Q1. A cloud service provider is designing a large multilenant data center to support thousands of tenants. The provider is concerned about the scalability of the Layer 2 network and providing Layer 2 segmentation to potentially thousands of tenants. Which Layer 2 technology is best suited in this scenario?
A. LDP
B. VXLAN
C. VRF
D. Extended VLAN ranges
Answer: B
Q2. In a Cisco ASA multiple-context mode of operation configuration, what three session types are resource- limited by default when their context is a member of the default class?(choose three).
A. Telnet sessions
B. ASDM sessions
C. IPSec sessions
D. SSH sessions
E. TCP sessions
F. SSL VPN sessions
Answer: A,B,D
Q3. Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?
A. eBGP peering will fail because ASA is transit lacks BGP support.
B. eBGP peering will be successful.
C. eBGP peering will fail because the two routers must be directly connected to allow peering.
D. eBGP peering will fail because of the TCP random sequence number feature.
Answer: C
Q4. Which two statements about the 3DES encryption protocol are true?(Choose two)
A. It can operate in the Electronic Code Book and Asymmetric Block Chaining modes.
B. Its effective key length is 168 bits.
C. It encrypts and decrypts data in three 64-bit blocks with an overall key length of 192 bits.
D. The algorithm is most efficient when it is implemented in software instead of hardware.
E. It encrypts and decrypts data in three 56-bit blocks with an overall key length of 168 bits.
F. Its effective key length is 112 bits.
Answer: E,F
Q5. Refer to the exhibit.
What are the two effects of the given configuration? (Choose two)
A. It permits Time Exceeded messages that indicate the fragment assembly time was exceeded
B. It permits Destination Unreachable messages that indicate the host specified in the datagram rejected the message due to filtering
C. It permits Destination Unreachable messages that indicate a problem delivering the datagram to the
destination address specified in the datagram
D. It permits Parameter Problem messages that indicate an unrecognized value in the Next Header Filed
E. It permits Parameter Problem messages that indicate an error in the header
F. It permits Destination Unreachable messages that indicate an invalid port on the host specified in the datagram
Answer: C,F
Q6. Which of the following Cisco IPS signature engine has relatively high memory usage ?
A. The STRING-TCP engine
B. The STRING-UDP engine
C. The NORMALIZER engine
D. The STRING-ICMP engine
Answer: C
Q7. On Which encryption algorithm is CCMP based?
A. IDEA
B. BLOWFISH
C. RCS
D. 3DES
E. AES
Answer: E
Q8. Which two network protocols can operate on the Application Layer?(Choose two)
A. DNS
B. UDP
C. TCP
D. NetBIOS
E. DCCP
F. SMB
Answer: A,F
Q9. Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: A,B,F
Q10. What feature on Cisco IOS router enables user identification and authorization based on per-user policies
A. CBAC
B. IPsec
C. Authentication proxy
D. NetFlow v9
E. Zone-based firewall
F. EEM
Answer: C