Sec Test 3
Refer to the exhibit. Which two statements about a device with this configuration are true? (Choose two)
When a peer re-establishes a previous connection to the device. CTS retains all existing SGT mapping entries for 3 minutes
If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts
If a peer re-establishes a connection to the device before the hold-down tier expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes
It sets the internal hold-down timer of the device to 3 minutes
When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes
If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts
Which four task items need to be performed for an effective risk assessment and to evaluate network posture? (Choose four)
Scanning
Mitigation
Baselining
Profiling
Notification
Validation
Discovery
Escalation
Which two statements about Cisco AMP for Web Security are true? (Choose two)
It can detect and block malware and other anomalous traffic before it passes through the Web gateway.
It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity
It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats
It continues monitoring files after they pass the Web gateway
It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gateway
It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud-based threat intelligence network
Which two statements about a wireless access point configured with the guest-mode command are true? (Choose two)
If one device on a network is configured in guest mode, clients can use the guest mode SSID to connect to any device on the same network
It supports associations by clients that perform passive scans
It allows associated clients to transmit packets using its SSID
It can support more than one guest-mode SSID
It allows clients configured without SSID to associate
What are the major components of a Firepower health monitor alert?
A health monitor, one or more alert responses, and a remediation policy
One or more health modules, one more alert responses, and one or more alert actions
The severity level, one or more alert responses, and a remediation policy
One or more health modules, the severity level, and an alert response
One health module and one or more alert responses
Which statement about managing Cisco ISE Guest Services is true?
Only a Super Admin or System Admin can delete the default Sponsor portal
ISE administrators can view and set a guest’s password to a custom value in the sponsor portal
ISE administrators can access the Sponsor portal only if they have valid Sponsor accounts
By default, an ISE administrator can manage only the guest accounts he or she created in the Sponsor portal
Only ISE administrators from an external identity store can be members of a Sponsor group
ISE administrator can access the Sponsor portal only from the Guest Access menu
Which two statements about 6to4 tunneling are true?
It provides a /48 address block
The prefix address of the tunnel is determined by the IPv6 configuration to the interface
It supports static and BGPv4 routing
It supports managed NAT along the path of the tunnel
It provides a /128 address block
It supports mutihoming
Which connection mechanism does the eSTREAMER service use to communicate?
SSH
IPsec tunnels with 3DES encryption only
TCP over SSL only
EAP-TLS tunnels
TCP with optional SSL encryption
IPsec tunnels with 3DES or AES encryption
Which two statements about MPP (Management Plane protection) are true? (Choose two)
It is supported on both distributed and hardware-switched platforms
Only virtual interfaces associated with physical interfaces are supported
It is supported on both active and standby management interfaces
Only in-band management interfaces are supported
Only virtual interfaces associated with sub-interfaces are supported
Only out-of-band management interface are supported
Which two statements about EVPN are true? (Choose two)
EVPN routes can advertise VLAN membership and verify the reachability of Ethernet segments
EVPN route exchange enables PEs to discover one another and elect a DF
It is a next-generation Ethernet L3VPN solution that simplifies control-plane operations and enhances scalability
EVPN routes can advertise backbone MAC reachability
EVIs allows you to map traffic on one or more VLANs or ports to a Bridge Domain
It is a next-generation Ethernet L2VPN solution that supports load balancing at the individual flow level and provides advanced access redundancy
When applying MD5 route authentication on routers running RIP or EIGRP, which two important key chain considerations should be accounted for ? (Choose two)
Key 0 of all key chains must match for all routers in the autonomous system
No more than three keys should be configured in any single chain
Routers should be configured for NTP to synchronize their clocks
The Lifetimes of the keys in the chain should overlap
Link compression techniques should be disabled on links transporting any MD5 hash
Refer to the exhibit. What are two effects of the given configuration? (Choose two)
It enables botnet filtering in multiple context mode
It enables botnet filtering in single context mode
It enables the ASA to download the static botnet filter database
It enables multiple context mode
It enables single context mode
It enables the ASA to download the dynamic botnet filter database
Refer to the exhibit. What feature must be implemented on the network to produce the given output?
NBAR
CAR
WFQ
PQ
CQ
Which two commands would enable secure logging on a Cisco ASA to a syslog at 10.0.0.1? (Choose two)
Logging host inside 10.0.0.1 TCP/1470 secure
Logging host inside 10.0.0.1 UDP/447 secure
Logging host inside 10.0.0.1 UDP/500 secure
Logging host inside 10.0.0.1 UDP/514 secure
Logging host inside 10.0.0.1 TCP/1500 secure
In a Cisco ASA multiple-context mode of operation configuration. What three session types are resource-limited by default when their context is a member of the default class? (Choose three)
ASDM sessions
Telnet sessions
IPsec sessions
TCP sessions
SSH sessions
SSL VPN sessions
Which statement regarding the routing functions of the Cisco ASA is true running software version 9.2?
The ASA supports policy-based routing with route maps
In a failover pair of ASAs, the standby firewall establishes a peer relationship with OSPF neighbors
The translation table cannot override the routing table for new connections
Routes to the Null0 interface cannot be configured to black-hole traffic
Which direct of the crypto key encrypt write rsa command on a router is true ?
The device saves the unlocked encrypted key to the NVRAM
The device encrypts and locks the key before authenticating it with an external CA server
The device unlocks the encrypted key, but the key is lost when the router is reloaded
The device locks the encrypted key, but the key is lost when the router is reloaded
The device locks the encrypted key and saves is to the NVRAM
If an ASA device is configured as a remote access IPsec server with the RADIUS authentication and password management enabled which type of authentication will it use?
MS-CHAPv1
NTLM
PAP
RSA
MS-CHAPv2
Which statement about deployment policies with the Firepower Management Center is true?
The global domain can deploy changes to individuals subdomains
The leaf domain can deploy changes to all subdomains simultaneously
Deploy tasks can be scheduled to deploy polices automatically
All policies are deployed on-demand when the administrator triggers them
Polices are deployed automatically when the administrator saves them
{"name":"Sec Test 3", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What are the two different modes in which Private AMP cloud can be deployed? (Choose two), Which three commands can you use to configure VXLAN on a Cisco ASA firewall?(Choose three), Which Cisco ISE profiler service probe can collect information about Cisco Discovery Protocol?","img":"https://cdn.poll-maker.com/24-940394/screen-shot-2017-12-29-at-8-02-56-pm.png?sz=1200-00531000000887505300"}