Q1. Which two effects of configuring the tunnel path-mtu-discovery command on a GRE tunnel interface are true?( Choose two)

A. The maximum path MTU across the GRE tunnel is set to 65534 bytes.

B. If a lower MTU link between the IPsec peers is detected , the GRE tunnel MTU are changed.

C. The router adjusts the MTU value it sends to the GRE tunnel interface in the TCP SYN packet.

D. It disables PMTUD discovery for tunnel interfaces.

E. The DF bit are copied to the GRE IP header.

F. The minimum path MTU across the GRE tunnel is set to 1476 bytes.

View Answer

Q2. Which two statement about the multicast addresses query message are true?(choose two)

A. They are solicited when a node initialized the multicast process.

B. They are used to discover the multicast group to which listeners on a link are subscribed

C. They are used to discover whether a specified multicast address has listeners

D. They are send unsolicited when a node initializes the multicast process

E. They are usually sent only by a single router on a link

F. They are sent when a node discover a multicast group

View Answer

Q3. The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA, What command can you use to block all current and future connections from the infected host?

A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4

B. shun 10.10.10.4 168.65.201.120 6000 80

C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120

D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4

E. shun 168.65.201.120 10.10.10.4 6000 80

View Answer

Q4. Refer to the exhibit 

Flexible NetFlow is failing to export flow records from RouterA to your flow collector. What action can you take to allow the IPv6 flow records to be sent to the colle

A. Set the NetFlow export protocol to v5

B. Configure the output-features command for the IPV4-EXPORTER

C. Add the ipv6 cef command to the configuration

D. Remove the ip cef command from the configuration

E. Create a new flow exporter with an IPv6 destination and apply it to the flow monitor

View Answer

Q5. Which two statement about the DES algorithm are true?(choose two)

A. It uses a 64-bit key block size and its effective key length is 65 bits

B. It uses a 64-bits key block size and its effective key length is 56 bits

C. It is a stream cripher that can be used with any size input

D. It is more efficient in software implements than hardware implementations.

E. It is vulnerable to differential and linear cryptanalysis

F. It is resistant to square attacks

View Answer

Q6. DRAG DROP

Drag each OSPF security feature on the left to its description on the right.

View Answer

Q7. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)

A. FPM

B. DCAR

C. NBAR

D. IP source Guard

E. URPF

F. Dynamic ARP inspection

View Answer

Q8. What functionality does SXP provide to enhance security?

A. It supports secure communication between cisco ironport Cisco and Microsoft Exchange.

B. It supports Cisco’s trustsec solution by transporting information over network that are unable to support

SGT propagation.

C. It support secure communications between cisco ironport and cloud-based email servers.

D. It support cisco’s trustsec implementation on virtual machines.

View Answer

Q9. when a client tries to connect to a WLAN using the MAC filter (RADIUS server), if the client fails the authentication, what is the web policy used tofallback authentication to web authentication ?

A. Authentication

B. Passthrough

C. Conditional Web Redirect

D. Splash Page Web Redirect

E. On MAC Filter Failure

View Answer

Q10. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)

A. It is an inbound policy.

B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.

C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.

D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.

E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.

F. It is an outbound policy.

View Answer