210-260 Implementing Cisco Network Security Practice Exam Set 4

210-260 Implementing Cisco Network Security Practice Exam Set 4

You have configured a BYOD implementation at a branch location, including an extended ACL named DEFAULTACL on the Layer 2 ports of each access switch. BYOD clients are able to obtain IP addresses, but connectivity to other network services seems to be sporadic or nonexistent, depending on the service. You issue the show ip accesslist command on the switch and receive the following partial output: Extended IP access list DEFAULTACL 10 permit icmp any any 20 permit udp any eq bootpc any eq bootpc 30 permit udp any any eq tftp 40 deny ip any any log According to Cisco BYOD best practices, which of the following should you perform on the ACL to fix the problemX (Select the best answer.)


Options are :

  • Remove rule 40.
  • Add a rule to permit DNS traffic before rule 40
  • Add a rule to deny ICMP traffic after rule 40.
  • Add a rule to deny TFTP traffic after rule 40.

Answer : Add a rule to permit DNS traffic before rule 40

Your company’s active ASA currently shares its stateful failover link with a regular data interface. Your supervisor asks you to configure a failover key on both the active ASA and the standby ASA.Which of the following is most likely the reasonX (Select the best answer.)


Options are :

  • so that the stateful failover link cannot use a regular data interface
  • so that the risk of exposure of VPN configuration information is mitigated
  • so that the active ASA can monitor the status of the standby ASA
  • so that both ASA devices forward traffic for a given group of security contexts

Answer : so that the risk of exposure of VPN configuration information is mitigated

You upload a file named isitbad.zip to AMP for analysis. While reviewing the AMP logs, you receive the following output: Wed Feb 17 12:41:05 2015 Info: File reputation query initiating. File Name = 'isitbad.zip', MID = 852, File Size = 174401 bytes, File Type = application/zipWed Feb 17 12:41:10 2015 Info: Response received for file reputation query from Cloud. File Name = 'isitbad.zip', MID = 852, Disposition = unscannable, Malware = None, Reputation Score = 0, sha256 = 78d80f8fb0e6eaa2988d11607ec6a00840147f8188f6db8b7d00d907440d7aaa, upload_action = 1 Which of the following is trueX (Select the best answer.)


Options are :

  • The file was uploaded to the cloud and determined to be clean.
  • The file was not uploaded to the cloud, and its disposition is unknown.
  • The file was uploaded to the cloud, but its disposition is unknown.
  • The file was uploaded to the cloud and was determined to be malware.

Answer : The file was not uploaded to the cloud, and its disposition is unknown.

200-105 Interconnecting Cisco Networking Devices Part Exam Set 2

Which of the following devices are least likely to deny a connection inline when an attack is detectedX (Select 2 choices.)


Options are :

  • an IPS
  • a Layer 2 switch
  • an IDS
  • a router

Answer : a Layer 2 switch an IDS

Which of the following enables the validation of both user and device credentials in a single EAP transactionX (Select the best answer.)


Options are :

  • PEAP
  • EAP-FAST
  • EAP-FAST with EAP chaining
  • EAP-MD5

Answer : EAP-FAST with EAP chaining

Which of the following threats has a dedicated FirePOWER preprocessor engineX (Select the best answer.)


Options are :

  • SYN flood
  • port sweep
  • Back Orifice
  • distributed port scan

Answer : Back Orifice

200-125 CCNA Cisco Certified Network Associate Test Set 1

A Cisco ASA queries an LDAP server for a VPN user OU attribute of bsnsw and receives multiple results. Which of the following is the ASA most likely to matchX (Select the best answer.)


Options are :

  • the most specific result in the list of results containing the attribute
  • the last result in the list of results containing the attribute
  • the first result in the list of results containing the attribute
  • the shortest result in the list of results beginning with the lowest alphanumeric character

Answer : the shortest result in the list of results beginning with the lowest alphanumeric character

Which of the following is not an attribute on which an ISE MDM policy can be basedX (Select the best answer.)


