Sec Test 1
What are the two different modes in which Private AMP cloud can be deployed? (Choose two)
Cloud Mode
Internal Mode
Public Mode
External Mode
Proxy Mode
Air Gap Mode
Which three commands can you use to configure VXLAN on a Cisco ASA firewall?(Choose three)
Default-mcast-group
Set ip next-hop verify-availiability
Sysopt connection tcpmss
Segment-id
Inspect vxlan
Nve-only
Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?
SNMP Query
DHCP SPAN
DHCP
HTTP
RADIUS
NetFlow
Which type of attack uses a large number of spoofed MAC addresses to emulate wireless clients?
DoS against an access point
DoS against a client station
Chopchop attack
Airsnaf attack
Device-probing attack
Authentication-failure attack
Which two statements about NetFlow Secure Event logging on a Cisco ASA are true? (Choose two)
It is supported only in single context mode
It can log different event types on the same device to different collectors
It tracks configured collections over TCP
It can be used without collectors
It supports one event type per collector
It can export templates through NetFlow
Which option best describes RPL?
RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router
RPL stands Routing over Low-power Lossy networks that use distance vector DOGAG to determine the best route between leaves and the root border router
RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers
RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two border routers
Which WEP configuration can be exploited by a weak IV attack?
When the static WEP password has been given away
When the static WEP password has been stored without encryption
When a per-packet WEP key is in use
When a 40-bit key is in use
When the same WEP key is used to create every packet
When a 64-bit key is in use
Which OpenStack project has orchestration capabilities?
Heat
Cinder
Horizon
Sahara
Which three statements about Cisco AnyConnect SSL VPN with the ASA are true? (Choose three)
Real-time application performance improves if DTLS is implemented
DTLS can fall back to TLS without enabling dead peer detection
The ASA will verify the remote HTTPS certificate
By default, the ASA uses the Cisco AnyConnect Essentials license
By default, the VPN connection connects with DTLS
Cisco AnyConnect connections use IKEv2 by default when it is configured as the primary protocol on the client
Which two options are benefits of global ACLs? (Choose two)
They only operate on logical interfaces
They are more efficient because they are processed before interface access rules
They can be applied to multiple interfaces
They are flexible because they match source and destination IP addresses for packets that arrive on any interface
They save memory because they work without being replicated on each interface
Which three statements about 802.1x multiauthentication mode are true? (Choose three)
It can be deployed in conjunction with MDA functionality on voice VLANs
It requires each connected client to authenticate individually
Each multiauthentication port can support only one voice VLAN
It is recommended for auth-fail VLANs
On non-802.1x devices, It can support only one authentication method on a single port
It is recommended for guest VLANs
You are considering using RSPAN to capture traffic between several switches. Which two configuration aspects do you need to consider? (Choose two)
Not all switches need to support RSPAN for it to work
The RSPAN VLAN need to be blocked on all trunk interfaces leading to the destination RSPAN switch
All switches need to be running the same IOS version
All distribution switches need to support RSPAN
The RSPAN VLAN need to be allow on all trunk interfaces leading to the destination RSPAN switch
Which three messages are part of the SSL protocol? (Choose Three)
Change CipherSpec
Alert
Record
Message Authenication
CipherSpec
Handshake
Which command is used to enable 802.1x authentication on an interface?
Authentication port-control auto
Aaa authorization auth-proxy default
Aaa authorization network default group tacacs+
Authentication control-direction both
Authentication open
Which two design options are best to reduce security concerns when adopting IoT into an organization? (Choose two)
Encrypt data at rest on all devices in the IoT network
Implement video analytics on IP cameras
Encrypt sensor data in transit
Segment the Field Area Network form the Data Centre network
Ensure that applications can gather and analyze data at the edge
Which encryption type is used by ESA for implementing the Email Encryption?
SSL Encryption
TLS
Identity Based Encryption (IBE)
PKI
S/MIME Encryption
Which two statement about the MACsec security protocol are true? (Choose two)
MACsec is not supported in MDA mode
Stations broacast an MKA heartbeat that contains the key server priority
When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM
MKA heartbeats are sent at a default intercal of 3 seconds
The SAK is secured by 128-bit AES-GCM by default
Which type of header attack is detected by Cisco ASA threat detection?
