210-260 Implementing Cisco Network Security Practice Exam Set 6

210-260 Implementing Cisco Network Security Practice Exam Set 6

For which of the following traffic types is stateful inspection not supported in a ZFW configurationX (Select the best answer.)


Options are :

  • DNS
  • IGMP
  • NetBIOS
  • ICMP

Answer : IGMP

Cisco CCNP Route 300-101 Practice Tests Set 4

You have configured antispoofing ACLs and DHCP snooping. Which of the following are you most likely securingX (Select the best answer.)


Options are :

  • the management plane
  • the data plane
  • the control plane
  • every network plane

Answer : the data plane

According to Cisco best practices, which of the following is true about the ideal application of an extended access listX (Select the best answer.)


Options are :

  • It should be applied in the outbound direction on the interface that is as close to the source as possible.
  • It should be applied in the outbound direction on the interface that is as close to the destination aspossible.
  • It should be applied in the inbound direction on the interface that is as close to the source as possible.
  • It should be applied in the inbound direction on the interface that is as close to the destination aspossible.

Answer : It should be applied in the inbound direction on the interface that is as close to the source as possible.

Upon which of the following languages is the Cisco FlexConfig scripting engine basedX (Select the best answer.)


Options are :

  • Java
  • Bourne Again Shell
  • JavaScript
  • ActionScript

Answer : Java

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 6

Which of the following commands should you issue to allow communication between different ASA interfaces that share the same security levelX (Select the best answer.)


Options are :

  • securitylevel 0
  • securitylevel 100
  • samesecuritytraffic permit intrainterface
  • samesecuritytraffic permit interinterface

Answer : samesecuritytraffic permit interinterface

Which of the following is not a method of mitigating false positives on a Sourcefire deviceX (Select the best answer.)


Options are :

  • suppressing event notifications
  • configuring a Block action
  • disabling unnecessary Snort rules
  • reporting false positives to Cisco Technical Support

Answer : configuring a Block action

Which of the following routing protocols does not support MD5 authentication for secure route updatesX (Select the best answer.)


Options are :

  • RIPv2
  • OSPF
  • BGP
  • RIPv1

Answer : RIPv1

210-260 Implementing Cisco Network Security Practice Exam Set 4

Which of the following statements are true regarding RADIUSX (Select 2 choices.)


Options are :

  • It uses TCP port 49.
  • It combines authorization and authentication functions.
  • It provides more flexible security options than TACACS+.
  • It encrypts only the password in AccessRequest packets.

Answer : It combines authorization and authentication functions. It encrypts only the password in AccessRequest packets.

Which of the following statements is true regarding private VLANsX (Select the best answer.)


Options are :

  • Only a single community VLAN can be associated with a primary VLAN.
  • Community VLANs can send traffic to isolated ports but cannot receive traffic from them.
  • Every port in a private VLAN is a member of the primary VLAN.
  • Isolated ports can communicate only with other isolated ports in the same isolated VLAN.

Answer : Every port in a private VLAN is a member of the primary VLAN.

Which of the following is accomplished as a result of issuing the groupurl command on an ASAX (Select the best answer.)


Options are :

  • A list of WebVPN servers will be applied to a user account.
  • A webtype ACL will be created for a tunnel group
  • A list of bookmarks will be created for clientless SSL VPN users.
  • A VPN access method will be created in which the connection profile is automatically selected for VPN users.

Answer : A VPN access method will be created in which the connection profile is automatically selected for VPN users.

200-125 Cisco Certified Network Associate Practice Exam Set 6

An outside host has established an SSH connection with an inside host. Both hosts have sent and received data over the SSH session. Which of the following lines of output from the show conn command best represents the state of the connection in this scenarioX (Select the best answer.)


Options are :

  • TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags aB
  • TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags A
  • TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags UIOB
  • TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags saA
  • TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags SaAB

Answer : TCP outside 192.0.2.51:22 inside 10.1.1.18:12113 idle 0:00:00, bytes 0, flags A

Which of the following statements is true regarding the sendlifetime commandX (Select the best answer.)


Options are :

  • You cannot specify a duration based on a specific start and end time.
  • The earliest start time value is January 1, 1970.
  • The duration must be specified in oneminute increments.
  • The default duration for sending keys is infinite.

Answer : The default duration for sending keys is infinite.

Which of the following can be installed on a host to ensure that only specified inbound and outbound connections are permittedX (Select the best answer.)


Options are :

  • a personal firewall
  • a HIPS
  • antivirus software
  • a proxy server

Answer : a personal firewall

Cisco CCNP Route 300-101 Practice Tests Set 4

Which of the following statements are true regarding the FirePOWER inline normalization preprocessor engineX (Select 2 choices.)


Options are :

  • Inline normalization can process IPv4 and ICMPv4 traffic but not IPv6 traffic
  • Inline normalization can process IPv4 and IPv6 traffic but not ICMPv4 traffic.
  • Inline normalization cannot detect TCP session hijacking attacks.
  • Inline normalization cannot detect TCP SYN flood attacks.

Answer : Inline normalization cannot detect TCP session hijacking attacks. Inline normalization cannot detect TCP SYN flood attacks.

Which of the following is displayed by the show ip dhcp snooping databasecommandX (Select the best answer.)


Options are :

  • the DHCP snooping configuration for a switch
  • detailed DHCP snooping statistics
  • dynamic entries in the binding table
  • the status of the binding table

Answer : the status of the binding table

What is the default modulus size that is used to create a selfsigned certificate for SSL authentication on a Cisco ASAX (Select the best answer.)


Options are :

  • 512 bits
  • 2,048 bits
  • 1,024 bits
  • 768 bits

Answer : 1,024 bits

300-115 Implementing Cisco IP Switched Network Practice Exam Set 3

One of your company’s headquarters routers is not forwarding packets to a branch location. The router is housed in a locked room onsite. A junior administrator has remotely connected to the router to troubleshoot the problem. You have been asked for assistance in interpreting some of the configuration output. Which of the following methods are you least likely to use to connect to the routerX (Select the best answer.)


Options are :

  • Telnet
  • SSH
  • a serial port
  • a console port

Answer : a serial port

Which of the following statements is true regarding a split ACS deploymentX (Select the best answer.)


Options are :

  • The AAA load is divided between the primary and secondary servers, which produces a lessthanoptimal AAA flow.
  • The split configuration has the drawback of making an administrator less aware of the functional status of each server.
  • Cisco recommends using a dedicated log collector instead of the primary or secondary server.
  • The primary and secondary servers can be used for different, specialized operations such as network admission and device administration.

Answer : The primary and secondary servers can be used for different, specialized operations such as network admission and device administration.

Which of the following statements are true regarding the DfltGrpPolicy group policyX (Select 3 choices.)


Options are :

  • It cannot be modified.
  • It is the default policy used with the DefaultRAGroup connection profile.
  • It should be deleted if custom group policies are created.
  • It can be applied to user profiles.
  • It is the default policy used with the DefaultWEBVPNGroup connection profile.

Answer : It is the default policy used with the DefaultRAGroup connection profile. It can be applied to user profiles. It is the default policy used with the DefaultWEBVPNGroup connection profile.

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 5

Under normal operating circumstances, which of the following planes sends the least amount of traffic to the route processor of a Cisco routerX (Select the best answer.)


Options are :

  • the data plane
  • the services plane
  • the management plane
  • the control plane

Answer : the data plane

The following partial command output is from the running configuration of an ASA that has been configured to authorize VPN users based on their group membership in AD: ldap attributemap ExampleMap mapname memberOf GroupPolicy mapvalue memberOf CN=Managers,CN=Users,OU=bsnsw,DC=boson,DC=com Group5 mapvalue memberOf CN=Marketing,CN=Users,OU=bsnsw,DC=boson,DC=com Group4 mapvalue memberOf CN=Employees,CN=Users,OU=bsnsw,DC=boson,DC=com Group3 mapvalue memberOf CN=Engineers,CN=Users,OU=bsnsw,DC=boson,DC=com Group2 mapvalue memberOf CN=Finance,CN=Users,OU=bsnsw,DC=boson,DC=com Group1 An LDAP authorization query for a VPN user returns the following values: memberOf: value = CN=Managers,CN=Users,OU=bsnsw,DC=boson,DC=com memberOf: value = CN=Marketing,CN=Users,OU=bsnsw,DC=boson,DC=com memberOf: value = CN=Employees,CN=Users,OU=bsnsw,DC=boson,DC=com memberOf: value = CN=Finance,CN=Users,OU=bsnsw,DC=boson,DC=com Which group policy will the ASA assign to the user in this scenarioX (Select the best answer.)


