210-260 Implementing Cisco Network Security Practice Exam Set 7

210-260 Implementing Cisco Network Security Practice Exam Set 7

Which of the following examples best describes the SaaS service modelX (Select the best answer.)


Options are :

  • A company obtains a subscription to use a service providerís infrastructure, programming tools, and programming languages to develop and serve cloudbased applications.
  • A company moves all companywide policy documents to an Internetbased virtual file system hosted by a service provider.
  • A company hires a service provider to deliver cloudbased processing and storage that will house multiple virtual hosts configured in a variety of ways.
  • A company licenses an office suite, including email service, that is delivered to the end user through a web browser.

Answer : A company licenses an office suite, including email service, that is delivered to the end user through a web browser.

300-101 Implementing Cisco IP Routing (ROUTE) Practice Exam Set 1

Your supervisor asks you to configure a local CA to help secure digital communications. Which of the following best describes what your company is most likely implementingX (Select the best answer.)


Options are :

  • symmetric encryption
  • asymmetric encryption
  • a oneway hash algorithm
  • a PKI

Answer : a PKI

Which of the following vulnerabilities did the Blaster worm exploit on target hostsX (Select the best answer.)


Options are :

  • a buffer overflow vulnerability in the DCOM RPC service
  • a buffer overflow vulnerability in IIS software
  • a remote code execution vulnerability in the printer spooler service
  • a buffer overflow vulnerability in Microsoft SQL Server

Answer : a buffer overflow vulnerability in the DCOM RPC service

Which of the following facilitates the use of one authentication framework for connecting to both wired and wireless devices on a Cisco Unified Wireless NetworkX (Select the best answer.)


Options are :

  • SSC
  • CTA
  • CSA
  • ACS

Answer : SSC

300-101 Implementing Cisco IP Routing (ROUTE) Practice Exam Set 2

Which of the following actions is performed by dynamic NATX (Select the best answer.)


Options are :

  • mapping an inside local IP address to a specific global IP address
  • mapping an inside local IP address to a global IP address chosen from a pool
  • mapping an inside local IP address and port to a global IP address with a specific port
  • mapping an inside local IP address and port to a global IP address with a randomly selected port

Answer : mapping an inside local IP address to a global IP address chosen from a pool

Which of the following is most likely to cause the greatest amount of disruption on a routerX (Select the best answer.)


Options are :

  • a worm
  • spyware
  • a Trojan horse
  • a DDoS attack

Answer : a DDoS attack

Which of the following statements is true regarding network object NAT on an ASAX (Select the best answer.)


Options are :

  • Network object NAT is easier to configure than twice NAT.
  • A single NAT rule can apply to both a source and destination address.
  • A network object or group is a parameter of the NAT configuration.
  • Network object NAT is more scalable than twice NAT.

Answer : Network object NAT is easier to configure than twice NAT.

Cisco Data Center Architecture Set 5

Which of the following best describes an external cloudX (Select the best answer.)


Options are :

  • a portion of a private or trusted network that can be accessed by a business partner
  • websites available only to users inside a private network
  • decentralized computer resources that can be accessed over the Internet
  • a network zone between the Internet and a private or trusted network

Answer : decentralized computer resources that can be accessed over the Internet

Telnet sessions will be denied because a security level is manually assigned.


Options are :

  • a buffer overflow vulnerability in the DCOM RPC service
  • a remote code execution vulnerability in the processing of .lnk files
  • a buffer overflow vulnerability in IIS software
  • a remote code execution vulnerability in the printer spooler service

Answer : a remote code execution vulnerability in the processing of .lnk files a remote code execution vulnerability in the printer spooler service

You have issued the following commands to modify the 802.1X configuration on a switch port: switch(configif)#authentication event fail action next-method switch (configif)#authentication order mab dot1x switch(configif)#authentication priority dot1x mab switch configif)#authentication event noresponse action authorize vlan 1313 A new host is attached to the switch port. The hostís MAC address is not in the authentication database. In addition, the host does not support 802.1X. Which of the following statements is true regarding the host in this scenarioX (Select the best answer.)


Options are :

  • The host will be assigned to VLAN 1313.
  • MAB will learn the new hostís MAC address and authorize the host for network access, and the switch port will ignore the hostís 802.1X authentication attempts.
  • MAB will authorize the host for network accessX however, the host will lose network access when it attempts to authenticate with 802.1X.
  • The host will fail MAB authentication, and the switch will place the port into an unauthorized state.

Answer : The host will be assigned to VLAN 1313.

200-105 Interconnecting Cisco Networking Devices Part Exam Set 7

Which of the following security applications is least likely to be included in a vendorís desktop security suiteX (Select the best answer.)


Options are :

  • a proxy server
  • a personal firewall
  • a HIPS
  • antivirus software

Answer : a proxy server

Which of the following impact levels is used by FireSIGHT to indicate that either the source or target host is on a monitored network but has no corresponding entry in the network mapX (Select the best answer.)


Options are :

  • 1
  • 4
  • 3
  • 2

Answer : 4

You are troubleshooting IPSec VPN connectivity between two sites. From the local router, you are able to ping the remote tunnel endpoint. Which of the following steps should you perform nextX (Select the best answer.)


Options are :

  • Issue the traceroute command to trace the route to the tunnel endpoint.
  • Verify that the peers successfully authenticate one another.
  • Verify that the IKE policies match on both peers.
  • Reboot both devices.

Answer : Verify that the IKE policies match on both peers.

Cisco CCNP Route 300-101 Practice Tests Set 5

You issue the following commands on a Cisco ASA with no other configured interfaces: asa(config)#interface gigabitethernet 0/1 asa(configif)#speed 1000 asa(configif)#duplex full asa(configif)#nameif inside asa(configif)#ip address 10.1.1.1 255.255.255.0 asa(configif)#no shutdown asa(configif)#exit asa(config)#telnet 10.1.1.0 255.255.255.0 inside asa(config)#telnet timeout 30 Which of the following statements is true regarding the resulting configurationX (Select the best answer.)


Options are :

  • The ASA will assign the interface a security level of 0.
  • The ASA will assign the interface a security level of 100.
  • Telnet sessions will time out after 30 seconds of inactivity.
  • Telnet sessions will be denied until a security level is manually assigned.

Answer : The ASA will assign the interface a security level of 100.

Which of the following commands is not available to a user with a privilege level of 0X (Select the best answer.)


Options are :

  • login
  • exit
  • enable
  • disable

Answer : login

Which of the following fields make up the trailer of an ESP packetX (Select 3 choices.)


Options are :

  • Padding
  • Next Header
  • Sequence Number
  • Security Parameter Index
  • Pad Length

Answer : Padding Next Header Pad Length

200-105 Inter connecting Cisco Networking Devices Exam Set 2

Which of the following protocols can IPSec use to provide the confidentiality component of the CIA triadX (Select 2 choices.)


Options are :

  • MD5
  • AES
  • AH
  • DES

Answer : AES DES

Which of the following is a term used to describe a network of tools that are used to gather information about attack methods that are used by malicious usersX (Select the best answer.)


Options are :

  • honeypot
  • honeynet
  • botnet
  • sinkhole

Answer : honeynet

You issue the following commands on a Cisco ASA. No other interfaces have been configured. asa(config)#interface gigabitethernet 0/1 asa(configif)#speed 1000 asa (configif)#duplex full asa(configif)#securitylevel 0 asa(configif)#nameif inside asa(configif)#ip address 10.1.1.1 255.255.255.0 asa(configif)#no shutdownasa(configif)#exit asa(config)#telnet 10.1.1.0 255.255.255.0 inside asa(config)#telnet timeout 30 Which of the following statements is true regarding the resulting configurationX (Select the best answer.)


Options are :

  • The ASA will reassign the interface a security level of 100.
  • The ASA will deny SSH connections to the interface.
  • Telnet sessions will be denied because a security level is manually assigned.
  • Telnet sessions will time out after 30 seconds of inactivity

Answer : Telnet sessions will be denied because a security level is manually assigned.

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 2

What is the effect of the samesecuritytraffic permit intrainterface command on a Cisco ASAX (Select the best answer.)


Options are :

  • It allows traffic to exit the same interface through which it entered.
  • It allows communication between different interfaces that share the same security level
  • It allows traffic destined to unprotected subnets to bypass a VPN tunnel.
  • It allows outbound traffic and the corresponding return traffic to pass through different ASAs.

Answer : It allows traffic to exit the same interface through which it entered.

Which of the following statements are true regarding ACLsX (Select 3 choices.)


Options are :

  • If a packet is permitted by one entry, it cannot be denied by a more specific entry later in the ACL.
  • If a packet does not match any entries in the ACL, it is denied.
  • If a packet is denied by one entry, it cannot be permitted by a more specific entry later in the ACL.
  • An ACL cannot contain two conflicting entries that refer to the same source address.
  • If a packet does not match any entries in the ACL, it is permitted.

Answer : If a packet is permitted by one entry, it cannot be denied by a more specific entry later in the ACL. If a packet does not match any entries in the ACL, it is denied. If a packet is denied by one entry, it cannot be permitted by a more specific entry later in the ACL.

200-105 Inter connecting Cisco Networking Devices Exam Set 4

Which of the following are true of ARP traffic on a Cisco zonebased firewall in transparent modeX (Select 2 choices.)


Options are :

  • It is permitted only in the inbound direction.
  • It is denied by default.
  • It can be controlled by ARP inspection but not by access rules.
  • It is permitted in both inbound and outbound directions.

Answer : It can be controlled by ARP inspection but not by access rules. It is permitted in both inbound and outbound directions.

Which of the following can be installed on a host to analyze and prevent malicious traffic on that hostX (Select the best answer.)


Options are :

  • a HIPS
  • a HIDS
  • a NIDS
  • a NIPS

Answer : a HIPS

Which of the following is true regarding loop guardX (Select the best answer.)


Options are :

  • Loop guard places inconsistent ports into the blocking state.
  • Loop guard is used to disable ports that receive BPDUs.
  • Loop guard should be used in conjunction with root guard.
  • Loop guard should be used in conjunction with PortFast.

Answer : Loop guard places inconsistent ports into the blocking state.

400-101 CCIE Routing and Switching Written Practice Exam Set 4

In which layer of the campus network hierarchy are ACLs and interVLAN routing typically implementedX (Select the best answer.)


Options are :

  • distribution
  • access
  • core
  • transport

Answer : distribution

Which of the following is a Cisco AMP for Endpoints feature that can prevent specific programs from running on managed endpointsX (Select the best answer.)


Options are :

  • file trajectory
  • device trajectory
  • file reputation
  • outbreak control

Answer : outbreak control

Which of the following EAP methods requires digital certificates to be installed on the server but not on the clientX (Select the best answer.)


Options are :

  • EAPTLS
  • LEAP
  • EAPFAST
  • EAPPEAP

Answer : EAPPEAP

200-125 Cisco Certified Network Associate Practice Exam Set 4

Which of the following is an independent cryptographic processor that provides hardwarebased authentication services for PCsX (Select the best answer.)


Options are :

  • TPM
  • MTM
  • TNC
  • TMI

Answer : TPM

Which of the following private VLAN port types can communicate with promiscuous private VLAN ports but not with isolated private VLAN portsX (Select 2 choices.)


Options are :

  • community ports
  • isolated ports
  • SPAN ports
  • promiscuous ports

Answer : community ports isolated ports

The IPS on your company's network is blocking normal web traffic. Which of the following best describes what the IPS has identifiedX (Select the best answer.)


Options are :

  • a true negative
  • a false positive
  • a true positive
  • a false negative

Answer : a false positive

400-101 CCIE Routing and Switching Written Practice Exam Set 11

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions