IINS 210-260
0 What type of attack was the Stuxnet virus? A. cyber warfare B. hacktivism C. botnet D. social engineering
A
0 Which wildcard mask is associated with a subnet mask of /27? A. 0.0.0.31 B. 0.0.0.27 C. 0.0.0.224 D. 0.0.0.255
A
1 What command can you use to verify the binding table status? A. "show ip dhcp snooping binding" B. "show ip dhcp pool" C. "show ip dhcp source binding" D. "show ip dhcp snooping" E. "show ip dhcp snooping database" F. "show ip dhcp snooping statistics"
A
1 What type of algorithm uses the same key to encrypt and decrypt data? A. a symmetric algorithm B. an asymmetric algorithm C. a Public Key Infrastructure algorithm D. an IP security algorithm
A
2 If a packet matches more than one class map in an individual feature type's policy map, how does the ASA handle the packet? A. The ASA will apply the actions from only the first matching class map it finds for the feature type. B. The ASA will apply the actions from only the most specific matching class map it finds for the feature type. C. The ASA will apply the actions from all matching class maps it finds for the feature type. D. The ASA will apply the actions from only the last matching class map it finds for the feature type.
A
2 Refer to the exhibit ######################## R1#show snmp Chassis: FTX123456789 0 SNPM packets input 6 Bad SNMP version errors 3 Unknown community name 9 Illegal operation for community name supplied 4 Encoding errors 2 Number of requested variables 0 Number of altered variables 98 Get-request PDUs 12 Get-next PDUs2 Set-request PDUs 0 Input queue packet drops (Maximum queue size 1000) 0 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name erorrs 0 Bad value errors 0 General errors 31 Response PDUs 1 Trap PDUs ####################### How many times was a read-only string used to attempt a write operation? A. 9 B. 6 C. 4 D. 3 E. 2
A
2 Refer to the exhibit. ##################### Crypto map mymap 20 match address 201 Access-list 201 permit ip 10.10.10.0 255.255.255.0 10.100.100.0 255.255.255.0 #################### What is the effect of the given command sequence? A. It defines IPSec policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. B. It defines IPSec policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24. C. It defines IKE policy for traffic sourced from 10.10.10.0/24 with a destination of 10.100.100.0/24. D. It defines IKE policy for traffic sourced from 10.100.100.0/24 with a destination of 10.10.10.0/24.
A
2 When is the best time to perform an antivirus signature update? A. Every time a new update is available. B. When the local scanner has detected a new virus. C. When a new virus is discovered in the wild. D. When the system detects a browser hook.
A
3 When an IPS detects an attack, which action can the IPS take to prevent the attack from spreading? A. Deny the connection inline. B. Perform a Layer 6 reset. C. Deploy an antimalware system. D. Enable bypass mode.
A
3 For what reason would you configure multiple security contexts on the ASA firewall? A. To separate different departments and business units. B. To enable the use of VRFs on routers that are adjacently connected. C. To provide redundancy and high availability within the organization. D. To enable the use of multicast routing and QoS through the firewall.
A
3 Refer to the exhibit. #################### Dst src state conn-id slot 10.10.10.2 10.1.1.5 QM_IDLE 1 0 #################### While troubleshooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show? A. IPSec Phase 1 is established between 10.10.10.2 and 10.1.1.5. B. IPSec Phase 2 is established between 10.10.10.2 and 10.1.1.5. C. IPSec Phase 1 is down due to a QM_IDLE state. D. IPSec Phase 2 is down due to a QM_IDLE state.
A
3 Which statement about application blocking is true? A. It blocks access to specific programs. B. It blocks access to files with specific extensions. C. It blocks access to specific network addresses. D. It blocks access to specific network services.
A
4 How does the Cisco ASA use Active Directory to authorize VPN users? A. It queries the Active Directory server for a specific attribute for the specified user. B. It sends the username and password to retrieve an ACCEPT or REJECT message from the ActiveDirectory server. C. It downloads and stores the Active Directory database to query for future authorization requests. D. It redirects requests to the Active Directory server defined for the VPN group.
A
4 Refer to the exhibit. #################### Current_peer: 10.1.1.5 Permit, flags={origin_is_acl,} #pkts encaps: 1205, #pkts encrypt: 1025, #pkts digest 1205 #pkts decaps: 1168, #pkts decrypt: 1168, #pkts verify 1168 #pkts compressed: 0, #pkts decompressed: 0 #pkts not ocmpressed: 0, #pkts compr. Failed: 0, #pkts decompress failed: 0, #send errors 0, #recv errors 0 Local crypto endpt.: 10.1.1.1, report ctypto endpt.: 10.1.1.5 #################### While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the givenoutput show? A. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5. B. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1. C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5. D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets.
A
5 What is a reason for an organization to deploy a personal firewall? A. To protect endpoints such as desktops from malicious activity. B. To protect one virtual network segment from another. C. To determine whether a host meets minimum security posture requirements. D. To create a separate, non-persistent virtual environment that can be destroyed after a session. E. To protect the network from DoS and syn-flood attacks.
A
5 What is the purpose of the Integrity component of the CIA triad? A. to ensure that only authorized parties can modify data B. to determine whether data is relevant C. to create a process for accessing data D. to ensure that only authorized parties can view data
A
5 Which statement about Cisco ACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses TACACS to proxy other authentication servers. D. ACS can use only one authorization profile to allow or deny requests.
A
6 After reloading a router, you issue the dir command to verify the installation and observe that the image file appears to be missing. For what reason could the image file fail to appear in the dir output? A. The secure boot-image command is configured. B. The secure boot-config command is configured. C. The confreg 0x24 command is configured. D. The reload command was issued from ROMMON.
A
6 In a security context, which action can you take to address compliance? A. Implement rules to prevent a vulnerability. B. Correct or counteract a vulnerability. C. Reduce the severity of a vulnerability. D. Follow directions from the security appliance manufacturer to remediate a vulnerability.
A
6 Refer to the exhibit #################### Authentication event fail action next-method Authentication event no-response action authorize vlan 101 Authentication order mab dot1x web auth Authentication priority dot1x mab Authentication port-control auto Dot1x pas authenticator #################### If a supplicant supplies incorrect credentials for all authentication methods configured on the switch, how will the switch respond? A. The supplicant will fail to advance beyond the webauth method. B. The switch will cycle through the configured authentication methods indefinitely. C. The authentication attempt will time out and the switch will place the port into the unauthorized state. D. The authentication attempt will time out and the switch will place the port into VLAN 101.
A
6 Which FirePOWER preprocessor engine is used to prevent SYN attacks? A. Rate-Based Prevention B. Portscan Detection C. IP Defragmentation D. Inline Normalization
A
6 Which statement about personal firewalls is true? A. They can protect a system by denying probing requests. B. They are resilient against kernel attacks. C. They can protect email messages and private documents in a similar way to a VPN. D. They can protect the network against attacks.
A
7 Refer to the exhibit. ##################### UDP outside 209.165.201.225:53 inside 10.0.0.10:52464, idle 0:00:01, bytes 266, flags - ##################### What type of firewall would use the given configuration line? A. a stateful firewall B. a personal firewall C. a proxy firewall D. an application firewall E. a stateless firewall
A
7 Which type of secure connectivity does an extranet provide? A. other company networks to your company network B. remote branch offices to your company network C. your company network to the Internet D. new networks to your company network
A
8 What type of packet creates and performs network operations on a network device? A. control plane packets B. data plane packets C. management plane packets D. services plane packets
A
8 Which network device does NTP authenticate? A. Only the time source B. Only the client device C. The firewall and the client device D. The client device and the time source
A
8 Which tool can an attacker use to attempt a DDoS attack? A. botnet B. Trojan horse C. virus D. adware
A
9 How does a zone-based firewall implementation handle traffic between interfaces in the same zone? A. Traffic between two interfaces in the same zone is allowed by default. B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. C. Traffic between interfaces in the same zone is always blocked. D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair.
A
9 What VPN feature allows traffic to exit the security appliance through the same interface it entered? A. Hair-pinning B. NAT C. NAT traversal D. split tunneling
A
9 When a company puts a security policy in place, what is the effect on the company's business? A. Minimizing risk B. Minimizing total cost of ownership C. Minimizing liability D. Maximizing compliance
A
8 What is one requirement for locking a wired or wireless device from ISE? A. The ISE agent must be installed on the device. B. The device must be connected to the network when the lock command is executed. C. The user must approve the locking action. D. The organization must implement an acceptable use policy allowing device locking.
A Agents are applications that reside on client machines logging into the Cisco ISE network. Agents can be persistent (like the AnyConnect, Cisco NAC Agent for Windows and Mac OS X) and remain on the client machine after installation, even when the client is not logged into the network. Agents can also be temporal (like the Cisco NAC Web Agent), removing themselves from the client machine after the login session has terminated.
8 What is the only permitted operation for processing multicast traffic on zone-based firewalls? A. Only control plane policing can protect the control plane against multicast traffic. B. Stateful inspection of multicast traffic is supported only for the self-zone. C. Stateful inspection for multicast traffic is supported only between the self-zone and the internal zone. D. Stateful inspection of multicast traffic is supported only for the internal zone.
A CoPP has built in rate limiters that can be used when an ACL cannot classify particular scenarios, such as IP options cases, TTL and MTU failure cases, packets with errors, and multicast packets
7 Which sensor mode can deny attackers inline? A. IPS B. fail-close C. IDS D. fail-open
A Deny attacker inline: This action denies packets from the source IP address of the attacker for a configurable duration of time, after which the deny action can be dynamically removed. Available only if the sensor is configured as an IPS.
7 Which EAP method uses Protected Access Credentials? A. EAP-FAST B. EAP-TLS C. EAP-PEAP D. EAP-GTC
A Extensible Authentication Protocol (EAP) Protocol that provides a message format and framework that provides a way for the supplicant and the authenticator to negotiate an authentication method EAP-Transport Layer Security (EAP-TLS) Common EAP method that requires both a client and a server digital certificate Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP- MSCHAPv2) Common EAP method that does not require clients to be configured with digital certificates but does require servers to be configured with digital certificates Lightweight EAP (LEAP) Common EAP method that does not require either the server or the client to be configured with a digital certificate and is used with RADIUS EAP-Flexible Authentication via Secure Tunneling (FAST) Common EAP method that does not require either the server or the client to be configured with a digital certificate and is used with Protected Access Credentials (PACs)
0 What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection? A. split tunneling B. hairpinning C. tunnel mode D. transparent mode
A For example you have 1 physcial interface connected to the internet, but you also configured a VPN connection to a remote location which will use this Internet connection. Some traffic will go to the internet directly and some will go to your remote location through VPN tunnel. This is split tunneling.
1 Refer to the exhibit ##################### Crypto ikev1 policy 1 Encryption aes Hash md5 Authentication pre-share Group 2 Lifetime 14400 #################### What is the effect of the given command sequence? A. It configures IKE Phase 1. B. It configures a site-to-site VPN tunnel. C. It configures a crypto policy with a key size of 14400. D. It configures IPSec Phase 2. p
A HAGLE (Hashing-Authentication-Group-Lifetime-Encryption)
5 What is the FirePOWER impact flag used for? A. A value that indicates the potential severity of an attack. B. A value that the administrator assigns to each signature. C. A value that sets the priority of a signature. D. A value that measures the application awareness.
A Impact Flag: Choose the impact level assigned to the intrusion event .
2 If a switch receives a superior BPDU and goes directly into a blocked state, what mechanism must be in use? A. STP root guard B. EtherChannel guard C. loop guard D. STP BPDU guard
A In case of superior BPDU: STP root guard In case of any BPDU: STP BPDU guard
00 Which statement correctly describes the function of a private VLAN? A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains B. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains C. A private VLAN enables the creation of multiple VLANs using one broadcast domainD. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain
A Private VLAN divides a VLAN (Primary) into sub-VLANs (Secondary) while keeping existing IP subnet and layer 3 configuration. A regular VLAN is a single broadcast domain, while private VLAN partitions one broadcast domain into multiple smaller broadcast subdomains. Source: https://en.wikipedia.org/wiki/Private_VLAN
9 What type of security support is provided by the Open Web Application Security Project? A. Education about common Web site vulnerabilities. B. A Web site security framework. C. A security discussion forum for Web site developers. D. Scoring of common vulnerabilities and exposures.
A The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions . OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide.
3 Refer to the exhibit #################### R1>show clock detail .22:22:35:123 UTC Tue Feb 26 2013 Time source NTP #################### Which statement about the device time is true? A. The time is authoritative, but the NTP process has lost contact with its servers. B. The time is authoritative because the clock is in sync. C. The clock is out of sync. D. NTP is configured incorrectly. E. The time is not authoritative.
A The dot symbol before the time means that the connection is lost to the NTP server.
1 Which statement about communication over failover interfaces is true? A. All information that is sent over the failover and stateful failover interfaces is sent as clear text by default. B. All information that is sent over the failover interface is sent as clear text, but the stateful failover link is encrypted by default. C. All information that is sent over the failover and stateful failover interfaces is encrypted by default. D. User names, passwords, and preshared keys are encrypted by default when they are sent over the failover and stateful failover interfaces, but other information is sent as clear text.
A The two units in a failover pair constantly communicate over a failover link to determine the operating status of each unit. The following information is communicated over the failover link: The unit state (active or standby) Hello messages (keep-alives) Network link status MAC address exchange Configuration replication and synchronization All information sent over the failover and Stateful Failover links is sent in clear text unless you secure the communication with a failover key. https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_ov erview.pdf
4 What is an advantage of implementing a Trusted Platform Module for disk encryption? A. It provides hardware authentication. B. It allows the hard disk to be transferred to another device without requiring re-encryption.dis C. It supports a more complex encryption algorithm than other disk-encryption technologies. D. It can protect against single points of failure.
A Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
5 Refer to the exhibit. #################### Username HelpDesk privilege 9 password 0 helpdesk Username Monitor privilege 9 password 0 watcher Username Admin password checkme Username Admin privilege 6 autocommand show running Privilege exec level 6 configure terminal #################### The Admin user is unable to enter configuration mode on a device with the given configuration. What change can you make to the configuration to correct the problem? A. Remove the autocommand keyword and arguments from the Username Admin privilege line. B. Change the Privilege exec level value to 15. C. Remove the two Username Admin lines. D. Remove the Privilege exec line.
A autocommand: (Optional) Causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated
In which two situations should you use out-of-band management? (Choose two.) A. when a network device fails to forward packets B. when you require ROMMON access C. when management applications need concurrent access to the device D. when you require administrator access from multiple locations E. when the control plane fails to respond
AB
Which two authentication types does OSPF support? (Choose two.) A. Plain text B. MD5 C. HMAC D. AES 256 E. SHA-1 F. DES
AB
Which two features do CoPP and CPPr use to protect the control plane? (Choose two.) A. QoS B. traffic classification C. access lists D. policy maps E. class maps F. Cisco Express Forwarding
AB
0 Which two statements about stateless firewalls are true? (Choose two.) A. They compare the 5-tuple of each incoming packet against configurable rules. B. They cannot track connections. C. They are designed to work most efficiently with stateless protocols such as HTTP or HTTPS. D. Cisco IOS cannot implement them because the platform is stateful by nature. E. The Cisco ASA is implicitly stateless because it blocks all traffic by default.
AB 5-tuple: Source IP, Source Port, Destination IP, Destinatio Port, Protocol in use Stateless firewalls treats each network frame or packet individually, thus they cannot track connections.
Which two next-generation encryption algorithms does Cisco recommend? (Choose two.) A. AES B. 3DES C. DES D. MD5 E. DH-1024 F. SHA-384
AB https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
1 Which three statements about host-based IPS are true? (Choose three) A. It can view encrypted files. B. It can have more restrictive policies than network-based IPS. C. It can generate alerts based on behavior at the desktop level. D. It can be deployed at the perimeter. E. It uses signature-based policies. F. It works with deployed firewalls.
ABC
In which three ways does the TACACS protocol differ from RADIUS? (Choose three.) A. TACACS uses TCP to communicate with the NAS. B. TACACS can encrypt the entire packet that is sent to the NAS. C. TACACS supports per-command authorization. D. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted. E. TACACS uses UDP to communicate with the NAS. F. TACACS encrypts only the password field in an authentication packet.
ABC
2 Which actions can a promiscuous IPS take to mitigate an attack? (Choose three.) A. Reset the TCP connection B. Request connection blocking C. Deny packets D. Modify packets E. Request host blocking F. Deny frames
ABE
3 Which statements about smart tunnels on a Cisco firewall are true? (Choose two.) A. Smart tunnels can be used by clients that do not have administrator privileges B. Smart tunnels require the client to have the application installed locally C. Smart tunnels offer better performance than port forwarding D. Smart tunnels support all operating systems
AC Smart Tunnel is an advanced feature of Clientless SSL VPN that provides seamless and highly secure remote access for native client-server applications. Clientless SSL VPN with Smart Tunnel is the preferred solution for allowing access from noncorporate assets as it does not require the administrative rights. Port forwarding is the legacy technology for supporting TCP based applications over a Clientless SSL VPN connection. Unlike port forwarding, Smart Tunnel simplifies the user experience by not requiring the user connection of the local application to the local port.
According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.) A. BOOTP B. MAP C. DNS D. TFTP E. HTTP F. 802.1x
ACD BOOTP: Protocol used in IP networks to automatically assign an IP address to a network device (DHCP) from a configuration server and should be allowed through an ASA according to Cisco's BYOD Best Practices TFTP: Protocol which allows a client to get/put files from/to a remote host and should be allowed through an ASA according to Cisco's BYOD Best Practices DNS: Protocol which allows the association of friendly names with IP addresses and should be allowed through an ASA according to Cisco's BYOD Best Practices HTTP: Protocol which allows for distributed information via websites and should be denied through an ASA according to Cisco's BYOD Best Practices
0 What are purposes of the Internet Key Exchange in an IPsec VPN? (Choose two.) A. The Internet Key Exchange protocol establishes security associations B. The Internet Key Exchange protocol provides data confidentiality C. The Internet Key Exchange protocol provides replay detection D. The Internet Key Exchange protocol is responsible for mutual authentication
AD IPsec uses the Internet Key Exchange (IKE) protocol to negotiate and establish secured site-to-site or remote access virtual private network (VPN) tunnels. IKE is a framework provided by the Internet Security Association and Key Management Protocol (ISAKMP) and parts of two other key management protocols, namely Oakley and Secure Key Exchange Mechanism (SKEME). In IKE Phase 1 IPsec peers negotiate and authenticate each other. In Phase 2 they negotiate keying materials and algorithms for the encryption of the data being transferred over the IPsec tunnel. Source: Cisco Official Certification Guide, The Internet Key Exchange (IKE) Protocol, p.123
9 You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). A. Configure a proxy server to hide users' local IP addresses. B. Assign unique IP addresses to all users. C. Assign the same IP address to all users. D. Install a Web content filter to hide users' local IP addresses. E. Configure a firewall to use Port Address Translation.
AE
0 Which two statements about Telnet access to the ASA are true? (Choose two). A. You may VPN to the lowest security interface to telnet to an inside interface. B. You must configure an AAA server to enable Telnet. C. You can access all interfaces on an ASA using Telnet. D. You must use the command virtual telnet to enable Telnet. E. Best practice is to disable Telnet and use SSH.
AE Lower security level = less trusted example: 0 - outside 50 - dmz 100 - inside
0 You have implemented a Sourcefire IPS and configured it to block certain addresses utilizing Security Intelligence IP Address Reputation. A user calls and is not able to access a certain IP address. What action can you take to allow the user access to the IP address? A. Create a custom blacklist to allow traffic B. Create a whitelist and add the appropriate IP address to allow traffic C. Create a user-based access control rule to allow the traffic D. Create a network-based access control rule to allow the traffic E. Create a rule to bypass inspection to allow the traffic
B
4 If the native VLAN on a trunk is different on each end of the link, what is a potential consequence? A. The interface on both switches may shut down B. STP loops may occur C. The switch with the higher native VLAN may shut down D. The interface with the lower native VLAN may shut down
B
4 What is an advantage of placing an IPS on the inside of a network? A. It can provide higher throughput. B. It receives traffic that has already been filtered. C. It receives every inbound packet. D. It can provide greater security.
B
6 Which command is needed to enable SSH support on a Cisco Router? A. crypto key lock rsa B. crypto key generate rsa C. crypto key zeroize rsa D. crypto key unlock rsa
B
7 What is the effect of the send-lifetime local 23:59:00 31 December 2013 infinite command? A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely. B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely. C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013. D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59:00 local time on December 31, 2013. E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely. F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely.
B
9 An attacker installs a rogue switch that sends superior BPDUs on your network. What is a possible result of this activity? A. The switch could offer fake DHCP addresses. B. The switch could become the root bridge. C. The switch could be allowed to join the VTP domain. D. The switch could become a transparent bridge.
B
9 Which security zone is automatically defined by the system? A. The source zone B. The self zone C. The destination zone D. The inside zone
B
0 Which type of IPS can identify worms that are propagating in a network? A. Policy-based IPS B. Anomaly-based IPS C. Reputation-based IPS D. Signature-based IPS
B An example of anomaly-based IPS/IDS is creating a baseline of how many TCP sender requests are generated on average each minute that do not get a response. This is an example of a half-opened session. If a system creates a baseline of this (and for this discussion, let's pretend the baseline is an average of 30 half- opened sessions per minute), and then notices the half-opened sessions have increased to more than 100 per minute, and then acts based on that and generates an alert or begins to deny packets, this is an example of anomalybased IPS/IDS. The Cisco IPS/IDS appliances have this ability (called anomaly detection), and it is used to identify worms that may be propagating through the network
8 A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page. Which action should you take to begin troubleshooting? A. Ensure that the RDP plug-in is installed on the VPN gateway B. Ensure that the RDP2 plug-in is installed on the VPN gateway C. Reboot the VPN gateway D. Instruct the user to reconnect to the VPN gateway
B Note: This question has been verified by posters on securitytut who scored perfect scores on the exam. While it is fact that the newest version of the RDP plug-in is compatible with RDP2, this question specifically asks about Windows Vista. This is one of those "choose the best answer" scenarios. + RDP plug-in: This is the original plug-in created that contains both the Java and ActiveX Client. + RDP2 plugin: Due to changes within the RDP protocol, the Proper Java RDP Client was updated in order to support Microsoft Windows 2003 Terminal Servers and Windows Vista Terminal Servers.
02 Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path? A. Unidirectional Link Detection B. Unicast Reverse Path Forwarding C. TrustSec D. IP Source Guard
B Unicast Reverse Path Forwarding (uRPF) can mitigate spoofed IP packets. When this feature is enabled on an interface, as packets enter that interface the router spends an extra moment considering the source address of the packet. It then considers its own routing table, and if the routing table does not agree that the interface that just received this packet is also the best egress interface to use for forwarding to the source address of the packet, it then denies the packet. This is a good way to limit IP spoofing.
7 Which protocol provides security to Secure Copy? A. IPsec B. SSH C. HTTPS D. ESP
B. SSH
9 Which TACACS+ server-authentication protocols are supported on Cisco ASA firewalls? (Choose three.) A. EAP B. ASCII C. PAP D. PEAP E. MS-CHAPv1 F. MS-CHAPv2
BCE The ASA supports TACACS+ server authentication with the following protocols: ASCII, PAP, CHAP, and MS-CHAPv1. https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config /aaa_tacacs.pdf
7 Which of the following are features of IPsec transport mode? (Choose three.) A. IPsec transport mode is used between gateways B. IPsec transport mode is used between end stations C. IPsec transport mode supports multicast D. IPsec transport mode supports unicast E. IPsec transport mode encrypts only the payload F. IPsec transport mode encrypts the entire packet
BDE + IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server. + IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode encrypts only the data portion (payload) of each packet and leaves the packet header untouched. Transport mode is applicable to either gateway or host implementations, and provides protection for upper layer protocols as well as selected IP header fields.
4 What features can protect the data plane? (Choose three.) A. policing B.f ACLs C. IPS D. antispoofing E. QoS F. DHCP-snooping
BDF + Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs that deny traffic that is not allowed. + Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your network (from the outside) that claim to have a source IP address that is from your internal network. + Dynamic Host Configuration Protocol (DHCP) snooping to prevent a rogue DHCP server from handing out incorrect default gateway information and to protect a DHCP server from a starvation attack
7 Which tasks is the session management path responsible for? (Choose three.) A. Verifying IP checksums B. Performing route lookup C. Performing session lookup D. Allocating NAT translations E. Checking TCP sequence numbers F. Checking packets against the access list
BDF The ASA has to check the packet against access lists and perform other tasks to determine if the packet is allowed or denied. To perform this check, the first packet of the session goes through the " session management path," and depending on the type of traffic, it might also pass through the "control plane path." The session management path is responsible for the following tasks: + Performing the access list checks + Performing route lookups + Allocating NAT translations (xlates) + Establishing sessions in the "fast path
What are two default Cisco IOS privilege levels? (Choose two.) A. 0 B. 1 C. 5 D. 7 E. 10 F. 15
BF
01 What hash type does Cisco use to validate the integrity of downloaded images? A. Sha1 B. Sha2 C. MD5 D. Md1
C
1 Which address block is reserved for locally assigned unique local addresses? A. 2002::/16 B. 2001::/32 C. FD00::/8 D. FB00::/8
C
3 Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method? A. "aaa authentication enable console LOCAL SERVER_GROUP" B. "aaa authentication enable console SERVER_GROUP LOCAL" C. "aaa authentication enable console LOCAL" D. "aaa authentication enable console local"
C
4 If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attacker attempts a double-tagging attack? A. The trunk port would go into an error-disabled state. B. A VLAN hopping attack would be successful. C. A VLAN hopping attack would be prevented. D. The attacked VLAN will be pruned.
C
5 Which option describes information that must be considered when you apply an access list to a physical interface? A. Protocol used for filtering B. Direction of the access class C. Direction of the access group D. Direction of the access list
C
6 What is the transition order of STP states on a Layer 2 switch interface? A. listening, learning, blocking, forwarding, disabled B. listening, blocking, learning, forwarding, disabled C. blocking, listening, learning, forwarding, disabled D. forwarding, listening, learning, blocking, disabled
C
7 Which Sourcefire logging action should you choose to record the most detail about a connection? A. Enable alerts via SNMP to log events off-box. B. Enable logging at the beginning of the session. C. Enable logging at the end of the session. D. Enable eStreamer to log events off-box.
C
1 Which command verifies phase 1 of an IPsec VPN on a Cisco router? or Which command do you enter to verify the status and settings of an IKE Phase 1 tunnel? A. show crypto map B. show crypto ipsec sa C. show crypto isakmp sa D. show crypto engine connection active
C Remember: Commands using the term "isakmp" refer to IKE phase 1. Commands using "ipsec" refer to phase 2.
6 Which source port does IKE use when NAT has been detected between two VPN gateways? A. TCP 4500 B. TCP 500 C. UDP 4500 D. UDP 500
C The IKE protocol uses UDP packets, usually on port 500 NAT traversal: The encapsulation of IKE and ESP in UDP port 4500 enables these protocols to pass through adevice or firewall performing NAT Source: https://en.wikipedia.org/wiki/Internet_Key_Exchange
6 Which type of mirroring does SPAN technology perform? A. Remote mirroring over Layer 2 B. Remote mirroring over Layer 3 C. Local mirroring over Layer 2 D. Local mirroring over Layer 3
C You can analyze network traffic passing through ports or VLANs by using SPAN or RSPAN to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device. Local SPAN supports a SPAN session entirely within one switch; all source ports or source VLANs and destination ports are in the same switch or switch stack. Each local SPAN session or RSPAN destination session must have a destination port (also called a monitoring port) that receives a copy of traffic from the source ports or VLANs and sends the SPAN packets to the user, usually a network analyzer: + If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2.
8 Which options are filtering options used to display SDEE message types? (Choose two.) A. stop B. none C. error D. all
CD SDEE (Security Device Event Exchange) Messages + All -- SDEE error, status, and alert messages are shown. + Error -- Only SDEE error messages are shown. + Status -- Only SDEE status messages are shown. + Alerts -- Only SDEE alert messages are shown
5 Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.) A. Stop B. Stop-record C. Stop-only D. Start-stop
CD Start-stop: Sends a "start" accounting notice at the beginning of a process and a "stop" accounting notice at the end of a process. The "start" accounting record is sent in the background. The requested user process begins regardless of whether the "start" accounting notice was received by the accounting server. Stop-only: Sends a "stop" accounting notice at the end of the requested user process. https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfacct.html
1 A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URL and becoming infected with malware. A. Enable URL filtering on the perimeter firewall and add the URLs you want to allow to the router's local URL list B. Enable URL filtering on the perimeter router and add the URLs you want to allow to the firewall's local URL list C. Create a blacklist that contains the URL you want to block and activate the blacklist on the perimeterrouter D. Enable URL filtering on the perimeter router and add the URLs you want to block to the router's local URL list E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router
D
2 What is a possible reason for the error message? Router(config)#aaa server? %Unrecognized command A. The command syntax requires a space after the word "server" B. The command is invalid on the target device C. The router is already running the latest operating system D. The router is a new device on which the aaa new-model command must be applied before continuing
D
2 What is the purpose of a honeypot IPS? A. To create customized policies B. To detect unknown attacks C. To normalize streams D. To collect information about attacks
D
3 Which type of firewall can act on the behalf of the end device? A. Stateful packet B. Application C. Packet D. Proxy
D
5 By which kind of threat is the victim tricked into entering username and password information at a disguised website? A. Spoofing B. MalwareC. Spam D. Phishing
D
5 How many crypto map sets can you apply to a router interface? A. 3 B. 2 C. 4 D. 1
D
8 Which command causes a Layer 2 switch interface to operate as a Layer 3 interface? A. no switchport nonnegotiate B. switchport C. no switchport mode dynamic auto D. no switchport
D
9 Which Cisco product can help mitigate web-based attacks within a network? A. Adaptive Security Appliance B. Email Security Appliance C. Identity Security Appliance D. Web Security Appliance
D
4 Which syslog severity level is level number 7? A. Warning B. Informational C. Notification D. Debugging
D "Every Awesome Cisco Engineer Will Need Icecream Daily" 0 - Emergency 1 - Alert 2 - Critical 3 - Error 4 - Warning 5 - Notification 6 - Informational 7 - Debugging
4 Which Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts? A. FlexConfig B. Device Manager C. Report Manager D. Health and Performance Monitor
D Health and Performance Monitor (HPM) Monitors and displays key health, performance and VPN data for ASA and IPS devices in your network. This information includes critical and non-critical issues, such as memory usage, interface status, dropped packets, tunnel status, and so on. You also can categorize devices for normal or priority monitoring, and set different alert rules for the priority devices.
0 In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity? A. gratuitous ARP B. ARP poisoning C. IP spoofing D. MAC spoofing
D MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. Countermeasure: Port-security Source: https://en.wikipedia.org/wiki/MAC_spoofing
8 What can the SMTP preprocessor in FirePOWER normalize? A. It can forward the SMTP traffic to an email filter server. B. It can look up the email sender. C. It compares known threats to the email sender. D. It can extract and decode email attachments in client to server traffic. E. It uses the Traffic Anomaly Detector.
D The SMTP preprocessor instructs the rules engine to normalize SMTP commands. The preprocessor can also extract and decode email attachments in client-to-server traffic and, depending on the software version, extract email file names, addresses, and header data to provide context when displaying intrusion events triggered by SMTP traffic.
1 Which statements about reflexive access lists are true? (Choose three.) A. Reflexive access lists create a permanent ACE B. Reflexive access lists approximate session filtering using the established keyword C. Reflexive access lists can be attached to standard named IP ACLs D. Reflexive access lists support UDP sessions E. Reflexive access lists can be attached to extended named IP ACLs F. Reflexive access lists support TCP sessions
DEF
Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header
DEF
2 What actions can a promiscuous IPS take to mitigate an attack (Choose three.) A. deny attacker B. deny packet C. modify packet D. request block connection E. request block host F. reset TCP connection
DEF Read the quesiton carefully. Ther e might be an option where they ask what actions promiscuous IPS is not able to do? 2 modes of IPS: inline /active promiscous / passive