Options are :

  • Group4
  • Group1
  • Group3
  • Group2

Answer : Group1

Which of the following IPS detection types does not require regularly updated definition filesX (Select the best answer.)


Options are :

  • patternbased
  • signaturebased
  • profilebased
  • reputationbased

Answer : profilebased

Cisco 210-060 Implement Collaboration Device Practice Exam Set 3

Which of the following authentication methods were invented by CiscoX (Select 2 choices.)


Options are :

  • LEAP
  • EAPFAST
  • EAPTLS
  • PEAP

Answer : LEAP EAPFAST

Which of the following is a show ntp associations command output symbol that indicates that an IP address is an NTP master and the router is synchronized with the masterX (Select the best answer.)


Options are :

  • #
  • .
  • *
  • ~

Answer : *

Which of the following statements is true regarding the primary bootset when the Cisco IOS Resilient Configuration feature is enabledX (Select the best answer.)


Options are :

  • The system image can be secured on a TFTP server, but the configuration file must be secured on local storage.
  • The configuration file can be secured on a TFTP server, but the system image must be secured on local storage.
  • The configuration file and the system image must both be secured on remote storage.
  • The configuration file and the system image must both be secured on local storage.

Answer : The configuration file and the system image must both be secured on local storage.

100-105 Net Cert Interconnecting Cisco Networking Exam Set 3

Which of the following statements is not true regarding an IPS deviceX (Select the best answer.)


Options are :

  • Traffic leaves an IPS on a different interface than it entered.
  • Singlepacket attacks can be mitigated by an IPS.
  • An IPS requires that at least one interface be in promiscuous mode.
  • An IPS cannot route to destinations on different subnets.

Answer : An IPS requires that at least one interface be in promiscuous mode.

Which of the following descriptions most accurately describes split tunnelingX (Select the best answer.)


Options are :

  • It enables traffic to flow between interfaces that share the same security level.
  • It enables a VPN tunnel to form through a firewall or NAT device.
  • It enables a VPN tunnel to determine which traffic flows should be encrypted.
  • It enables traffic to exit the same interface through which it entered.

Answer : It enables a VPN tunnel to determine which traffic flows should be encrypted.

Which of the following can the FirePOWER IMAP preprocessor extract in clienttoserver trafficX (Select the best answer.)


Options are :

  • header data
  • addresses
  • attachments
  • file names

Answer : attachments

400-101 CCIE Routing and Switching Written Practice Exam Set 9

You are configuring auto NAT on a Cisco Firepower device. The network object contains rules of both static and dynamic types from internal subnets. You have configured the rules in the following order: 1. Dynamic NAT: 172.16.1.0/28 2. Static NAT: 192.168.51.8/29 3. Static NAT: 10.10.10.0/24 4. Dynamic NAT: 192.168.32.0/24 5. Static NAT: 10.10.11.1/32 The Firepower receives internal traffic from the 192.168.51.8/29 subnet. Which of the rules in this scenario will be processedX (Select 2 choices.)


Options are :

  • 2
  • 5
  • 3
  • 1
  • 4

Answer : 2 5

You have issued the logging enable command on an ASA with the default configuration. Which of the following statements is true regarding the syslog messages that will be generated on this ASA by defaultX (Select the best answer.)


Options are :

  • The ASA will generate syslog messages that include a time.
  • The ASA will not generate syslog messages with a severity of 0
  • The ASA will generate syslog messages that include a date.
  • The ASA will not generate syslog messages with a severity of 7.

Answer : The ASA will not generate syslog messages with a severity of 0

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions