Q1. Which two network protocols can operate on the Application Layer?(Choose two)

A. DNS

B. UDP

C. TCP

D. NetBIOS

E. DCCP

F. SMB

View Answer

Q2. What is the name of the unique tool/feature in cisco security manager that is used to merge an access list based on the source/destination IP address service or combination of these to provide a manageable view of access policies?

A. merge rule tool

B. policy simplification tool

C. rule grouping tool

D. object group tool

E. combine rule tool

View Answer

Q3. Refer to the exhibit. 

Which effect of this configuration is true?

A. NUD retransmits 1000 Neighbor solicitation messages every 4 hours and 4 minutes.

B. NUD retransmits Neighbor Solicitation messages after 4, 16, 64 and 256 seconds.

C. NUD retransmits Neighbor Solicitation messages every 4 seconds.

D. NUD retransmits unsolicited Neighbor advertisements messages every 4 hours.

E. NUD retransmits f our Neighbor Solicitation messages every 1000 seconds.

F. NUD retransmits Neighbor Solicitation messages after 1, 4, 16, and 64 seconds.

View Answer

Q4. Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

A. Network translation mode

B. Single-context routed mode

C. Multiple-context mode

D. Transparent mode

View Answer

Q5. Which statement about ICMPv6 filtering is true? 

A)

B)

C)

D)

E)

F)

A. Option A

B. Option B

C. Option C

D. Option D

View Answer

Q6. Which two statement about MLD version 2 on the ASA are true ? (Choose two)

A. It allows the ASA to function as a multicast router.

B. It enables the ASA to discover multicast address listeners on attached and remote links.

C. It discover other multicast address listeners by listening to multicast listener reports.

D. It enables the ASA to discover multicast address listeners to attached links only.

E. It sends multicast listener reports in response to multicast listener quires.

View Answer

Q7. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)

A. It is an inbound policy.

B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.

C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.

D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.

E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.

F. It is an outbound policy.

View Answer

Q8. Refer to the exhibit. 

What are two TLS inspection methods you could implement for outbond internet traffic that can prevent the given untrusted error? (Choose two)

Refer to the exhibit What are two TLS inspection methods you could implement for- outbound Internet traffic that can prevent the given error? (Choose two)

A. Add the self-signed CA certificate from the inspection appliance to the Trusted Root Certification Authority on the client

B. Apply an intermediate CA certificate from a trusted authority on the inspection appliance.

C. Download a copy of the private key from the content provider,

D. Update your organizational procedures to instruct users to click "I Understand the Risks" to accept the error and continue

E. Conditionally decrypt traffic based c$ trust level Store private keys in a FIPS Level 2 HSM on the inspection appliance

View Answer

Q9. What message does the TACACS+ daemon send during the AAA authentication process to request additional authentication information?

A. ACCEPT

B. REJECT

C. CONTINUE

D. ERROR

E. REPLY

View Answer

Q10. What feature on Cisco IOS router enables user identification and authorization based on per-user policies

A. CBAC

B. IPsec

C. Authentication proxy

D. NetFlow v9

E. Zone-based firewall

F. EEM

View Answer