Q1. Refer the exhibit.
Which of the following is the correct output of the above executed command?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Q2. You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):
With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?
A. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interface
B. Modify the NHRP hold times to match on the hub and spoke
C. Modify the NHRP network IDs to match on the hub and spoke
D. Modify the tunnel keys to match on the hub and spoke
Answer: D
Q3. Refer to the exhibit . Which Statement about this configuration is true?
A. The ASA stops LSA type 7 packets from flooding into OSPF area 1.
B. The ASA injects a static default route into OSPF area 1.
C. The ASA redistributes routes from one OSPF process to another.
D. The ASA redistributes routes from one routing protocol to another.
E. The ASA injects a static default route into OSPF process 1.
Answer: C
Q4. Which of the following two statements apply to EAP-FAST? (Choose two.)
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
D. EAP-FAST is a client/client security architecture.
Answer: A,C
Q5. What technology can you implement on your network to allow IPv4-dependent applications to work with IPv6- capable application?
A. NAT 6to4
B. DS-lite
C. NAT-PT
D. ISATAP
E. NAT64
Answer: E
Q6. Which two answers describe provisions of the SOX Act and its international counterpart Acts? (Choose two.)
A. confidentiality and integrity of customer records and credit card information
B. accountability in the event of corporate fraud
C. financial information handled by entities such as banks, and mortgage and insurance brokers
D. assurance of the accuracy of financial records
E. US Federal government information
F. security standards that protect healthcare patient data
Answer: B,D
Q7. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: B,C
Q8. What feature on Cisco IOS router enables user identification and authorization based on per-user policies
A. CBAC
B. IPsec
C. Authentication proxy
D. NetFlow v9
E. Zone-based firewall
F. EEM
Answer: C
Q9. According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two)
A. If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.
B. Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacks
C. It is susceptible to man-m-the-middle attacks
D. An attacker can validate user names if the 331 response is in use.
E. It is susceptible to bounce attacks on port 1024
Answer: D,E
Q10. Which two options are differences between automation and orchestration? (Choose two)
A. Automation is to be used to replace human intervention
B. Automation is focused on automating a single or multiple tasks
C. Orchestration is focused on an end-to-end process or workflow
D. Orchestration is focused on multiple technologies to be integrated together
E. Automation is an IT workflow composed of tasks, and Orchestration is a technical task
Answer: B,C