps D. route maps Correct Answer: A Section: (none) Explanation Explanation/Reference:

In the router ospf 200 command, what does the value 200 stand for?

A. process ID B. area ID C. administrative distance value D. ABR ID Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which line in this configuration prevents the HelpDesk user from modifying the interface configuration?

A. Privilege exec level 9 configure terminal B. Privilege exec level 10 interface C. Username HelpDesk privilege 6 password help […]

Which statement about IOS privilege levels is true?

A. Each privilege level supports the commands at its own level and all levels below it. B. Each privilege level […]

While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?

A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10.10.2. B. IKE Phase […]

What is the effect of the given command?

A. It merges authentication and encryption methods to protect traffic that matches an ACL. B. It configures the network to […]

You have configured R1 and R2 as shown, but the routers are unable to establish a site-to-site VPN tunnel. What action can you take to correct the problem?

A. Edit the crypto keys on R1 and R2 to match. B. Edit the ISAKMP policy sequence numbers on R1 […]

What security feature allows a private IP address to access the Internet by translating it to a public address?

A. NAT B. hairpinning C. Trusted Network Detection D. Certification Authority Correct Answer: A Section: (none) Explanation Explanation/Reference:

What configuration allows AnyConnect to automatically establish a VPN session when a user logs in to the computer?

A. always-on B. proxy C. transparent mode D. Trusted Network Detection Correct Answer: A Section: (none) Explanation

When an administrator initiates a device wipe command from the ISE, what is the immediate effect?

A. It requests the administrator to choose between erasing all device data or only managed corporate data. B. It requests […]

How does a device on a network using ISE receive its digital certificate during the new-device registration process?

A. ISE acts as a SCEP proxy to enable the device to receive a certificate from a central CA server. […]

What improvement does EAP-FASTv2 provide over EAP-FAST?

A. It allows multiple credentials to be passed in a single EAP exchange. B. It supports more secure encryption protocols. […]

How does PEAP protect the EAP exchange?

A. It encrypts the exchange using the server certificate. B. It encrypts the exchange using the client certificate. C. It […]

What is the best way to confirm that AAA authentication is working properly?

A. Use the test aaa command. B. Ping the NAS to confirm connectivity. C. Use the Cisco-recommended configuration for AAA […]

Which statement about the given configuration is true?

A. The single-connection command causes the device to establish one connection for all TACACS transactions. B. The single-connection command causes […]

With which NTP server has the router synchronized?

A. 192.168.10.7 B. 108.61.73.243 C. 209.114.111.1 D. 132.163.4.103 E. 204.2.134.164 F. 241.199.164.101 Correct Answer: A Section: (none) Explanation Explanation/Reference

What mechanism does asymmetric cryptography use to secure data?

A. a public/private key pair B. shared secret keys C. an RSA nonce D. an MD5 hash Correct Answer: A […]

Which statement provides the best definition of malware?

A. Malware is unwanted software that is harmful or destructive. B. Malware is software used by nation states to commit […]

Your security team has discovered a malicious program that has been harvesting the CEO’s email messages and the company’s user database for the last 6 months. What type of attack did your team discover?

A. advanced persistent threat B. targeted malware C. drive-by spyware D. social activism Correct Answer: A Section: (none) Explanation Explanation/Reference:

In which type of attack does an attacker send email messages that ask the recipient to click a link such as https://www.cisco.net.cc/securelogon?

A. phishing B. pharming C. solicitation D. secure transaction Correct Answer: A Section: (none) Explanation Explanation/Reference:

A data breach has occurred and your company database has been copied. Which security principle has been violated?

A. confidentiality B. availability C. access D. control Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which three statements describe DHCP spoofing attacks? (Choose three.)

A. They can modify traffic in transit. B. They are used to perform man-in-the-middle attacks. C. They use ARP poisoning. […]

In which three ways does the RADIUS protocol differ from TACACS? (Choose three.)

A. RADIUS uses UDP to communicate with the NAS. B. RADIUS encrypts only the password field in an authentication packet. […]

What are two ways to prevent eavesdropping when you perform device-management tasks? (Choose two.)

A. Use an SSH connection. B. Use SNMPv3. C. Use out-of-band management. D. Use SNMPv2. E. Use in-band management. Correct […]

In which two situations should you use in-band management? (Choose two.)

A. when management applications need concurrent access to the device B. when you require administrator access from multiple locations C. […]

What are the three layers of a hierarchical network design? (Choose three.)

