Q1. Why is the IPv6 type 0 routing header vulnerable to attack?

A. It allows the receiver of a packet to control its flow.

B. It allows the sender to generate multiple NDP requests for each packet.

C. It allows the sender of a packet to control its flow.

D. It allows the sender to generate multiple ARP requests for each packet.

E. It allows the receiver of a packet to modify the source IP address.

View Answer

Q2. Which of the following Cisco IPS signature engine has relatively high memory usage ?

A. The STRING-TCP engine

B. The STRING-UDP engine

C. The NORMALIZER engine

D. The STRING-ICMP engine

View Answer

Q3. Which three statements about Unicast RPF in strict mode and loose mode are true? (choose three)

A. Inadvertent packet loss can occur when loose mode is used with asymmetrical routing.

B. Strict mode requires a default route to be associated with the uplink network interface.

C. Both loose and strict modes are configured globally on the router.

D. Loose mode requires the source address to be present in the routing table.

E. Strict mode is recommended on interfaces that will receive packets only form the same subnet to which the interface is assigned.

F. Interfaces in strict mode drop traffic with return routes that point to the NULL 0 interface.

View Answer

Q4. MWhich three are RFC 5735 addresses? (Choose three.)

A. 171.10.0.0/24

B. 0.0.0.0/8

C. 203.0.113.0/24 

D. 192.80.90.0/24 

E. 172.16.0.0/12 

F. 198.50.100.0/24

View Answer

Q5. You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

(A) You need two customer contexts, named contextA and contextB

(B) Allocate interfaces G0/0 and G0/1 to contextA

(C) Allocate interfaces G0/0 and G0/2 to contextB

(D) The physical interface name for G0/1 within contextA should be "inside".

(E) All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

A. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

B. context contexta

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

C. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible

D. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2

E. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible

View Answer

Q6. Which two statements about LEAP are true? (Choose two)

A. It is compatible with the PAP and MS-CHAP protocols

B. It is an ideal protocol for campus networks

C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys

D. It is an open standard based on IETF and IEEE standards

E. It is compatible with the RADIUS authentication protocol

F. Each encrypted session is authentication by the AD server

View Answer

Q7. What is the maximum pattern length supported by FPM searches within a packet ?

A. 256 bytes 

B. 1500 bytes

C. 512 bytes

D. 128 bytes

View Answer

Q8. Which two statements about ICMP redirect messages are true? (choose two)

A. By default, configuring HSRP on the interface disables ICMP redirect functionality.

B. They are generated when a packet enters and exits the same router interface.

C. The messages contain an ICMP Type 3 and ICMP code 7.

D. They are generated by the host to inform the router of an alternate route to the destination.

E. Redirects are only punted to the CPU if the packets are also source-routed.

View Answer

Q9. What is the effect of the Cisco Application Control Engine (ACE. command ipv6 fragment min-mtu 1024 ?

A. It configures the interface to fragment packets on connections with MTUs of 1024 or greater

B. It sets the MTU to 1024 bytes for an IPv6 VLAN interface that accepts fragmented packets

C. It configures the interface to attempt to reassemble only IPv6 fragments that are less than 1024 bytes

D. It configures the interface to fragment packets on connections with MTUs of 1024 or less

E. It configures the interface to attempt to reassemble only IPv6 fragments that are at least 1024 bytes

View Answer

Q10. All of these Cisco security products provide event correlation capabilities excepts which one?

A. Cisco Security MARS

B. Cisco Guard/Detector

C. Cisco ASA adaptive security appliance

D. Cisco IPS

E. Cisco Security Agent.

View Answer