Q1. Refer to the exhibit
Which as-path access-list regular expression should be applied on R2 as a neighbor filter list to only allow update with and origin of AS 65503?
A. _65509.?$
B. _65503$
C. ^65503.*
D. ^65503$
E. _65503_
F. 65503
Answer: C
Q2. When configuration Cisco IOS firewall CBAC operation on Cisco routers, the “inspection rule” can be applied at which two location?(Choose two)
A. at the trusted and untrusted interfaces in the inbound direction.
B. at the trusted interface in the inbound direction.
C. at the trusted and untrusted interfaces in the outbound direction.
D. at the untrusted interface in the inbound direction.
E. at the trusted interface in the outbound direction.
F. at the trusted interface in the outbound direction.
Answer: B,F
Q3. Which two statement about the DES algorithm are true?(choose two)
A. It uses a 64-bit key block size and its effective key length is 65 bits
B. It uses a 64-bits key block size and its effective key length is 56 bits
C. It is a stream cripher that can be used with any size input
D. It is more efficient in software implements than hardware implementations.
E. It is vulnerable to differential and linear cryptanalysis
F. It is resistant to square attacks
Answer: B,E
Q4. If the ASA interfaces on a device are configured in passive mode, which mode must be configured on the remote device to enable EtherChannel?
A. standby
B. active
C. on
D. passive
Answer: B
Q5. Which statement about ICMPv6 filtering is true?
A)
B)
C)
D)
E)
F)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q6. Which two statements about the anti-replay feature are true? (Choose two)
A. By default, the sender uses a single 1024-packet sliding window
B. By default, the receiver uses a single 64-packet sliding window
C. The sender assigns two unique sequence numbers to each clear-text packet
D. The sender assigns two unique sequence numbers to each encrypted packet
E. the receiver performs a hash of each packet in the window to detect replays
F. The replay error counter is incremented only when a packet is dropped
Answer: B,D
Q7. Which two statements about global ACLs are true? (Choose two)
A. They support an implicit deny
B. They are applied globally instead of being replicated on each interface
C. They override individual interface access rules
D. They require an explicit deny
E. They can filer different packet types than extended ACLs
F. They require class-map configuration
Answer: A,B
Q8. Which two commands would enable secure logging on Cisco ASA to a syslog server at 10.0.0.1? (Choose two)
A. logging host inside 10.0.0.1 TCP/1500 secure
B. logging host inside 10.0.0.1 UDP/514 secure
C. logging host inside 10.0.0.1 TCP/1470 secure
D. logging host inside 10.0.0.1 UDP/500 secure
E. logging host inside 10.0.0.1 UDP/447 secure
Answer: A,C
Q9. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?
A. 0 to 65535
B. 1 to 1024
C. 0 to 4,294,967,295
D. 1 to 65535
E. 1 to 4,294,967,295
F. 0 to 1024
Answer: C
Q10. Which three statement about VRF-Aware Cisco Firewall are true? (Choose three)
A. It can run as more than one instance.
B. It supports both global and per-VRF commands and DoS parameters.
C. It can support VPN networks with overlapping address ranges without NAT.
D. It enables service providers to implement firewalls on PE devices.
E. It can generate syslog massages that are visible only to individual VPNs.
F. It enables service providers to deploy firewalls on customer devices.
Answer: A,D,E