Q1. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)
A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.
B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.
C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.
D. It disables PMTUD discovery for tunnel interfaces.
E. The DF bit are copied to the GRE IP header.
F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.
Answer: B,E
Q2. Which two statement about the multicast addresses query message are true?(choose two)
A. They are solicited when a node initialized the multicast process.
B. They are used to discover the multicast group to which listeners on a link are subscribed
C. They are used to discover whether a specified multicast address has listeners
D. They are send unsolicited when a node initializes the multicast process
E. They are usually sent only by a single router on a link
F. They are sent when a node discover a multicast group
Answer: B,C
Q3. The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B. shun 10.10.10.4 168.65.201.120 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E. shun 168.65.201.120 10.10.10.4 6000 80
Answer: C
Q4. Refer to the exhibit
Flexible NetFlow is failing to export flow records from RouterA to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle
A. Set the NetFlow export protocol to v5
B. Configure the output-features command for the IPV4-EXPORTER
C. Add the ipv6 cef command to the configuration
D. Remove the ip cef command from the configuration
E. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor
Answer: D
Q5. Which two statement about the DES algorithm are true?(choose two)
A. It uses a 64-bit key block size and its effective key length is 65 bits
B. It uses a 64-bits key block size and its effective key length is 56 bits
C. It is a stream cripher that can be used with any size input
D. It is more efficient in software implements than hardware implementations.
E. It is vulnerable to differential and linear cryptanalysis
F. It is resistant to square attacks
Answer: B,E
Q6. DRAG DROP
Drag each OSPF security feature on the left to its description on the right.
Answer:
Explanation:
TTL security check:protects ospf neighbor sessions against CPU prefix length: protects the routers in an ospf neighbor session
Type0:Establishes OSPF sessions without authenthication Type1:Uses Clear-text authenthication to protect
Type2:Uses MD5 authenthication to protect
Q7. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: D,E
Q8. What functionality does SXP provide to enhance security?
A. It supports secure communication between cisco ironport Cisco and Microsoft Exchange.
B. It supports Cisco’s trustsec solution by transporting information over network that are unable to support
SGT propagation.
C. It support secure communications between cisco ironport and cloud-based email servers.
D. It support cisco’s trustsec implementation on virtual machines.
Answer: B
Q9. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?
A. Authentication
B. Passthrough
C. Conditional Web Redirect
D. Splash Page Web Redirect
E. On MAC Filter Failure
Answer: E
Q10. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F. It is an outbound policy.
Answer: A,C