Q1. Which two statements about LEAP are true? (Choose two)
A. It is compatible with the PAP and MS-CHAP protocols
B. It is an ideal protocol for campus networks
C. A symmetric key is delivered to the authenticated access point so that future connections from the same client can be encrypted with different keys
D. It is an open standard based on IETF and IEEE standards
E. It is compatible with the RADIUS authentication protocol
F. Each encrypted session is authentication by the AD server
Answer: E,F
Q2. Refer to the exhibit, which configuration prevents R2 from become a PIM neighbor with R1?
A. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 1
B. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ipigmp access-group 10
C. Access-list 10 deny 192.168.1.2.0.0.0.0
!
Interface gi0/0 Ippimneighbour-filter 10
D. Access-list 10 permit 192.168.1.2.0.0.0.0
!
Interface gi0/0
Ippim neighbor-filter 10
Answer: D
Q3. Refer to the exhibit. What IPSec function does the given debug output demonstrate?
A. DH exchange initiation
B. setting SPIs to pass traffic
C. PFS parameter negotiation
D. crypto ACL confirmation
Answer: B
Q4. Refer to the exhibit . What is the meaning of the given error message?
A. The PFS groups are mismatched.
B. The pre-shared keys are mismatched.
C. The mirrored crypto ACLs are mismatched.
D. IKE is disabled on the remote peer.
Answer: B
Q5. Which two statements about IPsec in a NAT-enabled environment are true? (Choose two)
A. The hashes of each peer’s IP address and port number are compared to determine whether NAT-T is required
B. NAT-T is not supported when IPsec Phase 1 is set to Aggressive Mode
C. The first two messages of IPsec Phase 2 are used to determine whether the remote host supports
NAT-T
D. NAT-T is not supported when IPsec Phase 1 is set to Main Mode
E. IPsec packets are encapsulated in UDP 500 or UDP 10000 packets
F. To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers
Answer: A,D
Q6. Which object table contains information about the clients know to the server in Cisco NHRP MIB
implementaion?
A. NHRP Server NHC Table
B. NHRP Client Statistics Table
C. NHRP Cache Table
D. NHRP Purge Request Table
Answer: A
Q7. Refer to the exhibit. If R1 is connected upstream to R2 and R3 at different ISPs as shown, what action must be taken to prevent Unicast Reverse Path Forwarding (uRPF. from dropping asymmetric traffic?
A. Configure Unicast RPF Loose Mode on R2 and R3 only.
B. Configure Unicast RPF Loose Mode on R1 only.
C. Configure Unicast RPF Strict Mode on R1 only.
D. Configure Unicast RPF Strict Mode on R1,R2 and R3.
E. Configure Unicast RPF Strict Mode on R2 and R3 only.
Answer: E
Q8. DRAG DROP
Drag each EAP variant in the 802.1x framework to the matching statement on the right?
Answer:
Explanation: EAP-FAST: An encapsulated EAP variant that can travel through TLS tunnel EAP-MD5: When used, EAP servers provide authentication to EAP peers only EAP-OTP: Authenticates using a single-use token
EAP-PEAP: Performs secure tunnel authentication
EAP-SIM: Enables GSM users to access both voice and data services with unified authentication. EAP-TLS: Provides EAP message fragmentation.
EAP-TTLS: An early EAP variant that uses certificates based authentication of both client and server
LEAP: A simplified EAP variant that uses password as shared service.
Q9. Which two OSPF network types support the concept of a designated router? (Choose two.)
A. broadcast
B. NBMA
C. point-to-multipoint
D. point-to-multipoint nonbroadcast
E. loopback
Answer: A,B
Q10. Refer to the exhibit. Which statement about this debug output is true ?
A. It was generated by a LAN controller when it responded to a join request from an access point
B. It was generated by a LAN controller when it generated a join request to an access point
C. It was generated by an access point when it sent a join reply message to a LAN controller
D. It was generated by an access point when it received a join request message from a LAN controller
Answer: A