Q1. Refer to the Exhibit. which service or feature must be enabled on 209.165.200.255 produce the given output?
A. The finger service
B. A BOOTp server
C. A TCP small server
D. The PAD service
Answer: C
Q2. Which of the following statement is true about the ARP attack?
A. Attackers sends the ARP request with the MAC address and IP address of a legitimate resource in the network.
B. Attackers sends the ARP request with the MAC address and IP address of its own.
C. ARP spoofing does not facilitate man-in-the middle attack of the attackers.
D. Attackers sends the ARP request with its own MAC address and IP address of a legitimate resource in the network.
Answer: D
Q3. What are three ways you can enforce a BCP38 policy on an internet edge policy?(choose three)
A. Avoid RFC1918 internet addressing.
B. Implement Cisco Express Forwarding.
C. Implement Unicast RPF.
D. Apply ingress filters for RFC1918 addresses.
E. Apply ingress ACL filters for BOGON routes.
F. Implement source NAT.
Answer: B,C,E
Q4. Which description of a virtual private cloud is true?
A. An on-demand configurable pool of shared software applications allocated within a public cloud environment, which provides tenant isolation
B. An on-demand configurable pool of shared data resources allocated within a private cloud environment,
which provides assigned DMZ zones
C. An on-demand configurable pool of shared networking resources allocated within a private cloud environment, which provides tenant isolation
D. An on-demand configurable pool of shared computing resources allocated within a public cloud environment, which provides tenant isolation
Answer: D
Q5. Which of the following two statements apply to EAP-FAST? (Choose two.)
A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.
B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.
C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).
D. EAP-FAST is a client/client security architecture.
Answer: A,C
Q6. Event Store is a component of which IPS application?
A. SensorApp
B. InterfaceApp
C. MainApp
D. NotificationApp
E. AuthenticationApp
Answer: C
Q7. Which statement about the cisco anyconnect web security module is true ?
A. It is VPN client software that works over the SSl protocol.
B. It is an endpoint component that is used with smart tunnel in a clientless SSL VPN.
C. It operates as an NAC agent when it is configured with the Anyconnect VPN client.
D. It is deployed on endpoints to route HTTP traffic to SCANsafe
Answer: D
Q8. Refer to the exhibit.
What are three effect of the given firewall configuration? (Choose three.)
A. The firewall allows Echo Request packets from any source to pass server.
B. The firewall allows time Exceeded error messages from any source to pass to the server.
C. PCs outside the firewall are unable to communicate with the server over HTTP
D. The firewall allows Echo Reply packets from any source to pass to the server.
E. The firewall allows Destination Unreachable error messages from any source to pass to the server.
F. The firewall allows Packet too big error messages from any source to pass to the server.
Answer: A,D,F
Q9. According to RFC 2577, Which two options describe drawbacks of the FTP protocol? (Choose two)
A. If access to the FTP server is restricted by network address, the server still is susceptible to spoofing attacks.
B. Servers that apply connection limits to protect against brute force attacks are vulnerable to DoS attacks
C. It is susceptible to man-m-the-middle attacks
D. An attacker can validate user names if the 331 response is in use.
E. It is susceptible to bounce attacks on port 1024
Answer: D,E
Q10. What is an example of a WEP cracking attack ?
A. SQL injection attack
B. Café latte attack
C. directory traversal attack
D. Reflected XSS attack
Answer: B