Q1. Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports?
A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection
Answer: B
Q2. Refer to the exhibit. Which command can produce this packet tracer output on a firewall?
A. packet-tracer input INSIDE tcp 192.168.1.100 88 192.168.2.200 3028
B. packet-tracer output INSIDE tcp 192.168.1.100 88 192.168.2.200 3028
C. packet-tracer input INSIDE tcp 192.168.2.200 3028 192.168.1.100 88
D. packet-tracer output INSIDE tcp 192.168.2.200 3028 192.168.1.100 88
Answer: A
Q3. In which way are management packets classified on a firewall that operates in multiple context mode?
A. by their interface IP address
B. by the routing table
C. by NAT
D. by their MAC addresses
Answer: A
Q4. Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment?
A. Cisco Nexus 1000V
B. Cisco VSG
C. WSVA
D. ESVA
Answer: A
Q5. What are three ways to add devices in Cisco Prime Infrastruture? ( Choose three )
A. Use Cisco Security manager
B. Use Radius
C. Import devices from a CSV file
D. Add devices manually
E. Use an automated process
F. Use the Access Control Server
Answer: C,D,E
Q6. According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)
A. switchport mode access
B. switchport access vlan 2
C. switchport mode trunk
D. switchport access vlan 1
E. switchport trunk native vlan 1
F. switchport protected
Answer: A,B
Q7. Which two router commands enable NetFlow on an interface? (Choose two.)
A. ip flow ingress
B. ip flow egress
C. ip route-cache flow infer-fields
D. ip flow ingress infer-fields
E. ip flow-export version 9
Answer: A,B
Q8. Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices?
A. Prime Infrastructure
B. Prime Assurance
C. Prime Network Registrar
D. Prime Network Analysis Module
Answer: A
Q9. Refer to the exhibit.
Which two statements about the SNMP configuration are true? (Choose two.)
A. The router's IP address is 192.168.1.1.
B. The SNMP server's IP address is 192.168.1.1.
C. Only the local SNMP engine is configured.
D. Both the local and remote SNMP engines are configured.
E. The router is connected to the SNMP server via port 162.
Answer: B,D
Q10. Which three commands can be used to harden a switch? (Choose three.)
A. switch(config-if)# spanning-tree bpdufilter enable
B. switch(config)# ip dhcp snooping
C. switch(config)# errdisable recovery interval 900
D. switch(config-if)# spanning-tree guard root
E. switch(config-if)# spanning-tree bpduguard disable
F. switch(config-if)# no cdp enable
Answer: B,D,F