Q1. Refer to the Exhibit, Which two Statements about the given Configuration are true? (Choose two)
A. It is an inbound policy.
B. It will allow 209.165.202.129 to connect to 202.165.200.225 on an IMAP port.
C. It will allow 209.165.202.129 to connect to 202.165.200.225 on an RDP port.
D. It will allow 202.165.200.225 to connect to 209.165.202.129 on an RDP port.
E. It will allow 202.165.200.225 to connect to 209.165.202.129 on a VNC port.
F. It is an outbound policy.
Answer: A,C
Q2. Which two statements about the ISO are true? (Choose two)
A. The ISO is a government-based organization.
B. The ISO has three membership categories: member, correspondent, and subscribers.
C. Only member bodies have voting rights.
D. Correspondent bodies are small countries with their own standards organization.
E. Subscriber members are individual organizations.
Answer: B,C
Q3. What context-based access control (CBAC. command sets the maximum time that a router
running Cisco IOS Will wait for a new TCP session to reach the established state?
A. IP inspect max-incomplete
B. IP inspect tcp finwait-time
C. Ip inspect udp idle-time
D. Ip inspect tcpsynwait-time
E. Ip inspect tcp idle-time
Answer: D
Q4. Which three statements are true regarding RFC 5176 (Change of Authorization)? (Choose three.)
A. It defines a mechanism to allow a RADIUS server to initiate a communication inbound to a NAD.
B. It defines a wide variety of authorization actions, including "reauthenticate."
C. It defines the format for a Change of Authorization packet.
D. It defines a DM.
E. It specifies that TCP port 3799 be used for transport of Change of Authorization packets.
Answer: A,C,D
Q5. What are two features of cisco IOS that can help mitigate Blaster worm attack on RPC ports? (Choose two)
A. FPM
B. DCAR
C. NBAR
D. IP source Guard
E. URPF
F. Dynamic ARP inspection
Answer: D,E
Q6. Which configuration is the correct way to change VPN key Encryption key lifetime to 10800 seconds on the key server?
A)
B)
C)
D)
E)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Q7. Refer to the exhibit . Which Statement about this configuration is true?
A. The ASA stops LSA type 7 packets from flooding into OSPF area 1.
B. The ASA injects a static default route into OSPF area 1.
C. The ASA redistributes routes from one OSPF process to another.
D. The ASA redistributes routes from one routing protocol to another.
E. The ASA injects a static default route into OSPF process 1.
Answer: C
Q8. Which two statement about DTLS are true ? (choose two)
A. Unlike TLS,DTLS support VPN connection with ASA.
B. It is more secure that TLS.
C. When DPD is enabled DTLS connection can automatically fall back to TLS.
D. It overcomes the latency and bandwidth problem that can with SSL.
E. IT come reduce packet delays and improve application performance.
F. It support SSL VPNs without requiring an SSL tunnel.
Answer: C,D
Q9. What feature enables extended secure access from non-secure physical location?
A. Port security
B. Strom control
C. NEAT
D. CBAC
E. 802 1x pot-based authentication
Answer: C
Q10. Which two statement about PVLAN port types are true? (Choose two)
A. A community port can send traffic to community port in other communities on its broadcast domain.
B. An isolated port can send and receive traffic only to and from promiscuous ports.
C. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.
D. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.
E. A community port can send traffic to promiscuous port in other communities on its broadcast domain.
F. A Promiscuous port can send traffic to all ports within a broadcast domain.
Answer: B,F