Q1. Which two statements describe the Cisco TrustSec system correctly? (Choose two.)
A. The Cisco TrustSec system is a partner program, where Cisco certifies third-party security products as extensions to the secure infrastructure.
B. The Cisco TrustSec system is an approach to certifying multimedia and collaboration applications as secure.
C. The Cisco TrustSec system is an Advanced Network Access Control System that leverages enforcement intelligence in the network infrastructure.
D. The Cisco TrustSec system tests and certifies all products and product versions that make up the system as working together in a validated manner.
Answer: C,D
Q2. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: A,C,D
Q3. What context-based access control (CBAC. command sets the maximum time that a router
running Cisco IOS Will wait for a new TCP session to reach the established state?
A. IP inspect max-incomplete
B. IP inspect tcp finwait-time
C. Ip inspect udp idle-time
D. Ip inspect tcpsynwait-time
E. Ip inspect tcp idle-time
Answer: D
Q4. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: D,F
Q5. What feature enables extended secure access from non-secure physical location?
A. Port security
B. Strom control
C. NEAT
D. CBAC
E. 802 1x pot-based authentication
Answer: C
Q6. DRAG DROP
Drag each IPv6 extension header on the left into the recommended order for more than one extension header In the same IPv6 packet on the right?
Answer:
Explanation:
1: IPv6 header; 2: Hop by Hop option; 3. Destination options; 4: Routing; 5: Fragment; 6: Authentication; 7: Encapsulating Security Payload.
Q7. You want to enable users in your company’s branch offices to deploy their own access points using WAN link from the central office, but you are unable to a deploy a controller in the branch offices. What lightweight access point wireless mode should you choose?
A. TLS mode
B. H-REAP mode
C. Monitor mode
D. REAP mode
E. Local mode
Answer: B
Q8. In ISO 27002, access control code of practice for information Security Management servers which of the following objective?
A. Implement protocol control of user, network and application access
B. Optimize the audit process
C. Prevent the physical damage of the resources
D. Educating employees on security requirements and issues
Answer: A
Q9. Which three fields are part of the AH header? (Choose three)
A. Destination address
B. Protocol ID
C. Packet ICV
D. SPI identifying SA
E. Next header
F. Application port
G. Source address
Answer: C,D,E
Q10. What ASA feature can do use to restrict a user to a specific VPN group?
A. A webtypeACL
B. MPF
C. A VPN filter
D. Group-lock
Answer: D