A. access B. core C. distribution D. user E. server F. Internet Correct Answer: ABC Section: (none) Explanation Explanation/Reference:

What are two uses of SIEM software? (Choose two.)

A. collecting and archiving syslog data B. alerting administrators to security events in real time C. performing automatic network audits […]

On which Cisco Configuration Professional screen do you enable AAA

A. AAA Summary B. AAA Servers and Groups C. Authentication Policies D. Authorization Policies Correct Answer: A Section: (none) Explanation

Which type of security control is defense in depth?

A. Threat mitigation B. Risk analysis C. Botnet mitigation D. Overt and covert channels Correct Answer: A Section: (none) Explanation […]

How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration?

A. Issue the command anyconnect keep-installer under the group policy or username webvpn mode B. Issue the command anyconnect keep-installer […]

What are the primary attack methods of VLAN hopping? (Choose two.)

A. VoIP hopping B. Switch spoofing C. CAM-table overflow D. Double tagging Correct Answer: BD Section: (none) Explanation Explanation/Reference:

Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.)

A. FTP B. SSH C. Telnet D. AAA E. HTTPS F. HTTP Correct Answer: BE Section: (none) Explanation Explanation/Reference:

In which stage of an attack does the attacker discover devices on a target network?

A. Reconnaissance B. Covering tracks C. Gaining access D. Maintaining access Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which security measures can protect the control plane of a Cisco router? (Choose two.)

A. CCPr B. Parser views C. Access control lists D. Port security E. CoPP Correct Answer: AE Section: (none) Explanation […]

Which statement about extended access lists is true?

A. Extended access lists perform filtering that is based on source and destination and are most effective when applied to […]

Which of the following statements about access lists are true? (Choose three.)

A. Extended access lists should be placed as near as possible to the destination B. Extended access lists should be […]

Which countermeasures can mitigate ARP spoofing attacks? (Choose two.)

A. Port security B. DHCP snooping C. IP source guard D. Dynamic ARP inspection Correct Answer: BD Section: (none) Explanation […]

Which command initializes a lawful intercept view?

A. username cisco1 view lawful-intercept password cisco B. parser view cisco li-view C. li-view cisco user cisco1 password cisco D. […]

Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.)

A. EAP B. ASCII C. PAP D. PEAP E. MS-CHAPv1 F. MS-CHAPv2 Correct Answer: CEF Section: (none) Explanation Explanation/Reference:

What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

A. 5 seconds B. 10 seconds C. 15 seconds D. 20 seconds Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which components does HMAC use to determine the authenticity and integrity of a message? (Choose two.)

A. The password B. The hash C. The key D. The transform set Correct Answer: BC Section: (none) Explanation Explanation/Reference:

Which type of address translation should be used when a Cisco ASA is in transparent mode?

A. Static NAT B. Dynamic NAT C. Overload D. Dynamic PAT Correct Answer: A Section: (none) Explanation Explanation/Reference:

When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

A. STP elects the root bridge B. STP selects the root port C. STP selects the designated port D. STP […]

Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?

A. SDEE B. Syslog C. SNMP D. CSM Correct Answer: A Section: (none) Explanation Explanation/Reference:

If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns an error? (Choose two.)

A. The user will be prompted to authenticate using the enable password B. Authentication attempts to the router will be […]

Which option is the most effective placement of an IPS device within the infrastructure?

A. Inline, behind the internet router and firewall B. Inline, before the internet router and firewall C. Promiscuously, after the […]

What is the Cisco preferred countermeasure to mitigate CAM overflows?

A. Port security B. Dynamic port security C. IP source guard D. Root guard Correct Answer: B Section: (none) Explanation […]

What is the most common Cisco Discovery Protocol version 1 attack?

A. Denial of Service B. MAC-address spoofing C. CAM-table overflow D. VLAN hopping Correct Answer: A Section: (none) Explanation Explanation/Reference:

Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path?

A. Unidirectional Link Detection B. Unicast Reverse Path Forwarding C. TrustSec D. IP Source Guard Correct Answer: B Section: (none) […]

What hash type does Cisco use to validate the integrity of downloaded images?

A. Sha1 B. Sha2 C. Md5 D. Md1 Correct Answer: C Section: (none) Explanation Explanation/Reference:

Which statement correctly describes the function of a private VLAN?

A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains B. A private VLAN partitions […]

Which Cisco product can help mitigate web-based attacks within a network?

A. Adaptive Security Appliance B. Web Security Appliance C. Email Security Appliance D. Identity Services Engine Correct Answer: B Section: […]

Which network device does NTP authenticate?

A. Only the time source B. Only the client device C. The firewall and the client device D. The client […]

Which tasks is the session management path responsible for? (Choose three.)

A. Verifying IP checksums B. Performing route lookup C. Performing session lookup D. Allocating NAT translations E. Checking TCP sequence […]

Which type of mirroring does SPAN technology perform?

A. Remote mirroring over Layer 2 B. Remote mirroring over Layer 3 C. Local mirroring over Layer 2 D. Local […]

By which kind of threat is the victim tricked into entering username and password information at a disguised website?

A. Spoofing B. Malware C. Spam D. Phishing Correct Answer: D Section: (none) Explanation Explanation/Reference:

Which syslog severity level is level number 7?

A. Warning B. Informational C. Notification D. Debugging Correct Answer: D Section: (none) Explanation

Which type of firewall can act on the behalf of the end device?

A. Stateful packet B. Application C. Packet D. Proxy Correct Answer: D Section: (none) Explanation Explanation/Reference:

What is the purpose of a honeypot IPS?

A. To create customized policies B. To detect unknown attacks C. To normalize streams D. To collect information about attacks […]

Which command verifies phase 1 of an IPsec VPN on a Cisco router?

A. show crypto map B. show crypto ipsec sa C. show crypto isakmp sa D. show crypto engine connection active […]

Which type of IPS can identify worms that are propagating in a network?

A. Policy-based IPS B. Anomaly-based IPS C. Reputation-based IPS D. Signature-based IPS Correct Answer: B Section: (none) Explanation Explanation/Reference:

Which TACACS+ server-authentication protocols are supported on Cisco ASA firewalls? (Choose three.)

A. EAP B. ASCII C. PAP D. PEAP E. MS-CHAPv1 F. MS-CHAPv2 Correct Answer: BCE Section: (none)

Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?

A. no switchport nonnegotiate B. switchport C. no switchport mode dynamic auto D. no switchport Correct Answer: D Section: (none) […]

Which of the following are features of IPsec transport mode? (Choose three.)

A. IPsec transport mode is used between end stations B. IPsec transport mode is used between gateways C. IPsec transport […]

Which source port does IKE use when NAT has been detected between two VPN gateways?

A. TCP 4500 B. TCP 500 C. UDP 4500 D. UDP 500 Correct Answer: C Section: (none) Explanation Explanation/Reference:

Which option describes information that must be considered when you apply an access list to a physical interface?

A. Protocol used for filtering B. Direction of the access class C. Direction of the access group D. Direction of […]

If the native VLAN on a trunk is different on each end of the link, what is a potential consequence?

A. The interface on both switches may shut down B. STP loops may occur C. The switch with the higher […]

Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)

A. Smart tunnels can be used by clients that do not have administrator privileges B. Smart tunnels support all operating […]

What is a possible reason for the error message?Router(config)#aaa server?% Unrecognized comman

A. The command syntax requires a space after the word “server” B. The command is invalid on the target device […]

Which address block is reserved for locally assigned unique local addresses?

A. 2002::/16 B. FD00::/8 C. 2001::/32 D. FB00::/8 Correct Answer: B Section: (none) Explanation

What are purposes of the Internet Key Exchange in an IPsec VPN? (Choose two.)

A. The Internet Key Exchange protocol establishes security associations B. The Internet Key Exchange protocol provides data confidentiality C. The […]

Which security zone is automatically defined by the system?

A. The source zone B. The self zone C. The destination zone D. The inside zone Correct Answer: B Section: […]

A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting?

A. Ensure that the RDP2 plug-in is installed on the VPN gateway B. Reboot the VPN gateway C. Instruct the […]

Which protocol provides security to Secure Copy?

A. IPsec B. SSH C. HTTPS D. ESP Correct Answer: B Section: (none) Explanation Explanation/Reference:

Which command is needed to enable SSH support on a Cisco Router?

A. crypto key lock rsa B. crypto key generate rsa C. crypto key zeroize rsa D. crypto key unlock rsa […]

Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.)

A. start-stop B. stop-record C. stop-only D. stop Correct Answer: AC Section: (none) Explanation Explanation/Reference:

Free Download CCIE University CISCO Study Guide(1000+ PDFs Worth 1999$)