Q1. DRAG DROP
Drag and drop the desktop-security terms from the left onto their right definitions on the right?
Answer:
Explanation:
governance = directing and controlling information and communications technology penetration testing = using hacking techniques to attempt to bypass existing security phishing = attempting to elict information from users by sending targeted emails
SSO = allowing users to sign in to multiple systems without reentering their credentials two factor authentication = using more than one mechanism to verify a user login
Q2. According to OWASP guidelines, what is the recommended method to prevent cross-site request forgery?
A. Allow only POST requests.
B. Mark all cookies as HTTP only.
C. Use per-session challenge tokens in links within your web application.
D. Always use the "secure" attribute for cookies.
E. Require strong passwords.
Answer: C
Q3. Refer to the Exhibit, What is a possible reason for the given error?
A. One or more require application failed to respond.
B. The IPS engine is busy building cache files.
C. The IPS engine I waiting for a CLI session to terminate.
D. The virtual sensor is still initializing.
Answer: D
Q4. Which two characteristics of DTLS are true? (Choose two)
A. It includes a congestion control mechanism
B. It supports long data transfers and connections data transfers
C. It completes key negotiation and bulk data transfer over a single channel
D. It is used mostly by applications that use application layer object-security protocols
E. It includes a retransmission method because it uses an unreliable datagram transport
F. It cannot be used if NAT exists along the path
Answer: A,E
Q5. Which of the following two options can you configure to avoid iBGP full mesh?(Choose two)
A. BGP NHT
B. route reflector
C. local preference
D. confederations
E. Virtual peering
Answer: B,D
Q6. Which command sets the Key-length for the IPv6 send protocol?
A. IPv6 nd ns-interval
B. Ipv6 ndra-interval
C. IPv6 nd prefix
D. IPv6 nd inspection
E. IPv6 nd secured
Answer: E
Q7. Which three statements about the keying methods used by MAC Sec are true (Choose Three)
A. MKA is implemented as an EAPoL packet exchange
B. SAP is enabled by default for Cisco TrustSec in manual configuration mode.
C. SAP is supported on SPAN destination ports
D. Key management for host-to-switch and switch-to-switch MACSec sessions is provided by MKA
E. SAP is not supported on switch SVIs .
F. A valid mode for SAP is NULL
Answer: A,B,F
Q8. Which statement about the Cisco Secure ACS Solution Engine TACACS+ AV pair is true?
A. AV pairs are only required to be enabled on Cisco Secure ACS for successful implementation.
B. The Cisco Secure ACS Solution Engine does not support accounting AV pairs.
C. AV pairs are only string values.
D. AV pairs are of two types: string and integer.
Answer: C
Q9. What functionality is provided by DNSSEC?
A. origin authentication of DNS data
B. data confidentiality of DNS queries and answers
C. access restriction of DNS zone transfers
D. storage of the certificate records in a DNS zone file
Answer: A
Q10. DRAG DROP
Drag and Drop each Cisco Intrusion Prevention System anomaly detection event action on the left onto the matching description on the right.
Answer:
Explanation:
A-4,B-3,C-1,D-2,E-5,F-7,G-6