Important Note
Please Read Carefully
Study Tips
This merchandise whim federal look after you questions and answers carefully compiled and written alongside our experts. Try to allow the concepts behind the questions a substitute alternatively of cramming the questions.
Go from head to foot the unimpaired authenticate at least twice so that you abscond persuaded that you are not missing anything.
Latest Version
We are constantly reviewing our products. Free updates are elbow inasmuch as 120 days after the toe-hold. New seeable is added and Noachian seeable is revised.
You should arrest your associate realm at PassGuide an update 3-4 days to aggregate b regain the scheduled exam ally.
Feedback
If you site a empathy rehabilitation then desire subcontract missing us grasp.
Feedback should be send to feedback@passguide.com. We continually interested in improving merchandise characteristic. You should rota the following:
Exam calculate, portrayal, verso calculate, query calculate, and your login ID.
Our experts whim rejoinder your letters with celerity.
Be Confident.
Be Prepared. Get Certified.
—————————————–
Sales and Support Manager
Sales Team: sales@passguide.com primarily diminishing primarily diminishing primarily Support Team: support@passguide.com
—————————————
Copyright
Each pdf neatness contains a unmatched serial calculate associated with your fixed considerate and with facts inasmuch as protection purposes.
1. So if we convince missing that a fixed pdf neatness is being distributed alongside you, CertBible reserves the rectify to drink admissible mien against you according to the International Copyright Laws. Which two statements at to hand hackneyed network attacks are staunch? (Choose two.)
Select 2 response(s).
A.
B. Access attacks can consist of watchword attacks, empower exploitation, haven redirection, and man-in-the-middle attacks.
Access attacks can consist of watchword attacks, ping sweeps, haven scans, and man-in-the-middle attacks.
C.
D.
Access attacks can consist of bomb sniffers, ping sweeps, haven scans, and man-in-the-middle attacks. Reconnaissance attacks can consist of watchword attacks, empower exploitation, haven redirection and Internet facts queries.
E.
F. Reconnaissance attacks can consist of bomb sniffers, haven scans, ping sweeps, and Internet facts queries.
Reconnaissance attacks can consist of ping sweeps, haven scans, man-in-middle attacks and Internet facts queries.
Answer: AE
2.
A. Which two statements at to hand on-going protocols are staunch? (Choose two.)
Select 2 response(s).
Syslog portrayal 2 or insusceptible to should be adapted to because it provides encryption of the syslog messages.
B.
C. NTP portrayal 3 or insusceptible to should be adapted to because these versions conservation a cryptographic authentication set-up between peers. SNMP portrayal 3 is recommended since it provides authentication and encryption services inasmuch as on-going packets.
D.
E. SSH, SSL and Telnet are recommended protocols to remotely make do infrastructure devices. TFTP authentication (username and password) is sent in an encrypted looks, and no additional encryption is required.
Answer: BC
3. Which two statements at to hand the AAA configuration are staunch? (Choose two.)
Select 2 response(s). Refer to the disclose.
A. A textile protection convention is to fix up the not bromide parameter configured as the irrefutable method adapted to to effect that no other authentication method whim be adapted to. If a TACACS+ server is not elbow, then a alcohol connecting via the comfort haven would not be trained to profit access since no other authentication method has been defined.
B.
C. If a TACACS+ server is not elbow, then the alcohol Bob could be trained to log hush-hush aware of rod operating MO herself as extended as the valued ease watchword is entered.
The aaa new-model district forces the router to override every other authentication method in days configured inasmuch as the router lines.
D.
E. To improve protection, institute radius should be adapted to a substitute alternatively of institute tacacs+. Two authentication options are prescribed alongside the displayed aaa authentication district.
F.
Answer: DF
4. What are the two boatswain’s pipe features of Cisco IOS Firewall? (Choose two.)
Select 2 response(s). TACACS+
B.
A. AAA
C. Cisco Secure Access Control Server
D. Authentication Proxy
Answer: DE
5. Intrusion Prevention System
E. What three features does Cisco Security Device Manager (SDM) considerate? (Choose three.)
Select 3 response(s).
A. single-step mitigation of Distributed Denial of Service (DDoS) attacks
C. stinging wizards and advanced configuration conservation inasmuch as NAC design features
B. one-step router lockdown
D.
security auditing aptitude based upon CERT recommendations
E. single-step deployment of distinguished and advanced design settings
Answer: ACF
6. multi-layered defense against public engineering
F.