Failed application inspection
Connection limit exceeded
Bad packet format
Denial by access list
Which two statements about SCEP are true? (Choose two)
The GetCACaps response message supports DES encryption and the SHA-128 hashing algorithm
CA servers must support GetCACaps response messages in order to implement extended functionality
The GetCert exchanges is signed and encrypted only in the response direction
It is vulnerable to downgrade attacks on its cryptographic capabilities
The GetCRL exchange is signed and encrypted only in the response direction
Which effect of the ipnhrp map multicast dynamic command is true?
It configures a hub router to reflect the routes it learns from a spoke back to other spokes through the same interface
It enables a GRE tunnel to dynamically update the routing tables on the devices at each end of the tunnel
It configures a hub router to automatically add spoke routers to the multicast replication list of the hub
It enables a GRE tunnel to operate without the IPsec peer or crypto ACLs
Which effect of the crypto pki authenticate command is true?
It sets the certificate enrollment method
It retrieves and authenticates a CA certificate
It displays the current CA certificate
It configures a CA trustpoint
How does Scavenger-class QoS mitigate DoS and worm attacks?
It matches traffic from individual hosts against the specific network characteristics of known attack types
It sets a specific intrusion detection mechanism and applies the appropriate ACL when matching traffic is detected
It monitors normal traffic flow and drops burst traffic above the normal rate for a single host
It monitors normal traffic flow and aggressively drops sustained abnormally high traffic streams from multiple hosts
Which three statements about SXP are true? (Choose three)
To enable an access device to use IP device tracking to learn source device IP addresses, DHCP snooping must be configured
Each VRF supports only one CTS-SXP connection
It resides in the control plane, where connections can be initiated from a listener
Separate VRFs require different CTS-SXP peers, but they can use the same source IP addresses
The SGA ZBPF uses the SGT to apply forwarding decisions
Packets can be tagged with SGTs only with hardware support
Which two options are benefits of the cisco ASA Identify Firewall? (Choose two)
It can identify threats quickly based on their URLs
It can operate completely independently of other services
It supports an AD server module to verify identity data
It decouples security policies from the network topology
It can apply security policies on an individual user or user-group basis
Which two statements about the TTL value in an IPv4 header are true? (Choose two)
It is a 4-bit value
Its maximum value is 128
It is a 16-bit value
It can be used for traceroute operations
When it reaches 0, the router sends an ICMP Type 11 messages to the originator
Which of the following is AMP Endpoints for windows?
ClamAV
ClamAMP
TETRA
TETRAAMP
Which two characteristics of DTLS are true? (Choose two)
It includes a retransmission method because it uses an unreliable datagram transport
It cannot be used if NAT exists along the path
It completes key authentication and bulk data transfer over a single channel
It includes a congestion control mechanism
It supports long data transfers and connections data transfers
It is used mostly by applications that use application layer object-security protocols
A new computer is not getting its IPv6 address assigned by the router. While running WireShark to try to troubleshoot the problem, you find a lot of data that is not helpful to nail down the problem. What two filters would you apply to WireShark to filter the data that you are looking for? (Choose Two)
Icmpv6.type== 136
Icmpv6.type== 135
Icmp5.type== 135
Icmpv6type== 136
Icmp6type== 135
Which two options are benefits of network summarization? (Choose two)
It can summarize discontiguous IP addresses
It can easily be added to existing networks
It prevents unnecessary routing updates at the summarization boundary if one of the routes in the summary is unstable
It reduces the number of routes
It can increase the convergence of the network
Which statement about VRF-aware GDOI group members is true?
IPsec is used only to secure data traffic
Registration traffic and rekey traffic must operate on different VRFs
Multiple VRFs are used to separate control traffic and data traffic
The GM cannot route control traffic through the same VRF as Data traffic
Which file extensions are supported on the Firesight Management Center 6.1 file policies that can be analyzed dynamically using the Threat Grid Sandbox integration?
MSEXE, MSOLE2, NEW-OFFICE, PDF
DOCX, WAV, XLS, TXT
DOC, MSOLE2, WAV, PDF
TXT, MSOLE2, WAV, PDF
In which type of multicast does the Cisco ASA forward IGMP messages to the upstream router?
Multicast group concept
PIM multicast routing
Stub multicast routing
Clustering
Which option is a data modeling language used to model configuration and state data of network elements?
NETCONF
B. RESTCONF
YANG
SNMPv4
Which three ESMTP extensions are supported by the Cisco ASA? (Choose three)
8BITMIME
STARTTLS
NOOP
PIPELINING
SAML
ATRN
In OpenStack, which two statements about the NOVA component are true? (Choose two)
It is considered the cloud computing fabric controller
It provides the authentication and authorization services
It tracks cloud usage statistics for billing purposes
It launches virtual machine instances
It provides persistent block storage to running instances of virtual machines
Which three types of addresses can the Botnet Filter feature of the Cisco ASA monitor? (Choose three)
Known allowed addresses
Dynamic addresses
Internal addresses
Ambiguous addresses
Known malware addresses
Listed addresses
Which three authorization technologies does Cisco TrustSec support? (Choose three)
SGT
SGACL
MAB
802.1x
DACL
VLAN
Which two statements about 802.1x components are true? (Choose two)
The certificates that are used in the client-server authentication process are stored on the access switch
The access layer switch is the policy enforcement point
The RADIUS server is the policy enforcement point
The RADIUS server is the policy information point
An LDAP server can serve as the policy enforcement point
Which statements about the Cisco AnyConnect VPN Client are true? (Choose two)
It enables users to manage their own profiles
By default, DTLS connections can fall back to TLS
It can be configured to download automatically without prompting the user
To improve security, keepalives are disabled by default
It can use an SSL tunnel and a DTLS tunnel simultaneously
Which three transports have been defined for SNMPv3? (Choose three)
IPsec secured tunnel
SSL
TLS
SSH
GET
DTLS
Which two statements about SPAN sessions are true? (Choose two)
A single switch stack can support up to 32 source and RSPAN destination sessions
They can monitor sent and received packets in the same session
Multiple SPAN sessions can use the same destination port
Source ports and source VLANS can be mixed in the same session
They can be configured on ports in the disabled state before enabling the port
Local SPAN and RSPAN can be mixed in the same session
Which three ISAKMP SA Message States can be output from the device that initiated an IPsec tunnel? (Choose three)
MM_WAIT_MSG3
MM_WAIT_MSG2
MM_WAIT_MSG1
MM_WAIT_MSG4
MM_WAIT_MSG6
MM_WAIT_MSG5
Which three EAP protocols are supported in WPA and WPA2? (Choose three)
EAP-FAST
EAP-AKA
EAP-EKE
EAP-EEE
EAP-SIM
EAP-PSK
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
Authenticated-User-Idle-Timeout
Web-VPN-ACL-Filters
L2TP-Encryption
IPsec-Default-Domain
Authorized-Type
IPsec-Client-Firewall-Filter-Name
P for Endpoints is supported on which of these platforms?
Windows, ANDROID, Linux (REDHAT, CentOS), MAC
Windows, MAC, ANDROID
Windows, MAC, LINUX (SuSE, UBUNTU), ANDROID
Windows, ANDROID, LINUX ( SuSE, REDHAT)
Which two statements about MAB are true? (Choose two)
MAC addresses stored in the MAB database can be spoofed
It operates at Layer 2 and Layer 3 of the OSI protocol stack
It can be used to authenticate network devices and users
It serves at the primary authentication mechanism when deployed in conjunction with 802.1x
It requires the administrator to create and maintain an accurate database of MAC addresses
It is a strong authentication method
Which three statements about WCCP are true? (Choose three)
The minimum WCCP-Fast Timers messages interval is 500 ms
If a specific capability is missing from the capabilities Info Component, the router is assumed to support the default capability
If the packet return method is missing form a packet return method advertisement, the web cache uses the Layer 2 rewrite method
The router must receive a valid receive ID before it negotiates capabilities
The assignment method supports GRE encapsulation for sending traffic
The web cache transmits its capabilities as soon as it receives a receive ID form a router
Which two options are important considerations when you use wsa to obtain the full picture of network traffic? (Choose two)
It monitors only routed traffic
It is unable to monitor over time
It monitors only ingress traffic on the interface on which it is deployed
It monitors all traffic on the interface on which it is deployed
It monitors only TCP connections
{"name":"Sec Test 1", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What are the two different modes in which Private AMP cloud can be deployed? (Choose two), Which three commands can you use to configure VXLAN on a Cisco ASA firewall?(Choose three), Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?","img":"https://cdn.poll-maker.com/24-940394/screen-shot-2017-12-29-at-8-02-56-pm.png?sz=1200-00531000000887505300"}