Options are :

  • the status of the Bluetooth interface
  • the jailbreak status of the operating system
  • the encryption status of the disk
  • the revision of the operating system

Answer : the status of the Bluetooth interface

Which of the following is specifically filtered by a URL filtering subscription service on a Cisco routerX (Select the best answer.)


Options are :

  • traffic that contains specific keywords
  • traffic that matches predefined categories
  • traffic that contains malicious software
  • traffic sent from specific domains

Answer : traffic that matches predefined categories

ICND1 100-105 Certification Practice Tests Set 1

Which of the following statements is true regarding OWASPX (Select the best answer.)


Options are :

  • It requires membership to download security tools such as ZAP.
  • It endorses products from HP and Symantec.
  • It releases security materials under FLOSS licenses.
  • It is exclusively a North American nonprofit organization.

Answer : It releases security materials under FLOSS licenses.

You manage your company’s Cisco devices by using Telnet. Your supervisor is concerned about eavesdropping over inband device management and has asked you to recommend a solution that would allow you to disable the Telnet servers on each device. Which of the following are you most likely to recommend as a replacementX (Select the best answer.)


Options are :

  • SSH
  • SCP
  • SNMPv3
  • SFTP

Answer : SSH

200-105 Interconnecting Cisco Networking Devices Part Exam Set 1

Which of the following describes the primary difference between PGP and S/MIMEX (Select the best answer.)


Options are :

  • S/MIME can use RSA for digital signatures, but PGP cannot.
  • PGP can use SHA1 for data integrity, but S/MIME cannot.
  • PGP can be used to encrypt disk drives, but S/MIME cannot.
  • S/MIME can be used to encrypt email messages, but PGP cannot

Answer : PGP can be used to encrypt disk drives, but S/MIME cannot.

Which of the following are asymmetric algorithmsX (Select 3 choices.)


Options are :

  • 3DES
  • DH
  • RSA
  • AES
  • ECC

Answer : DH RSA ECC

Which of the following is the default connection profile that is applied to clientless SSL VPN connectionsX (Select the best answer.)


Options are :

  • DefaultSSLVPNGroup
  • DefaultWEBVPNGroup
  • DefaultRAGroup
  • DefaultL2LGroup

Answer : DefaultWEBVPNGroup

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 4

Which of the following is not true of SIM systemsX (Select the best answer.)


Options are :

  • They consolidate logs to a central server.
  • They perform realtime threat detection.
  • They focus on policy and standards compliance.
  • They analyze log data and report findings.

Answer : They perform realtime threat detection.

Which of the following is true regarding the EAPFAST authentication processX (Select the best answer.)


Options are :

  • A digital certificate is required only on the client.
  • Digital certificates are required on both the client and the server.
  • Digital certificates are not required on the client or the server.
  • A digital certificate is required only on the server.

Answer : Digital certificates are not required on the client or the server.

On which of the following layers of the hierarchical network design model should you implement PortFast, BPDU guard, and root guardX (Select the best answer.)


Options are :

  • only on core and distribution layer ports
  • only on distribution layer ports
  • only on core layer ports
  • only on access layer ports

Answer : only on access layer ports

ICND1 100-105 Certification Practice Tests Set 4

Which of the following is least likely to be considered a form of malwareX (Select the best answer.)


Options are :

  • viruses
  • Trojan horses
  • bots
  • DDoS

Answer : DDoS

Which of the following can you mitigate by implementing DAIX (Select the best answer.)


Options are :

  • MAC flooding attacks
  • VLAN hopping attacks
  • ARP poisoning attacks
  • MAC spoofing attacks

Answer : ARP poisoning attacks

Which of the following statements is true about network traffic event logging in Cisco FireSIGHT Management CenterX (Select the best answer.)


Options are :

  • You can log only beginningofconnection events for encrypted connections handled by an SSL policy.
  • Performance is optimized by logging both beginningofconnection events and end ofconnection events.
  • You can log only endofconnection events for blocked traffic.
  • Beginningofconnection events contain less information than endofconnection events.

