Q1. DRAG DROP
Drag and drop each syslog facility code on the left onto its description on the right.
Answer:
Explanation:
A:1,B2,C:3,D:4,E:5,F:6
Q2. Which two statements about CoPP are true? (Choose two)
A. When a deny rule in an access list is used for MQC is matched, classification continues on the next class
B. It allows all traffic to be rate limited and discarded
C. Access lists that are used with MQC policies for CoPP should omit the log and log-input keywords
D. The mls qos command disables hardware acceleration so that CoPP handles all QoS
E. Access lists that use the log keyword can provide information about the device’s CPU
usage
F. The policy-map command defines the traffic class
Answer: A,C
Q3. when you configure an ASA with RADIUS authentication and authorization, which attribute is used to differentiate user roles?
A. login-ip-host
B. cisco-priv-level
C. service-type
D. termination-action
E. tunnel-type
Answer: C
Q4. Which two statement about the IPv6 Hop-by-Hop option extension header (EH. are true?9Choose two)
A. The Hop-by-Hop EH is processed in hardware at the source and the destination devices only.
B. If present, network devices must process the Hop-by-Hop EH first
C. The Hop-by-Hop extension header is processed by the CPU by network devices
D. The Hop-by-Hop EH is processed in hardware by all intermediate network devices
E. The Hop-by-Hop EH is encrypted by the Encapsulating Security Header.
F. If present the Hop-by-Hop EH must follow the Mobility EH.
Answer: B,C
Q5. Which two statements about DTLS are true?(Choose two)
A. It uses two simultaneous IPSec tunnels to carry traffic.
B. If DPD is enabled, DTLS can fall back to a TLS connection.
C. Because it requires two tunnels, it may experience more latency issues than SSL connections.
D. If DTLS is disabled on an interface, then SSL VPN connections must use SSL/TLS tunnels.
E. It is disabled by default if you enable SSL VPN on the interface.
Answer: B,C
Q6. In Cisco Wireless LAN Controller (WLC. which web policy enables failed Layer 2 authentication to fall back to WebAuth authentication with a user name and password?
A. On MAC Filter Failure
B. Pass through
C. Splash Page Web Redirect
D. Conditional Web Redirect
E. Authentication
Answer: A
Q7. Which VPN technology is based on GDOI (RFC 3547)?
A. MPLS Layer 3 VPN
B. MPLS Layer 2 VPN
C. GET VPN
D. IPsec VPN
Answer: C
Q8. Which two options are disadvantages of MPLS layers 3 VPN services? (choose two)
A. They requires cooperation with the service provider to implement transport of non-IP traffic.
B. SLAs are not supported by the service provider.
C. It requires customers to implement QoS to manage congestion in the network.
D. Integration between Layers 2 and 3 peering services is not supported.
E. They may be limited by the technology offered by the service provider.
F. They can transport only IPv6 routing traffic.
Answer: D,E
Q9. Refer to the exhibit.
Which effect of this Cisco ASA policy map is true?
A. The Cisco ASA is unable to examine the TLS session.
B. The server ends the SMTP session with a QUIT command if the algorithm or key length is insufficiently secure.
C. it prevents a STARTTLS session from being established.
D. The Cisco ASA logs SMTP sessions in clear text.
Answer: B
Q10. Why is the IPv6 type 0 routing header vulnerable to attack?
A. It allows the receiver of a packet to control its flow.
B. It allows the sender to generate multiple NDP requests for each packet.
C. It allows the sender of a packet to control its flow.
D. It allows the sender to generate multiple ARP requests for each packet.
E. It allows the receiver of a packet to modify the source IP address.
Answer: C