210-260 Implementing Cisco Network Security Practice Exam Set 2

210-260 Implementing Cisco Network Security Practice Exam Set 2

Which of the following traffic types can be detected by the FirePOWER ratebased prevention preprocessor engineX (Select the best answer.)


Options are :

  • SYN flood traffic
  • Back Orifice traffic
  • distributed port scan traffic
  • port sweep traffic

Answer : SYN flood traffic

Cisco Data Center Architecture Set 1

In which of the following authentication protocols is support for TLS 1.2 specifically requiredX (Select the best answer.)


Options are :

  • EAPMD5
  • EAPTLS
  • EAPFASTv1
  • EAPFASTv2

Answer : EAPFASTv2

You want to use ASDM to create an inspection rule that will drop and log SHOUTcast media streams. Which of the following inspection rules should you configure to achieve your goalX (Select the best answer.)


Options are :

  • RTSP
  • HTTP
  • H.323 RAS
  • H.323 H.225

Answer : HTTP

Which of the following worms was used in an act of cyber warfare against Iranian ICSsX (Select the best answer.)


Options are :

  • Welchia
  • Nachi
  • Stuxnet
  • Blaster

Answer : Stuxnet

Cisco CCNP Route 300-101 Practice Tests Set 3

You want to configure Cisco ISE as a SCEP proxy to a Microsoft Windows 2008 R2 Server root CA. Which of the following also needs to be configuredX (Select the best answer.)


Options are :

  • a root CA on the Cisco ISE
  • a manually installed certificate on the connecting BYOD device
  • AD on the CA
  • NDES on a CA or domain member server

Answer : NDES on a CA or domain member server

You have issued the following commands to modify the 802.1X configuration on a switch port: switch(configif)#authentication order mab dot1x switch(configif) #authentication priority dot1x mab switch(configif)#authentication event fail action nextmethod switch(configif)#authentication event noresponse action authorize vlan 1313 A new host is attached to the switch port. The hostís MAC address is in the authentication database, but the hostís certificate for 802.1X authentication is expired. Which of the following statements is true regarding the host in this scenarioX (Select the best answer.)


Options are :

  • The host will fail 802.1X authentication, and the switch will place the port into an unauthorized state.
  • The host will fail 802.1X authentication and will be assigned to VLAN 1313.
  • MAB will authorize the host for network access, and the switch port will ignore the hostís 802.1X authentication attempts.
  • MAB will authorize the host for network accessX however, the host will lose network access when it attempts to authenticate with 802.1X.

Answer : MAB will authorize the host for network accessX however, the host will lose network access when it attempts to authenticate with 802.1X.

Your company is using a shopping cart web application that is known to be vulnerable to a code injection attack. Your company has no support agreement for the application, and the application is no longer updated by its author. Modifying the code would require the hiring of additional help and an extensive interview process. Which of the following should your company do in the meantime to most quickly mitigate the threatX (Select the best answer.)


Options are :

  • Implement a WAF.
  • Shut down the site.
  • Replace the shopping cart application with a different one.
  • Use the grep command to examine web logs for evidence of an attack.

Answer : Implement a WAF.

200-125 Cisco Certified Network Associate (CCNA) Exam Set 1

The Serial 0/0 interfaces on Router1 and Router2 are directly connected on the 192.168.51.48/30 network. You issue the following commands on Router1: interface serial 0/0 ip ospf messagedigestkey 1 md5 b0s0n router ospf 1routerid 1.1.1.1 network 10.10.10.0 0.0.0.255 area 1 network 192.168.51.48 0.0.0.3 area 0 area 0 authentication You issue the following commands on Router2: interface serial 0/0 ip ospf authenticationkey b0s0n router ospf 2routerid 2.2.2.2 network 10.10.20.0 0.0.0.255 area 2 network 192.168.51.48 0.0.0.3 area 0 area 0 authentication Router1 and Router2 do not form an OSPF adjacency. Which of the following is most likely the problemX (Select the best answer.)


Options are :

  • an OSPF process ID mismatch
  • an OSPF authentication mismatch
  • an OSPF router ID mismatch
  • an OSPF area mismatch

Answer : an OSPF authentication mismatch

According to the branch location ACL design guidelines in the Cisco BYOD Design Guide, which protocols should not be permitted by the default ACL that is applied to the access ports of a Layer 2 switchX (Select 2 choices.)


Options are :

  • BOOTP
  • HTTPS
  • DNS
  • HTTP

Answer : HTTPS HTTP

Your companyís Cisco ISE device and all of its supplicants support EAPFASTv2. A userís authentication fails. However, the userís device attempts to authenticate and succeeds. Which of the following is trueX (Select the best answer.)


Options are :

  • The user will have full access.
  • The device will have full access but the user will have no access.
  • The user will have restricted access.
  • The user will have no access.

Answer : The user will have restricted access.

200-125 Cisco Certified Network Associate Practice Exam Set 7

Which of the following is typically implemented in a cluster configurationX (Select the best answer.)


Options are :

  • CSA
  • CTA
  • ACS
  • SSC

Answer : ACS

Which of the following best describes the purpose of SNMPX (Select the best answer.)


Options are :

  • to send email
  • to transfer files
  • to manage network devices
  • to create VPNs

Answer : to manage network devices

Which of the following can be configured on the General screen of the Add Internal Group Policy dialog box in ASDM when creating a group policy for clientless SSL VPN usersX (Select 3 choices.)


Options are :

  • the name of the group policy
  • a banner message for VPN clients
  • the tunneling protocols that clients can use to establish a VPN connection
  • the bookmark list to apply to VPN clients
  • a group URL that VPN users can access

Answer : the name of the group policy a banner message for VPN clients the tunneling protocols that clients can use to establish a VPN connection

200-125 Cisco Certified Network Associate Practice Exam Set 12

Which of the following security functions is associated with the control planeX (Select the best answer.)


Options are :

  • traffic filtering
  • device resource protection
  • traffic accounting
  • device configuration protection

Answer : device resource protection

Which of the following statements is correct regarding the traffic types that can be matched in a class map on a Cisco ASAX (Select the best answer.)


Options are :

  • A class map can match traffic by UDP port number but not by IP precedence
  • A class map can match traffic by TCP port number but not by IP precedence.
  • A class map can match traffic by TCP port number, by UDP port number, and by IP precedence.
  • A class map can match traffic by TCP port number but not by UDP port number.

Answer : A class map can match traffic by TCP port number, by UDP port number, and by IP precedence.

Which of the following can be used to encrypt email messages, files, and disk drivesX (Select the best answer.)


Options are :

  • S/MIME
  • PGP
  • L2TP
  • PEM

Answer : PGP

Cisco CCNP Route 300-101 Practice Tests Set 1

Which of the following indicates that aggressive mode ISAKMP peers have created SAsX (Select the best answer.)


Options are :

  • MM_NO_STATEC. AG_AUTH
  • MM_KEY_AUTH
  • AG_NO_STATE
  • QM_IDLE

Answer : AG_NO_STATE

Which of the following devices requires that a physical interface be in promiscuous mode in order to monitor network trafficX (Select the best answer.)


Options are :

  • an IPS
  • a router
  • an IDS
  • a firewall

Answer : an IDS

Which of the following is least likely to be considered an advanced persistent threatX (Select the best answer.)


Options are :

  • Operation Aurora
  • Stuxnet
  • the 2011 RSA breach
  • Heartbleed

Answer : Heartbleed

210-260 Implementing Cisco Network Security Practice Exam Set 7

Which of the following authentication methods are supported by both RADIUS and TACACS+ server groups on a Cisco ASA firewallX (Select 3 choices.)


Options are :

  • CHAP
  • PAP
  • ASCII
  • MSCHAPv1
  • MSCHAPv2

Answer : CHAP PAP MSCHAPv1

You want to configure a router so that networkbased CLI access is limited to SSH connections that are received on a specified interface. Which of the following Cisco IOS features should you configure to achieve your goalX (Select the best answer.)


Options are :

  • CoPP
  • MPP
  • CPPr
  • uRPF

Answer : MPP

210-260 Implementing Cisco Network Security Practice Exam Set 7

Which of the following is a type of phishing attack that specifically targets highranking corporate executivesX (Select the best answer.)


Options are :

  • vishing
  • whaling
  • dumpster diving
  • pharming

Answer : whaling

Which of the following ISAKMP states indicates that the IKE peers have negotiated security parameters and exchanged keys using aggressive mode during phase 1 of the IKE processX (Select the best answer.)


Options are :

  • MM_SA_SETUP
  • QM_IDLE
  • AG_INIT_EXCH
  • MM_KEY_EXCH

Answer : AG_INIT_EXCH

You enable logging at the end of the session in Cisco FireSIGHT Management Center. Which of the following is trueX (Select the best answer.)


Options are :

  • The log will contain less information than at the beginning of the session.
  • Information will be based on only the first few packets of a connection.
  • You will not be able to log connections handled by an SSL policy.
  • The log will contain information from throughout the course of a connection.

Answer : The log will contain information from throughout the course of a connection.

200-105 Interconnecting Cisco Networking Devices Part Exam Set 3

Which of the following features protects the control plane by classifying traffic into three separate control plane subinterfacesX (Select the best answer.)


Options are :

  • uRPF
  • RBAC
  • CPPr
  • CoPP

Answer : CPPr

An SNMP readonly community named READONLY is configured on a Cisco router. Which of the following fields in the output of the show snmp command on the router will increment if an NMS makes a set request to the READONLY communityX (Select the best answer.)


Options are :

  • Illegal operation for community name supplied
  • Input queue packet drops
  • No such name errors
  • Unknown community name

Answer : Illegal operation for community name supplied

Which of the following statements is true regarding a stateless packetfiltering firewallX (Select the best answer.)


Options are :

  • It tracks packets as a part of a stream
  • It is more secure than a stateful packetfiltering firewall.
  • It is not susceptible to IP spoofing attacks.
  • It can operate at Layer 4 of the OSI model.

Answer : It can operate at Layer 4 of the OSI model.

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 2

You issue the following command on a Cisco device: test aaa group radius user1 b0s0n newcode profile profile1 Which of the following is trueX (Select the best answer.)


Options are :

  • There is not enough information to determine the success or failure of the command.
  • The command will succeed but report an error.
  • The command will fail.
  • The command will succeed without error.

Answer : There is not enough information to determine the success or failure of the command.

An inbound TCP packet arrives at the ingress interface of a Cisco ASA 8.2 firewall. The packet is part of an established session. The packet reaches the interfaceís internal buffer and the input counter is incremented. Which of the following actions will occur nextX (Select the best answer.)


Options are :

  • The packet is forwarded to the outbound interface.
  • The packet will be processed by interface ACLs.
  • The packet is subjected to an inspection check.
  • The packet's IP header is translated by NAT/PAT.

Answer : The packet is subjected to an inspection check.

You are troubleshooting IPSec VPN connectivity between two sites. From the local router, you are able to ping the remote tunnel endpoint. Which of the following steps should you perform nextX (Select the best answer.)


Options are :

  • Issue the traceroute command to trace the route to the tunnel endpoint.
  • Reboot both devices.
  • Verify that the IKE policies match on both peers.
  • Verify that the peers successfully authenticate each other.

Answer : Verify that the IKE policies match on both peers.

400-101 CCIE Routing and Switching Written Practice Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions