210-260 Implementing Cisco Network Security Practice Exam Set 8

210-260 Implementing Cisco Network Security Practice Exam Set 8

Which of the following statements is true regarding the SA lifetime specified in a matching IKE policyX (Select the best answer.)


Options are :

  • The value specified by the remote peer must be less than or equal to the value specified by the local peer.
  • The value specified by the remote peer must be greater than or equal to the value specified by the local peer.
  • The value specified by the remote peer must be equal to the value specified by the local peer.
  • The value specified by the remote peer must be less than the value specified by the local peer.

Answer : The value specified by the remote peer must be less than or equal to the value specified by the local peer.

You have configured a Cisco ESA URL filtering with a URL Category action that redirects the URLs of adult content sites and sites that have not been categorized to the Cisco Cloud Web Security proxy service. However, you receive a report that users are successfully accessing adult content sites from the company network. Which of the following could be the problemX (Select the best answer.)


Options are :

  • The connection to the Cisco Cloud Web Security proxy service timed out.
  • The adult content sites being visited are uncategorized.
  • You did not defang the URL so that it cannot be clicked.
  • You did not specify any text to replace the URL.

Answer : The connection to the Cisco Cloud Web Security proxy service timed out.

Which of the following is a QoS feature that can apply policies to individual controlplane subinterfacesX (Select the best answer.)


Options are :

  • CoPP
  • uRPF
  • CPPr
  • MPP

Answer : CPPr

210-260 Implementing Cisco Network Security Practice Exam Set 3

Which of the following lost or stolen device options are not available to employees when MDM is integrated with ISEX (Select 2 choices.)


Options are :

  • report device as lost or stolen
  • revoke the deviceís digital certificate
  • quarantine the device
  • initiate a PIN lock

Answer : revoke the deviceís digital certificate quarantine the device

Which of the following best describes how an IPS is similar to an IDSX (Select the best answer.)


Options are :

  • They can both use signatures to detect malicious traffic.
  • Neither sits in the path of network traffic.
  • They both prevent malicious traffic from infiltrating the network.
  • They both sit in the path of network traffic.

Answer : They can both use signatures to detect malicious traffic.

Which of the following statements about the test aaa group command is not trueX (Select the best answer.)


Options are :

  • It can be used to verify a AAA server configuration.
  • It can generate a "User rejected" message if the server is alive.
  • It does not work with a RADIUS server configuration
  • It associates a DNIS or CLID named user profile with a record sent to the server.

Answer : It does not work with a RADIUS server configuration

Which of the following would you most likely configure on a host to alert you about possible attacks without filtering trafficX (Select the best answer.)


Options are :

  • a HIDS
  • a honeypot
  • a botnet
  • a personal firewall

Answer : a HIDS

You upload a file named isitbad.docx to AMP for analysis. While reviewing the AMP logs, you receive the following output: Wed Feb 17 12:41:05 2015 Info: File reputation query initiating. File Name = 'isitbad.docx', MID = 856, File Size = 174401 bytes, File Type = application/msword Wed Feb 17 12:41:10 2015 Info: Response received for file reputation query from Cache. File Name = 'isitbad.docx', MID = 856, Disposition = file unknown, Malware = None, Reputation Score = 0, sha256 = 78d80f8fb0e6eaa2988d11607ec6a00840147f8188f6db8b7d00d907440d7aaa, upload_action = 1 Which of the following is trueX (Select the best answer.)


Options are :

  • The file was not uploaded to the cloud, and its disposition is unknown.
  • The file was uploaded to the cloud and determined to be clean.
  • The file was uploaded to the cloud, but its disposition is unknown.
  • The file was uploaded to the cloud and was determined to be malware.

Answer : The file was uploaded to the cloud, but its disposition is unknown.

200-105 Interconnecting Cisco Networking Devices Part Exam Set 2

You want to configure a WSA to permit access to a particular social media siteX however, you also want to deny access to some of the features on that site, such as uploading files and liking posts. Which of the following WSA features should you configure to achieve your goal (Select the best answer.)


Options are :

  • DLP
  • AMP
  • AVC
  • DCA

Answer : AVC

Which of the following attacks involves overwhelming a switch's CAM tableX (Select the best answer.)


Options are :

  • MAC spoofing
  • MAC flooding
  • ARP poisoning
  • ARP spoofing

Answer : MAC flooding

You are using ASDM to verify a VPN configuration made by another administrator on an ASA. Please click exhibit to examine the network configuration. A user accesses the VPN by typing https://203.0.113.1/default in a browser's location bar. Which of the following is trueX (Select the best answer.) Exhibit:


Options are :

  • The session will fail because Clientless SSL VPN is not enabled.
  • The group policy named DfltGrpPolicy will be applied.
  • The local database will be used to authenticate only if RADIUS fails
  • The user's DNS server will be boson.com.

Answer : The group policy named DfltGrpPolicy will be applied.

210-065 Implementing Cisco Video Network Devices Exam Set 6

Which of the following commands can be used to determine the SPI that a router will use to reach an active IPSec peerX (Select the best answer.)


Options are :

  • show crypto session
  • show crypto isakmp sa active
  • show crypto ipsec sa
  • show crypto ipsec securityassociation

Answer : show crypto ipsec sa

Which of the following forms of malware are typically standalone software that appear to be legitimate applicationsX (Select the best answer.)


Options are :

  • Trojan horses
  • worms
  • viruses
  • bots

Answer : Trojan horses

You are configuring a group policy for Cisco AnyConnect VPN connections. You have accessed the Add Internal Group Policy dialog box for the group policy. On what pane will you be able to configure a VLAN restrictionX (Select the best answer.)


Options are :

  • the Servers pane
  • the Customization pane
  • the General pane
  • the SSL VPN Client pane

Answer : the General pane

100-105 Net Cert Interconnecting Cisco Networking Exam Set 4

An inbound TCP SYN packet arrives at the ingress interface of a Cisco ASA 8.2 firewall. The packet is not part of an established session. The packet reaches the interfaceís internal buffer and the input counter is incremented. Which of the following actions will occur nextX (Select the best answer.)


Options are :

  • The packet is subjected to an inspection check.
  • The packet is forwarded to the outbound interface
  • The packet will be processed by interface ACLs.
  • The packet's IP header is translated by NAT/PAT.

Answer : The packet will be processed by interface ACLs.

You are analyzing recent intrusion events in FireSIGHT Defense Center and notice several events with blue icons. To which of the following vulnerability classifications do the blue icons correspondX (Select the best answer.)


Options are :

  • unknown target
  • not vulnerable
  • vulnerable
  • potentially vulnerable

Answer : unknown target

Which of the following can be used by Cisco IPS devices to report intrusion alertsX (Select 2 choices.)


Options are :

  • Syslog
  • SNMPv2
  • SNMPv1
  • SDEE

Answer : Syslog SDEE

ICND1 100-105 Certification Practice Tests Set 4

Which of the following statements is true regarding security contexts on a new Cisco ASA in multiple context modeX (Select the best answer.)


Options are :

  • You cannot delete the current admin context.
  • You can delete a security context only by editing the system configuration.
  • You can delete all security contexts with the no context command.
  • You can delete a single security context with the clear configure context command.

Answer : You can delete a security context only by editing the system configuration.

Implementing which of the following features provides a cloudbased subscription method of URL filtering that can be used with Cisco's ZFWX (Select the best answer.)


Options are :

  • Websense
  • Secure Computing SmartFilter
  • blacklists and whitelists
  • Trend Micro TRPS

Answer : Trend Micro TRPS

Which of the following is a VLAN hopping attack that uses DTP to negotiate a trunk linkX (Select the best answer.)


Options are :

  • DHCP spoofing
  • switch spoofing
  • MAC spoofing
  • ARP spoofing

Answer : switch spoofing

200-125 Cisco Certified Network Associate Practice Exam Set 5

Which of the following SNMP actions are used by an NMS to extract information from an SNMP agentX (Select 2 choices.)


Options are :

  • get
  • inform
  • getNext
  • set

Answer : get getNext

Which of the following statements is true regarding traditional stateful packetfiltering firewallsX (Select the best answer.)


Options are :

  • They can defend against DoS attacks.
  • They are more efficient than stateless packetfiltering firewalls.
  • They can operate at Layers 3, 4, 5, and 7 of the OSI model.
  • They prevent more types of attacks than Application layer firewalls do.

Answer : They can defend against DoS attacks.

Which of the following NAT types effectively exempts one or more addresses from translationX (Select the best answer.)


Options are :

  • identity NAT
  • dynamic PAT
  • dynamic NAT
  • static NAT

Answer : identity NAT

400-101 CCIE Routing and Switching Written Practice Exam Set 2

Which of the following is an open framework used to guide an organization in making software security decisions that are in alignment with the organizationís risk profileX (Select the best answer.)


Options are :

  • OWTF
  • ZAP
  • SAMM
  • WTE

Answer : SAMM

Which of the following statements are true regarding a ZFWX (Select 2 choices.)


Options are :

  • A zone can contain more than one interface.
  • An interface can reside in more than one zone.
  • Stateful packet inspection is supported for multicast traffic.
  • The firewall can operate in transparent mode

Answer : A zone can contain more than one interface. The firewall can operate in transparent mode

Which of the following tasks does CASE on an ESA not perform when detecting a possible threatX (Select the best answer.)


Options are :

  • checking the reputation of the email receiver
  • scanning the content of the email message
  • analyzing the email message's call to action
  • checking the reputation of the email sender

Answer : checking the reputation of the email receiver

Cisco CCNP Route 300-101 Practice Tests Set 3

Which of the following statements is true regarding the autocommand keyword when used with the username command on Cisco routersX (Select the best answer.)


Options are :

  • The specified command cannot exceed 255 characters.
  • The specified command cannot contain embedded spaces.
  • The autocommand keyword must be the username commandís last argument.
  • The user session is not terminated if the autocommand keyword fails to execute its specified command.

Answer : The autocommand keyword must be the username commandís last argument.

Which of the following commands should you issue when troubleshooting basic IKE peering to determine whether PSKs are present and matching on both peersX (Select the best answer.)


Options are :

  • traceroute
  • debug crypto isakmp
  • ping
  • show crypto isakmp policy

Answer : debug crypto isakmp

Which of the following most accurately describes transparent mode tunnelingX (Select the best answer.)


Options are :

  • It enables a VPN tunnel to determine which traffic flows should be encrypted.
  • It enables traffic to flow between interfaces that share the same security level.
  • It enables traffic to exit the same interface through which it entered.
  • It enables a VPN tunnel to form through a firewall or NAT device.

Answer : It enables a VPN tunnel to form through a firewall or NAT device.

200-125 Cisco Certified Network Associate (CCNA) Exam Set 1

Which of the following configuration parameters is not displayed on the Connection Profiles pane for clientless SSL VPN connections in ASDMX (Select the best answer.)


Options are :

  • the login page settings to use
  • the tunneling protocols to use
  • the interfaces to use
  • the authentication method to use

Answer : the tunneling protocols to use

Which of the following are transmitted by SDEEX (Select the best answer.)


Options are :

  • SDFs
  • TFTP data
  • IPS events
  • SNMP traps

Answer : IPS events

You have been asked to use ASDM to change the global application inspection settings on an ASA at the edge of your network. Which of the following panes in the firewall configuration navigation tree can you use to achieve this taskX (Select the best answer.)


Options are :

  • Service Policy Rules
  • Advanced
  • Access Rules
  • Filter Rules

Answer : Service Policy Rules

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 2

Which of the following statements is true regarding stateful firewallsX (Select the best answer.)


Options are :

  • They operate at the Application layer of the OSI model.
  • They can block traffic that contains specific web content.
  • Their primary purpose is to hide the source of a network connection.
  • They allow traffic into a network only if a corresponding request was sent from inside the network.

Answer : They allow traffic into a network only if a corresponding request was sent from inside the network.

On a Cisco ASA, which of the following authentication protocols is not supported by the TACACS+ serverX (Select the best answer.)


Options are :

  • ASCII
  • PAP
  • CHAP
  • MSCHAPv2

Answer : MSCHAPv2

What is the minimum DH modulus size recommended by Cisco to provide acceptable security when DH must be used instead of an NGE algorithmX (Select the best answer.)


Options are :

  • 1,024 bits
  • 768 bits
  • 3,072 bits
  • 2,048 bits

Answer : 2,048 bits

400-101 CCIE Routing and Switching Written Practice Exam Set 1

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions