Q1. Which option describes the purpose of the RADIUS VAP-ID attribute?
A. It specifies the ACL ID to be matched against the client
B. It specifies the WLAN ID of the wireless LAN to which the client belongs
C. It sets the minimum bandwidth for the connection
D. It sets the maximum bandwidth for the connection
E. It specifies the priority of the client
F. It identifies the VLAN interface to which the client will be associated
Answer: B
Q2. DRAG DROP
Drag each MACsec term on the left to the right matching statement on the right?
Answer:
Explanation: CAK = key used to generate multiple additional keys MKA = protocol used for MACsec key negotiation MSK = key generated during the EAP exchange
SAK = a key used to encrypt traffic for a single session SAP = a key exchange protocol that is proprietary to Cisco
Q3. According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: A,B,C,D
Q4. Which two statements about the 3DES encryption protocol are true?(Choose two)
A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.
B. Its effective key length is 168 bits.
C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.
D. The algorithm is most efficient when it is implemented in software instead of hardware.
E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.
F. Its effective key length is 112 bits.
Answer: E,F
Q5. You have configured an authenticator switch in access mode on a network configured with NEAT.
WhatRADIUS attribute must the ISE sever return to change the switch's port mode to trunk?
A. device-traffic-class=switch
B. device-traffic-class=trunk
C. Framed-protocol=1
D. EAP-message=switch
E. Acct-Authentic=RADIUS
F. Authenticate=Administrative
Answer: A
Q6. What security element must an organization have in place before it can implement a security audit and validate the audit results?
A. firewall
B. network access control
C. an incident response team
D. a security policy
E. a security operation center
Answer: D
Q7. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?
A. On MAC Filter Failure
B. Pass through
C. Splash Page Web Redirect
D. Conditional Web Redirect
E. Authentication
Answer: A
Q8. What is the purpose of the vulnerability risk method for assessing risk?
A. It directs the actions an organization can take in response to a reported vulnerability
B. It evaluates the effectiveness and appropriateness of an organization’s current risk management activities
C. It directs the actions an organization can take to ensure perimeter security
D. It prevents and protects against security vulnerabilities in an organization
E. It establishes a security team to perform forensic examinations of known attacks
Answer: C
Q9. Which two options are unicast address types for IPv6 addressing? (Choose two)
A. Established
B. Static
C. Global
D. Dynamic
E. Link-local
Answer: C,E
Q10. Which command can you enter on the Cisco ASA to disable SSH?
A. Crypto key generate ecdsa label
B. Crypto key generate rsa usage-keys noconfirm
C. Crypto keys generate rsa general-keys modulus 768
D. Crypto keys generate ecdsa noconfirm
E. Crypto keys zeroize rsa noconfirm
Answer: E