210-260 Implementing Cisco Network Security Practice Exam Set 3

Which of the following is most likely to protect the availability component of the CIA triad? (Select the best answer.)


Options are :

  • a VPN
  • an IPS
  • data encryption
  • a virus scanner

Answer : an IPS

Which of the following is true of BPDU traffic on a Cisco zonebased firewall in transparent mode? (Select the best answer.)


Options are :

  • It is permitted only in the outbound direction.
  • It is permitted only in the inbound direction.
  • It is permitted in both inbound and outbound directions.
  • It is denied by default.

Answer : It is permitted in both inbound and outbound directions.

You are configuring dynamic PAT on a Cisco ASA 5500 using the CLI. The ASA is running software version 8.3. Which of the following IP addresses can you configure inline? (Select the best answer.)


Options are :

  • inside global
  • inside local
  • outside local
  • outside global

Answer : inside global

210-260 Implementing Cisco Network Security Practice Exam Set 2

Which of the following are not considered NGE cryptographic algorithms and should be avoided according to Cisco? (Select 2 choices.)


Options are :

  • DH768
  • ECDH384
  • DH1024
  • SHA256

Answer : DH768 DH1024

Which of the following is most likely to indicate that the configured main mode ISAKMP policy does not match the policy proposed by the remote peer? (Select the best answer.)


Options are :

  • AG_NO_STATE
  • MM_NO_STATE
  • AG_AUTH
  • MM_KEY_AUTH

Answer : MM_NO_STATE

Which of the following are not default values in an IKE policy on an ASA running software version 8.4 or higher? (Select 2 choices.)


Options are :

  • PSKbased authentication method
  • 14,400second lifetime
  • MD5 hash algorithm
  • 168bit DES encryption algorithm

Answer : 14,400second lifetime MD5 hash algorithm

210-260 Implementing Cisco Network Security Practice Exam Set 4

You issue the show ntp associations detail command on Router2 and receive the following output: Router2#show ntp associations detail 10.0.12.1 configured, authenticated, our_master, sane, valid, stratum 3 ref ID 127.127.1.1, time BF6C06E0.55040FD5 (09:02:04.717 UTC Thu Jul 25 2013) Which of the following is true? (Select the best answer.)


Options are :

  • Router2 has been configured with an NTP stratum level of 3.
  • NTP on Router2 is synchronized with a master on another device.
  • NTP on Router2 is synchronized with itself.
  • Router2 has successfully authenticated the NTP clients connected to Router2.

Answer : NTP on Router2 is synchronized with a master on another device.

Which of the following is least likely to be a function of a Cisco ESA? (Select the best answer.)


Options are :

  • protecting against spam
  • protecting against malicious files
  • protecting against a DDoS attacks
  • protecting against phishing

Answer : protecting against a DDoS attacks

Which of the following traffic can be statefully inspected by Cisco IOS ZFW? (Select the best answer.)


Options are :

  • IPv4 multicast traffic
  • IPv4 unicast traffic
  • IPv6 unicast traffic
  • IPv6 multicast traffic

Answer : IPv4 unicast traffic

Cisco Data Center Architecture Set 3

RADIUS and TACACS+ have which of the following in common? (Select the best answer.)


Options are :

  • They are Ciscoproprietary protocols.
  • They communicate by using the same transport protocol.
  • They encrypt the entire packet.
  • They are AAA protocols.

Answer : They are AAA protocols.

The Serial 0/0 interfaces on Router1 and Router2 are directly connected on the 192.168.51.48/30 network. You issue the following commands on Router1: interface serial 0/0 ip ospf authenticationkey b0s0n router ospf 1 routerid 1.1.1.1 network 10.10.10.0 0.0.0.255 area 1 network 192.168.51.48 0.0.0.3 area 1 area 0 authentication You issue the following commands on Router2: interface serial 0/0 ip ospf authenticationkey b0s0n router ospf 2routerid 2.2.2.2 network 10.10.20.0 0.0.0.255 area 2 network 192.168.51.48 0.0.0.3 area 0 area 0 authentication Router1 and Router2 do not form an OSPF adjacency. Which of the following is most likely the problem? (Select the best answer.)


Options are :

  • an OSPF area mismatch
  • an OSPF process ID mismatch
  • an OSPF router ID mismatch
  • an OSPF authentication mismatch

Answer : an OSPF area mismatch

Which of the following SNMP versions was the first version to offer both authentication and encryption? (Select the best answer.)


Options are :

  • SNMPv3
  • SNMPv4
  • SNMPv1
  • SNMPv2

Answer : SNMPv3

Cisco CCNP Route 300-101 Practice Tests Set 3

Which of the following features can cause a switch port to enter the errdisable state? (Select the best answer.)


Options are :

  • root guard
  • BPDU guard
  • PortFast
  • PortFast

Answer : BPDU guard

Which of the following describes a TPM? (Select the best answer.)


Options are :

  • a system used to provide services on demand from remote locations
  • a system of assigning data to various categories
  • an independent cryptographic processor embedded into computers
  • a process of remotely initiating the deletion of data stored on a device

Answer : an independent cryptographic processor embedded into computers

Which of the following best describes a MAC spoofing attack? (Select the best answer.)


