Q1. On Which encryption algorithm is CCMP based?
A. IDEA
B. BLOWFISH
C. RCS
D. 3DES
E. AES
Answer: E
Q2. DRAG DROP
Drag each EAP variant in the 802.1x framework to the matching statement on the right?
Answer:
Explanation: EAP-FAST: An encapsulated EAP variant that can travel through TLS tunnel EAP-MD5: When used, EAP servers provide authentication to EAP peers only EAP-OTP: Authenticates using a single-use token
EAP-PEAP: Performs secure tunnel authentication
EAP-SIM: Enables GSM users to access both voice and data services with unified authentication. EAP-TLS: Provides EAP message fragmentation.
EAP-TTLS: An early EAP variant that uses certificates based authentication of both client and server
LEAP: A simplified EAP variant that uses password as shared service.
Q3. Refer to the exhibit What type of attack is illustrated?
A. ICMP flood
B. ARP spoofing
C. IP address spoofing
D. CAM overflow
Answer: B
Q4. A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?
A. LDP
B. VXLAN
C. VRF
D. Extended VLAN ranges
Answer: B
Q5. Which two statements about CoPP are true? (Choose two)
A. When a deny rule in an access list is used for MQC is matched, classification continues on the next class
B. It allows all traffic to be rate limited and discarded
C. Access lists that are used with MQC policies for CoPP should omit the log and log-input keywords
D. The mls qos command disables hardware acceleration so that CoPP handles all QoS
E. Access lists that use the log keyword can provide information about the device’s CPU
usage
F. The policy-map command defines the traffic class
Answer: A,C
Q6. What are feature that can stop man-in-the-middle attacks? (Choose two)
A. ARP sniffing on specific ports
B. ARP spoofing
C. Dynamic ARP inspection
D. DHCP snooping
E. destination MAC ACLs
Answer: C,D
Q7. DRAG DROP
Drag and drop each RADIUS packet field on the left onto the matching decription on the right.
Answer:
Explanation: A-5,B-2,C-1,D-3,E-4
Q8. Refer to the exhibit, which effect of this configuration is true?
A. The PMTUD value sets itself to 1452 bytes when the interface MTU is set to 1492 bytes
B. SYN packets carries 1452 bytes in the payload when the Ethernet MTU of the interface is set to 1492 bytes
C. The maximum size of TCP SYN+ACK packets passing the transient host is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
D. The MSS to TCP SYN packets is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
E. The minimum size of TCP SYN+ACL packets passing the router is set to 1452 bytes and the IP MTU of the interface is set to 1492 bytes
Answer: D
Q9. Which three of these are security properties that TLS v1.2 provides?(Choose three)?
A. Availability
B. integrity
C. non-repudiation
D. authentication
E. authorization
F. confidentiality
Answer: B,D,F
Q10. Refer to the exhibit, which conclusion can be drawn from this output?
A. The license of the device supports multiple virtual firewalls
B. The license of the device allows the establishment of the maximum number of client- based, full- tunnel SSL VPNS for the platform
C. The license of the device allows for it to be used in a failover set
D. The license of the device allows a full-tunnel IPsec VPN using the Rijndael cipher
Answer: A