Answer : Beginningofconnection events contain less information than endofconnection events.

400-101 CCIE Routing and Switching Written Practice Exam Set 11

Which of the following signature microengines typically has the greatest effect on Cisco IOS IPS performanceX (Select the best answer.)


Options are :

  • atomic-ip
  • normalizer
  • service-http
  • string-tcp

Answer : string-tcp

Which of the following is the most likely reason for an organization to implement an extranetX (Select the best answer.)


Options are :

  • to provide internal users with a customized website
  • to provide customers with largescale computer services
  • to provide customers with access to the company’s internal network
  • to provide internal departments with independent security policies

Answer : to provide customers with access to the company’s internal network

Which of the following emailrelated FirePOWER preprocessors can extract and decode attachments in clienttoserver trafficX (Select the best answer.)


Options are :

  • the IMAP, POP3, and SMTP preprocessors
  • only the SMTP preprocessor
  • only the POP3 preprocessor
  • only the IMAP preprocessor

Answer : the IMAP, POP3, and SMTP preprocessors

Cisco Data Center Architecture Set 4

Which of the following is an IOS privilege level that provides the highest level of access on a Cisco routerX (Select the best answer.)


Options are :

  • 1
  • 15
  • 16
  • 0

Answer : 15

You have been asked to add a key to an existing keychain. You issue the following commands to enter key chain key configuration mode: RouterA(config)#key chain chain1 RouterA(configkeychain)#key 2 RouterA(configkeychainkey)#keystring key2 The new key should be valid for three hours, and the router should begin sending the key at 9 a.m. on January 13, 2015. Which of the following commands should you issue next to achieve your goalX (Select the best answer.)


Options are :

  • accep-tlifetime 09:00:00 Jan 13 2015 duration 3
  • accep-tlifetime 09:00:00 Jan 13 2015 duration 180
  • send-lifetime 09:00:00 Jan 13 2015 duration 180
  • send-lifetime 09:00:00 Jan 13 2015 duration 10800

Answer : send-lifetime 09:00:00 Jan 13 2015 duration 10800

Which of the following statements is true regarding LDAP attribute maps on an ASAX (Select the best answer.)


Options are :

  • There is a defined limit on the number of LDAP attribute maps you can configure.
  • There is a defined limit on the number of LDAP servers to which an LDAP attribute map can be applied.
  • There is a defined limit on the number of AD multivalued attributes matched by an LDAP attribute map
  • There is a defined limit on the number of attributes that can be mapped in each LDAP attribute map.

Answer : There is a defined limit on the number of AD multivalued attributes matched by an LDAP attribute map

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 4

Which of the following is a reason to use the roundrobin assignment feature of dynamic PAT addressesX (Select the best answer.)


Options are :

  • You want to send traffic to more than one remote device.
  • You want to map a single internal IP address to a single routable IP address.
  • You want to prevent the misinterpretation of traffic as a DoS attack.
  • You want to use a single mapped routable address.

Answer : You want to prevent the misinterpretation of traffic as a DoS attack.

You are configuring a connection profile for Cisco AnyConnect SSL VPN users. You have accessed the Add SSL VPN Connection Profile dialog box in ASDM. You want to configure a group URL for the connection profile. On which of the following screens of this dialog box will you be able to accomplish your goalX (Select the best answer.)


Options are :

  • the SSL VPN screen
  • the Basic screen
  • the Authorization screen
  • the General screen

Answer : the SSL VPN screen

Which of the following authentication methods is not used with OSPFv3X (Select the best answer.)


Options are :

  • SHA1
  • plaintext
  • MD5
  • IPv6 IPSec

Answer : plaintext

210-260 Implementing Cisco Network Security Practice Exam Set 8

Which of the following can be mitigated by installing a personal firewall on a laptopX (Select the best answer.)


Options are :

  • a sessionhijacking attack
  • a crosssite scripting attack
  • a SYN flood attack
  • a portscanning attack

Answer : a portscanning attack

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions