Part 1 Exam
Which of the following are the valid first four characters of a globally routable IPv6 address? (Choose all that apply.) A. 3456 B. 2345 C. 4567 D. 1234
A. 3456 B. 2345
Which type of attack can you mitigate by authenticating a routing protocol? (Choose all that apply.) A. Denial-of-service attack B. Spoofing attack C. Man-in-the-middle attack D. Reconnaissance attack
A. Denial-of-service attack C. Man-in-the-middle attack D. Reconnaissance attack
Which of the following routing protocols have both an IPv4 and IPv6 version? (Choose all that apply.) A. Enhanced Interior Gateway Routing Protocol B. Interior Gateway Routing Protocol C. Open Shortest Path First D. Routing Information Protocol
A. Enhanced Interior Gateway Routing Protocol C. Open Shortest Path First D. Routing Information Protocol
Which of the following e-mail authentication mechanism are supported by the Cisco ESA? (Choose all that apply.) A. Sender ID Framework (SIDF) B. DomainKeys Identified Mail (DKIM) C. DomainKeys Mail Protection (DMP) D. Sender Policy Framework (SPF)
A. Sender ID Framework (SIDF) B. DomainKeys Identified Mail (DKIM D. Sender Policy Framework (SPF)
Consider the output shown here. Without any other username or HTTP or vty-related commands configured on the router, the administrator attempts to connect to this router using CCP. Pings to the router work correctly from the administrator's workstation, but the CCP will not connect. Why not? A. The web authentication method is not specified. B. The command ip http server needs to be configured. C. The username admin needs to be configured with a password. D. The router does not have a route back to the administrator's workstation.
A. The web authentication method is not specified.
You are trying to configure a method list, and your syntax is correct, but the command is not being accepted. Which of the following might cause this failure? A. All of the above. B. Incorrect privilege level C. Not allowed by the view D. Wrong mode E. AAA not enabled
A. All of the above.
Which of the following is true about anomaly-based IPS detection in legacy Cisco IPS? A. It is the primary method used on an IOS router, but not on the appliance. B. Anomaly-based detection is supported on the appliance-based IPS, but not on the IOS. C. It is the primary method used on the appliance, but not on an IOS router. D. It is the primary method used on both the appliance and an IOS router.
Anomaly-based detection is supported on the appliance-based IPS, but not on the IOS.
A company has hired you to determine whether attacks are happening against the server farm, and they do not want any additional delay added to the network. Which deployment method should be used? A. Appliance-based inline B. IOS software-based inline C. Appliance-based IPS D. IDS
IDS
Which one of the following is true about a transparent firewall? A. Implemented at Layer 4 and higher B. Implemented at Layer 1 C. Implemented at Layer 3 D. Implemented at Layer 2
Implemented at Layer 2
Which of the following Cisco ESA models are designed for mid-sized organizations? (Choose all that apply.) A. Cisco X1070 B. Cisco C680 C. Cisco C380 D. Cisco C670
C. Cisco C380 D. Cisco C670
Which of the following password methods features the strongest encryption? A. Enable password B. Service password-encryption C. Enable secret password D. Line password
C. Enable secret password
Which of the following configuration commands results in an encrypted password appearing in the configuration if your Cisco router is in its default configuration? A. enable password cisco123 B. username admin password cisco123 C. username admin secret cisco123 D. enable secret cisco123 E. password cisco123
C. username admin secret cisco123 D. enable secret cisco123
Which of the following is not a core element addressed by NFP (Network Foundation Protection)? A. Control plane B. Data plane C. Executive plane D. Management plane
C. Executive plane
What is one of the added configuration elements that the Advanced security setting has in the ZBF Wizard that is not included in the Low security setting? A. Generic TCP inspection B. NAT C. Filtering of peer-to-peer networking applications D. Generic UDP inspection
C. Filtering of peer-to-peer networking applications
How many zones can an interface be a member of at the same time in a Zoned-Based IOS Firewall? A. 2 B. 4 C. 3 D. 1
D. 1
Which two items normally have a one-to-one correlation? A. Number of routers B. Number of switches C. Classful IP networks D. VLANs E. IP subnetworks
D. VLANs E. IP subnetworks
Which of the following is not a true statement for DHCP snooping? A. DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages B. DHCP snooping information is stored in a binding database C. DHCP snooping rate-limits DHCP traffic from trusted and untrusted sources D. DHCP snooping is enabled by default on all VLANs
D. DHCP snooping is enabled by default on all VLANs
Which two configuration changes prevent users from jumping onto any VLAN they choose to join? A. Configuring the port connecting to the client as an access port B. Using something else other than VLAN 1 as the "native" VLAN C. Configuring the port connecting to the client as a trunk D. Disabling negotiation of trunk ports
D. Disabling negotiation of trunk ports A. Configuring the port connecting to the client as an access por
Which of the following is not a true statement regarding dynamic ARP inspection (DAI)? A. DAI helps to mitigate Man in the Middle attacks B. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings C. DAI is enabled on a per-interface basis D. DAI determines validity of ARP packets based on IP-to-MAC address bindings found in the DHCP snooping database
DAI is enabled on a per-interface basis
R1(config)#do show access-list Extended IP access list 101 10 permit tcp any host 1.2.3.4 eq www 20 permit tcp any host 1.2.3.4 eq 443 30 permit udp any any eq domain R1(config)# R1(config)#int g1/0 R1(config-if)#ip access-group 100 in R1(config-if)#ip access-group 100 out Consider the output shown here. Based on this output, which of the following is true? A. No traffic will be denied as a result of this access list being applied to g1/0. B. Routing will be disrupted because the ACL does not allow for inbound routing updates on g1/0. C. DNS traffic will be denied unless the DNS server is the host at 1.2.3.4. D. ICMP traffic will be denied because it is not specifically permitted in the applied ACL.
No traffic will be denied as a result of this access list being applied to g1/0.
When implemented, which of the following helps prevent CAM table overflows? A. Root Guard B. BPDU Guard C. 802.1w D. Port security
Port security
Which method requires participation in global correlation involving groups outside your own enterprise? A. Policy-based IPS B. Anomaly-based IPS C. Signature-based IPS D. Reputation-based IPS
Reputation-based IPS
Which of the following commands enables you to disable DTP behavior on one of your trunk links? A. switchport mode access B. switchport mode trunk C. no dtp D. no dtp enable E. switchport nonegotiate
switchport nonegotiate
Why should CDP be disabled on ports that face untrusted networks? A. CDP can be used as a DDoS vector B. CDP can used as a reconnaissance tool to determine information about the device C. Disabling CDP will prevent the device from participating in spanning tree with untrusted devices D. CDP can conflict with LLDP on ports facing untrusted networks
CDP can used as a reconnaissance tool to determine information about the device
If you add authentication to your routing protocol so that only trusted authorized routers share information, which plane in the NFP are you securing? A. Data plane B. Executive plane C. Control plane D. Management plane
Control plane
You have been asked to review the configuration of a Cisco Catalyst switch. You notice that a vulnerability exists in that hosts connected to the switch could perform CAM table overflow attacks against the switch. Which of the following, when implemented correctly, mitigates this risk? A. Port security B. Disabling DTP C. BPDU guard D. Root guard
. Port security
What is one method to protect against a rogue IPv6 router? A. Port security B. RA guard C. DHCPv6 D. Static ARP entries
. RA guard
What is the long-term impact of providing a promiscuous rule as a short-term test in an attempt to get a network application working? A. The rule cannot be changed later to more accurately filter based on the business requirement. B. Change control documentation may not be completed for this test. C. It should be a shadowed rule. D. The promiscuous rule may be left in place, leaving a security hole.
. The promiscuous rule may be left in place, leaving a security hole.
In legacy Cisco IPS, when does a signature consume memory? A. When it is retired and enabled B. When it is unretired and enabled C. When it is simply enabled D. When it is retired and disabled
. When it is unretired and enabled
Which of the following describes a rule on the firewall which will never be matched because of where the firewall is in the network? A. Redundant rule B. Orphaned rule C. Shadowed rule D. Promiscuous rule
B. Orphaned rule
What is the relationship between spoofing and a CAM table overflow attack? A. A CAM table overflow attack is impersonating another specific device, whereas spoofing is generating bogus source MAC addresses, but not intended to take the identity of another specific device on the network. B. Spoofing is impersonating another specific device, whereas the overflow attack is generating bogus source MAC addresses, but not intended to take the identity of another specific device on the network. C. Spoofing is used for denial-of-service attacks, while CAM table overflow is used for man-in-the-middle attacks. D. These are two terms with the same meaning.
B. Spoofing is impersonating another specific device, whereas the overflow attack is generating bogus source MAC addresses, but not intended to take the identity of another specific device on the network.
Which of the following is not a best practice to protect the management plane? (Choose all that apply.) A. SSH B. Telnet C. HTTP D. HTTPS
B. Telnet C. HTTP
What is the most popular option for logging system messages from Cisco routers and switches? A. Console B. Syslog server C. Vty D. External buffer
B. Syslog server
Which of the following elements, which are part of the Modular Policy Framework on the ASA, are used to classify traffic? A. Stateful filtering B. Policy maps C. Service policies D. Class maps
Class maps
What does application layer inspection provide? A. Application layer gateway functionality B. Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels C. Packet filtering at Layer 5 and higher D. Proxy server functionality
Enables a firewall to listen in on a client/server communication, looking for information regarding communication channels
