Q1. Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute? (Choose two)
A. Destination Unreachable-protocol Unreachable
B. Destination Unreachable-port Unreachable
C. Time Exceeded-Time to Live exceeded in Transit
D. Redirect-Redirect Datagram for the Host
E. Time Exceeded-Fragment Reassembly Time Exceeded
F. Redirect-Redirect Datagram for the Type of service and Host
Answer: B,C
Q2. Which three statements about RLDP are true? (Choose three)
A. It can detect rogue Aps that use WPA encryption
B. It detects rogue access points that are connected to the wired network
C. The AP is unable to serve clients while the RLDP process is active
D. It can detect rogue APs operating only on 5 GHz
E. Active Rogue Containment can be initiated manually against rogue devices detected on the wired network
F. It can detect rogue APs that use WEP encryption
Answer: A,B,D
Q3. According ISO27001 ISMS, which of the following are mandatory documents? (Choose 4)
A. ISMS Policy
B. Corrective Action Procedure
C. IS Procedures
D. Risk Assessment Reports
E. Complete Inventory of all information assets
Answer: A,B,C,D
Q4. Which two statements about RFC 2827 are true? (Choose two.)
A. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
B. A corresponding practice is documented by the IEFT in BCP 38.
C. RFC 2827 defines ingress packet filtering for the multihomed network.
D. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
E. A corresponding practice is documented by the IEFT in BCP 84.
Answer: B,D
Q5. Refer to the exhibit.
While troubleshooting a router issue ,you executed the show ntp associationcommand and it returned this output.Which condition is indicated by the reach value of 357?
A. The NTP continuously received the previous 8 packets.
B. The NTP process is waiting to receive its first acknowledgement.
C. The NTP process failed to receive the most recent packet, but it received the 4 packets before the most recent packet.
D. The NTP process received only the most recent packet.
Answer: C
Q6. You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:
(A) You need two customer contexts, named contextA and contextB
(B) Allocate interfaces G0/0 and G0/1 to contextA
(C) Allocate interfaces G0/0 and G0/2 to contextB
(D) The physical interface name for G0/1 within contextA should be "inside".
(E) All other context interfaces must be viewable via their physical interface names.
If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?
A. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible
B. context contexta
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible
C. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible
D. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2
E. context contextA
config-url disk0:/contextA.cfg
allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB
config-url disk0:/contextB.cfg
allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible
Answer: A
Q7. Refer to the exhibit.
Which two effect of this configuration are true ? (Choose two)
A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.
B. The Cisco ASA use the cisco directory as the starting point for the user search.
C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.
D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.
E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.
F. The admin user is authenticated against the members of the security.cisco.com group.
Answer: C,F
Q8. Which two statements about the MD5 Hash are true? (Choose two.)
A. Length of the hash value varies with the length of the message that is being hashed.
B. Every unique message has a unique hash value.
C. Its mathematically possible to find a pair of message that yield the same hash value.
D. MD5 always yields a different value for the same message if repeatedly hashed.
E. The hash value cannot be used to discover the message.
Answer: B,E
Q9. Which two router configurations block packets with the Type 0 Routing header on the interface? (choose two)
A. Ipv6 access-list Deny_Loose_Routing permit ipv6 any any routing-type 0 deny ipv6 any any
interface FastEthernet0/0
ipv6 traffic-filter Deny_Loose_Source_Routing in
B. Ipv6 access-list-Deny_Loose_Source_Routing Deny ipv6 FE80::/10 any mobility –type bind-refresh Permit ipv6 any any
Interface FastEthernet/0 Ipv6 tr
Affic-filter Deny_Loose_Source_Routing in
C. Ipv6 access-list Deny_Loose_Source_Routing Deny ipv6 any any routing-type 0
Permit ipv6 any any Interface FastEthernet0/0
Ipv6 traffic –filter Deny_Loose_Routing in
D. Ipv6 access –list Deny_Loose_Source_Routing Deny ipv6 any FE80: :/10 routing –type 0
Deny ipv6 any any routing –type 0 Permit ipv6 any any
Interface FastEthernet t0/0
Ipv6 traffic –filter Deny_Loose_Source_Routing in
E. Ipv6 access –list Deny_Loose_Source_Routing Sequence 1 deny ipv6 any any routing –type 0 log-input
Sequence 2 permit ipv6 any any flow –label 0 routing interface Fastethernet0/0 Ipv6 traffic-filter Deny_Loose_Source_Routing in
Answer: C,D
Q10. For which two reasons BVI is required in the Transparent Cisco IOS Firewall? (Choose two)
A. BVI is required for the inspection of IP traffic.
B. The firewall can perform routing on bridged interfaces.
C. BVI is required if routing is disabled on the firewall.
D. BVI is required if more than two interfaces are in a bridge group.
E. BVI is required for the inspection of non-IP traffic.
F. BVI can manage the device without having an interface that is configured for routing.
Answer: D,F