What are three objectives that the no ip examine district achieves? (Choose three.)
Select 3 response(s).
A. removes all associated immovable ACLs
C. removes the unimpaired CBAC configuration
B.
turns mouldy the inescapable audit historic get in SDM
D. denies HTTP and Java applets to the favoured interface but permits this above to the DMZ
E. deletes all existing sessions
Answer: AEF
7. resets all extensive timeouts and thresholds to the defaults
F.
Which three features are benefits of using GRE tunnels in conjunction with IPsec inasmuch as framework site-to-site VPNs? (Choose three.)
Select 3 response(s).
A. supports multi-protocol (non-IP) above on the other side of the tunnel
C. allows electrifying routing on the other side of the tunnel
B.
reduces IPsec headers high up since excavate rod operating MO herself is used
D. simplifies the ACL adapted to in the crypto map
E. Which three IPsec VPN statements are staunch? (Choose three.)
Select 3 response(s). uses Virtual Tunnel Interface (VTI) to clarify the IPsec VPN configuration
Answer: ABD
8.
A. IKE keepalives are unidirectional and sent every ten seconds.
IKE uses the Diffie-Hellman algorithm to fabricate proportional keys to be adapted to alongside IPsec peers.
B.
C. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) formality inasmuch as exchanging keys. Main rod operating MO herself is the method adapted to inasmuch as the IKE approach gradually introduce two protection confederacy negotiations.
D.
E.
Quick rod operating MO herself is the method adapted to inasmuch as the IKE approach gradually introduce bromide protection confederacy negotiations. To back up IKE SA, boatswain’s pipe rod operating MO herself utilizes six packets while cheeky rod operating MO herself utilizes lonesome three packets.
F.
Answer: ABF
9. Which three statements are staunch at to hand Cisco IOS Firewall? (Choose three.)
Select 3 response(s). It can be configured to clog Java above.
A.
B. It can be configured to reason and debar SYN-flooding denial-of-service (DoS) network attacks. It can lonesome investigation network layer and bring layer facts.
C.
D.
It can lonesome investigation bring layer and germaneness layer facts. The inspection rules can be adapted to to fix timeout values inasmuch as specified protocols.
E.
F. The ip examine cbac-name district have to be configured in extensive configuration rod operating MO herself. Refer to the disclose.
Answer: ABE
10. On the basement of the fragility for configuration, which two statements are staunch? (Choose two.)
Select 2 response(s).
A.
B. A CBAC inspection govern is configured on router RTA. A named ACL called SDM_LOW is configured on router RTA.
C.
D.
A QoS design has been applied on interfaces Serial 0/0 and FastEthernet 0/1. Interface Fa0/0 should be the favoured interface and interface Fa0/1 should be the mien interface.
E.
F. On interface Fa0/0, the ip examine proclamation should be outlandish.
The interface commands ip examine SDM_LOW in budget CBAC to prefect multiple protocols.
Answer: AF
11.
A. Which two statements go across the functions and operations of IDS and IPS systems? (Choose two.)
Select 2 response(s). A network administrator entering a go downhill watchword would fabricate a true-negative apprehension.
B.
C. A mendacious firm apprehension is generated when an IDS/IPS signature is correctly identified. An IDS is significantly more advanced on the other side of IPS because of its faculty to debar network attacks.
D.
E. Cisco IDS works inline and stops attacks to aggregate b regain they log the network. Cisco IPS taps the network above and responds after an throe.
F.
Answer: BF
12. Profile-based intrusion detection is also known as anomaly detection. Refer to the disclose. What proclamation is staunch at to hand the interface S1/0 on router R1?
Select the most deft reply. Labeled packets can be sent on the other side of an interface.
A.
B. MPLS Layer 2 negotiations fix up occurred. IP earmark switching has been damaged on this interface.
C.
D. None of the MPLS protocols fix up been configured on the interface. Which two network throe statements are staunch? (Choose two.)
Select 2 response(s).
Answer: D
13. Using PassGuide online effective CCNP convention appliance, mild to grasp highly CCNP Training data and pass the Cisco CCNP certification exams.
A.
B.
Access attacks can consist of watchword attacks, empower exploitation, haven redirection, and man-in-the-middle attacks. Access attacks can consist of UDP and TCP SYN flooding, ICMP echo-request floods, and ICMP directed broadcasts.
C.
D. DoS attacks can be reduced from head to foot the profit of access aim configuration, encryption, and RFC 2827 filtering. DoS attacks can consist of IP spoofing and DDoS attacks.
E.
F. IP spoofing can be reduced from head to foot the profit of policy-based routing. IP spoofing exploits known vulnerabilities in authentication services, FTP services, and trap services to profit contestant to trap accounts, quiet databases, and other bad-humoured facts.
Answer: AD
14.
A. What are the four steps, in their appropriate neatness, to from a worm throe?
Select the most deft reply.
contain, inoculate, quarantine, and treat
B. inoculate, hold back, quarantine, and treat
C. preparation, empathy, traceback, and postmortem
E. quarantine, hold back, inoculate, and treat
D.
preparation, classification, answer, and treat
F. empathy, inoculation, postmortem, and reaction
Answer: A
15.
A. If an with one’s core in one’s idle talk Label Switch Router (LSR) is becomingly configured, which three combinations are empathy? (Choose three.)
Select 3 response(s). A received IP bomb is forwarded based on the IP stopping-place diatribe and the bomb is sent as an IP bomb.
B. A received labeled bomb is dropped because the earmark is not build in the LFIB put off. An IP stopping-place exists in the IP forwarding put off.
C. There is an MPLS label-switched MO toward the stopping-place.
D. A received IP bomb is dropped because the stopping-place is not build in the IP forwarding put off.
A received IP bomb is forwarded based on the IP stopping-place diatribe and the bomb is sent as a labeled bomb.
E.
F. A received labeled IP bomb is forwarded based upon both the earmark and the IP diatribe. A received labeled bomb is forwarded based on the earmark.
After the earmark is swapped, the newly labeled bomb is sent. Which three techniques should be adapted to to persuaded on-going protocols? (Choose three.)
Select 3 response(s).
Answer: ADF
16.
A. Configure SNMP with lonesome read-only community strings. Encrypt TFTP and syslog above in an IPSec excavate.
B.
C. Implement RFC 3704 filtering at the margin router when allowing syslog access from devices on the mien of a firewall. Synchronize the NTP Mr Big clock with an Internet atomic clock.
D.
E. Use SNMP portrayal 2. Use TFTP portrayal 3 or insusceptible to because these versions conservation a cryptographic authentication set-up between peers.
F.
Answer: ABC
17. Which proclamation describes Reverse Route Injection (RRI)?
Select the most deft reply.
A immovable direct that points so as to approach the Cisco Easy VPN server is created on the distant resigned.
A.
B. A immovable direct is created on the Cisco Easy VPN server inasmuch as the internal IP diatribe of each VPN resigned. A come up cut direct is injected into the direct put off of the distant resigned.
C.
D. A come up cut direct is injected into the direct put off of the Cisco Easy VPN server. What are two empathy actions an IOS IPS can drink if a bomb in a conference matches a signature? (Choose two.)
Select 2 response(s).
Answer: B
18.
A. reset the connection
B.
check the bomb against an ACL
D. saucy the packet
C. collapse the packet
Answer: AD
19. Refer to the disclose.
A. Which two statements at to hand the Network Time Protocol (NTP) are staunch? (Choose two.)
Select 2 response(s). Router RTA whim harmonize inasmuch as eastern replete deem savings every now.
B.
C. To ease authentication, the ntp show district is required on routers RTA and RTB.
To ease NTP, the ntp Mr Big district have to be configured on routers RTA and RTB.
D.
E. Only NTP every now requests are allowed from the MC with IP diatribe 10.1.1.1. The preferred every now roots located at 130.207.244.240 whim be adapted to inasmuch as synchronization regardless of the other every now sources.
Answer: AB
20.
A. What is a aim inasmuch as implementing MPLS in a network?
Select the most deft reply. MPLS eliminates the have prompting for of an IGP in the core.
B.
C. MPLS reduces the required calculate of BGP-enabled devices in the core. Reduces routing put off lookup since lonesome the MPLS core routers carry out routing put off lookups.
D.
Answer: B
21. MPLS eliminates the have prompting for inasmuch as fully meshed connections between BGP enabled devices.
Refer to the disclose. The show mpls interfaces cite chapter district has been adapted to to unveiling facts at to hand the interfaces on router R1 that fix up been configured inasmuch as earmark switching.
A. Which proclamation is staunch at to hand the MPLS with one’s core in one’s idle talk router R1?
Select the most deft reply. Packets can be labeled and forwarded missing interface Fa0/1 because of the MPLS operational reputation of the interface.
B.
C. Because LSP excavate labeling has not been enabled on interface Fa0/1, packets cannot be labeled and forwarded missing interface Fa0/1. Packets can be labeled and forwarded missing interface Fa1/1 because MPLS has been enabled on this interface.
D.
Answer: A
22.
Because the MTU cube footage is increased insusceptible to the cube footage limit, packets cannot be labeled and forwarded missing interface Fa1/1. Refer to the disclose. MPLS has been configured on all routers in the bailiwick.
A. In neatness inasmuch as R2 and R3 to saucy frames between them with earmark headers, what additional configuration whim be required on devices that are unavailable to the LAN split?
Select the most deft reply. Decrease the foremost MTU requirements on all router interfaces that are unavailable to the LAN split.
B.
C.
Increase the foremost MTU requirements on all router interfaces that are unavailable to the LAN split. No additional configuration is required. Interface MTU cube footage whim be automatically adjusted to bedroom from the larger cube footage frames. No additional configuration is required.
D.
Frames with larger MTU cube footage whim be automatically fragmented and forwarded on all LAN segments.
Answer: B
23.
A.
Which three statements at to hand IOS Firewall configurations are staunch? (Choose three.)
Select 3 response(s). The IP inspection govern can be applied in the inbound guidance on the secured interface.
B.
C. The IP inspection govern can be applied in the outbound guidance on the unsecured interface.
The ACL applied in the outbound guidance on the unsecured interface should be an extended ACL.
D.
E. The ACL applied in the inbound guidance on the unsecured interface should be an extended ACL. For provisional openings to be created dynamically alongside Cisco IOS Firewall, the access-list inasmuch as the returning above have to be a rod ACL.
F.
Answer: ABD
24.
For provisional openings to be created dynamically alongside Cisco IOS Firewall, the IP inspection govern have to be applied to the secured interface. What are three features of the Cisco IOS Firewall historic get fix? (Choose three.)
Select 3 response(s).
A. authentication proxy
C. network-based germaneness appreciation (NBAR)
B. stateful bomb filtering
D. AAA services
E.
IPS
Answer: BCF
25. surrogate server
F. Which proclamation describes the Authentication Proxy historic get?
Select the most deft reply.
A.
B. All above is permitted from the inbound to the outbound interface upon remunerative authentication of the alcohol. A fixed access bottom line is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on alcohol provided credentials.
C.
D. Prior to responding to a surrogate ARP, the router whim fire up the alcohol inasmuch as a login and watchword which are authenticated based on the configured AAA design. The surrogate server capabilities of the IOS Firewall are enabled upon remunerative authentication of the alcohol.
Answer: B
26.
A. Which two statements at to hand an IDS are staunch? (Choose two.)
Select 2 response(s). The IDS is in the above MO .
B.
C. The IDS can send TCP resets to the roots depend on. The IDS can send TCP resets to the stopping-place depend on.
D.
E. The IDS listens promiscuously to all above on the network. Default action is inasmuch as the IDS to the foremost away malicious above.
Answer: BD
27.
A.
Which proclamation at to hand an IPS is staunch?
Select the most deft reply. The IPS is in the above MO .
B.
C. Only bromide bones interface is required. Full curtail of an IPS whim not be realized unless deployed in conjunction with an IDS.
D.
Answer: A
28. When malicious above is detected, the IPS whim lonesome send an advise to a on-going install. Which three categories of signatures can a Cisco IPS microengine indicate? (Choose three.)
Select 3 response(s).
A.
strong signatures
C. DDoS signatures
B. intrigue signatures
D.
numeric signatures
E. coupling signatures
Answer: ACF
29. spoofing signatures
F.
During the Easy VPN Remote coupling get bright, which approach gradually introduce involves pushing the IP diatribe, Domain Name System (DNS), and split excavate attributes to the resigned?
Select the most deft reply.
A. the VPN resigned enterprise of an ISAKMP SA
C. rod operating MO herself configuration
B.
IPsec proficient rod operating MO herself close of the connection
D. VPN resigned admittance of the IKE approach gradually introduce 1 process
Answer: A
30.
A.
When configuring the Cisco VPN Client, what mien is required ex to installing Mutual Group Authentication?
Select the most deft reply. Transparent tunneling have to be enabled.
B.
C. A valid ferret certificate have to be installed. A institute pre-shared quiet have to be becomingly configured.
D. The opportunity to Allow Local LAN Access have to be selected.