Options are :

  • sending forged frames with the intention of overwhelming a switch's CAM table
  • using GARP messages to associate an attacker's MAC address with the IP address of a valid host on the network
  • replacing the IP address of a legitimate website with the IP address of a malicious website
  • using the MAC address of another host on the network in order to bypass port security measures

Answer : using the MAC address of another host on the network in order to bypass port security measures

300-320 Designing Cisco Network Service Architectures Exam Set 4

EAPFASTv2 implemented a requirement to support which of the following cryptographic protocols? (Select the best answer.)


Options are :

  • TLS 1.1
  • TLS 1.3
  • TLS 1.0
  • TLS 1.2

Answer : TLS 1.2

Which of the following statements is true regarding a HIDS? (Select the best answer.)


Options are :

  • It can delay packets during reassembly.
  • It can monitor the network for port scans.
  • It can analyze OSspecific protocols, such as SMB.
  • It can identify spoofing attacks.

Answer : It can analyze OSspecific protocols, such as SMB.

Which of the following devices typically sits inline? (Select the best answer.)


Options are :

  • a NIDS
  • a HIDS
  • a HIPS
  • a NIPS

Answer : a NIPS

Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 1

You have configured a Cisco ESA with a URL Category action that redirects the URLs of adult content sites to the Cisco Cloud Web Security proxy service. You receive a report that users are successfully accessing some adult content sites from the company network. However, you are able to verify that known adult sites are being redirected. Which of the following could be the problem? (Select the best answer.)


Options are :

  • The adult content sites being visited are uncategorized.
  • The connection to the Cisco Cloud Web Security proxy service timed out.
  • You did not defang the URL so that it cannot be clicked.
  • You did not specify any text to replace the URL.

Answer : The adult content sites being visited are uncategorized.

To which of the following are you most likely to connect to manage a Cisco router in ROMmon mode? (Select 2 choices.)


Options are :

  • a console port
  • an auxiliary port
  • an Ethernet port
  • a serial port

Answer : a console port an auxiliary port

Which of the following features are supported on a Cisco ASA operating in multiple context mode? (Select 2 choices.)


Options are :

  • RIP
  • active/active failover
  • active/standby failover
  • QoS

Answer : active/active failover active/standby failover

100-105 Net Cert Interconnecting Cisco Networking Exam Set 7

Which of the following could be best described as an advanced persistent attack? (Select the best answer.)


Options are :

  • the Heartbleed vulnerability
  • a DDoS attack
  • Operation Aurora
  • POODLE

Answer : Operation Aurora

Which of the following is typically used to manage a Cisco router in-band? (Select the best answer.)


Options are :

  • a VTY port
  • a serial port
  • a console port
  • an auxiliary port

Answer : a VTY port

You have been asked to enable the Cisco IOS Resilient Configuration feature on a Cisco router. You issue the following commands on the router: Router#configure terminal Router(config)#secure boot-image Which of the following commands are you most likely to issue next to complete the configuration? (Select the best answer.)


Options are :

  • confreg 0x2102
  • secure boot-config
  • secure boot-config restore
  • reload

Answer : secure boot-config

210-260 Implementing Cisco Network Security Practice Exam Set 3

Which of the following actions could you take to mitigate VLAN hopping attacks? (Select the best answer.)


Options are :

  • Implement sticky MAC addresses.
  • Change the native VLAN on trunk ports to an unused VLAN.
  • Limit the number of MAC addresses permitted on a port.
  • Implement DAI

Answer : Change the native VLAN on trunk ports to an unused VLAN.

Which of the following MPF elements can be used to configure Application layer protocol inspection? (Select the best answer.)


Options are :

  • a policy map
  • a class map
  • a global policy
  • a service policy

Answer : a policy map

You issue the show zone security command on a Cisco router and receive the following command output: RouterA#show zone security zone self Description: System defined zone zone inside Member Interfaces: FastEthernet0/0 FastEthernet0/1 zone outside Member Interfaces: Serial0/0/0 zone dmz Member Interfaces: Serial0/0/1 Based on the command output, to which zones can the S0/1/0 interface send traffic? (Select the best answer.)


Options are :

  • S0/1/0 can send traffic to the inside zone, but only in response to traffic initiated from the inside zone.
  • S0/1/0 can send traffic to the dmz zone.
  • S0/1/0 can send traffic to the outside zone.
  • S0/1/0 cannot send traffic to any configured zones.

Answer : S0/1/0 cannot send traffic to any configured zones.

Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 3

Which of the following are Cisco IOS privilege levels that are not typically assigned by default? (Select 3 choices.)


Options are :

  • 1
  • 7
  • 10
  • 5
  • 15

Answer : 7 10 5

Which of the following is an outputspreading technique that spammers use to manipulate reputation scores and defeat filters? (Select the best answer.)


Options are :

  • waterfalling
  • phishing
  • listwashing
  • snowshoe spam

Answer : snowshoe spam

Which of the following commands will configure a static pointtopoint VTI tunnel to use 128bit encryption? (Select the best answer.)


Options are :

  • crypto ipsec transform-set set1 esp-3des esp-sha-hmac
  • crypto ipsec transform-set set1 esp-aes esp-sha-hmac
  • crypto ipsec transform-set set1 esp-des esp-sha-hmac
  • crypto ipsec transform-set set1 esp-seal esp-sha-hmac

Answer : crypto ipsec transform-set set1 esp-aes esp-sha-hmac

Cisco Data Center Architecture Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions