121-160 Flashcards
(30 cards)
Which command enables authentication at the OSPFv2 routing process level?
A. area 0 authentication message-digest
B. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
C. ip ospf authentication message-digest
D. ip ospf message-digest-key 1 md5 C1sc0!
area 0 authentication message-digest
OSPFv2 routing process lvl ##
Which statement about traffic inspection using the Cisco Modular Policy Framework on the ASA is true?
A. HTTP inspection is supported with Cloud Web Security inspection.
B. QoS policing and QoS pnonty queuing can be configured for the same traffic.
C. ASA with FirePOWER supports HTTP inspection.
D. Traffic can be sent to multiple modules for inspection.
HTTP inspection is supported with Cloud Web Security inspection.
Which adverse consequence can occur on a network without BPDU guard?
A. The oldest switch can be elected as the root bridge.
B. Unauthorized switches that are connected to the network can cause spanning-tree loops.
C. Double tagging can cause the switches to experience CAM table overload.
D. Rogue switches can be difficult to detect.
Unauthorized switches that are connected to the network can cause spanning-tree loops.
Which two 802.1x features can you enable by running the IOS authentication priority command? (Choose two)
A. forced authorized port state B. Telnet authentication C. automatic selection D. Web authentication E. MAC authentication bypass
Web authentication
MAC authentication bypass
If a personal Firewall specifically blocks NTP, which type of blocking is the firewall performing? A. service B. file C. application D. network
application
Which two problems can arise when a proxy firewall serves as the gateway between networks? (Choose two)
A. It can cause reduced throughput.
B. It is unable to prevent direct connections to other networks.
C. It can prevent content caching.
D. It is unable to provide antivirus protection.
E. It can ktrtf application support.
It can cause reduced throughput.
It can ktrtf application support.
What command could you implement in the firewall to conceal internal IP address? A. no source-route B. no cdp run C. no broadcast D. no proxy-arp
no proxy-arp
What are the direct two methods for redirecting web traffic to cisco web security? (Choose two) A. Cisco ISE B. 3rd party proxies C. PAC file D. NAC
3rd party proxies
PAC file
For the SNMP V3 access control, how to control access of clients & managers? (Choose two) A. routing filtering B. create access list C. make managers view D. authentication
create access list
authentication
About encryption protocol using in MPLS VPN confidentiality...? A. IPsec B. SSL C. AES D. 3DES
IPsec
Why does ISE require its own certification issued by a trusted CA?
A. ISE certificate allow guest device to validate it as a trusted network device.
B. ISE certificate allow it to join the network security framework.
C. It request certificates for guest device from the CA server based on its own certificate.
D. It generate certificates for guest device based on its own certificate.
ISE certificate allow guest device to validate it as a trusted network device.
What is the main purpose of Control Plane Policing?
A. to prevent exhaustion of route-processor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
to prevent exhaustion of route-processor resources
How can you mitigate DCE/RPC evasion techniques while allowing access to the DCE/RPC service?
A. Update the IPS signature for HTTPS to validate DCE/RPC connections.
B. Block suspicious hosts from DCE/RPC port 593.
C. Tunnel DCE/RPC traffic through GRE.
D. Configure the DCE/RPC preprocessor
Configure the DCE/RPC preprocessor
Which type of mechanism does Cisco FirePOWER deploy to protect against email threats that are detected moving across other networks? A. signature-based B. reputation-based C. antivirus scanning D. policy-based
reputation-based
Which component of a security zone firewall policy defines how traffic is handled? A. ACL B. Service policy C. Policy map D. Class map
Policy map
Of all parameters that are negotiated for the IKE Phase 1 tunnel, which parameter is the only one that does not have to exactly match between VPN pees to be accepted? A. DH group B. Hashing algorithm C. Encryption algorithm D. Digital signature E. Authentication method F. Lifetime
Lifetime
What is the range of levels provided by the Privilege command?
A. 0-16 B. 0-15 C. 1-16 D. 1-14 E. 0-14 F. 1-15
0-15
Which two types of malware can self-replica and spread? (Choose two) A. Backdoors B. Worms C. Viruses D. Trojans E. Bots
Viruses
Worms
In a Cisco Cloud Web Security environment, when can network traffic bypass the scanning proxies?
A. When the client is on a trusted corporate network.
B. When the client is connected to a VPN service that bypass proxies.
C. When the client is connected to a WPA2 Enterprise network.
D. When the client is connected to a wired network.
When the client is on a trusted corporate network.
Which option is the logical container used to maintain information about the connections going through a Cisco ASA firewall? A. State table B. NAT table C. Routing table D. Cisco Express Forwarding table
State table
On which operating system does the Cisco Email Security Appliance run? A. Cisco ESA-OS B. Cisco AsyncOS C. Cisco IOS XE D. Cisco IOS XR E. Cisco NX-OS
Cisco AsyncOS
Which statement about TACACS+ is true?
A. Passwords are transmitted between the client and server using MD5 hashing.
B. TACACS is flexible than RADIUS because it separates all AAA into individual processes.
C. TACACS is used for access to network resources more than administrator access to network devices.
D. TACACS server listens UDP port 1813 for accounting.
E. All data that is transmitted between the client and TACACS+ server is cleartext.
TACACS is flexible than RADIUS because it separates all AAA into individual processes.
Which two statements about an IPS in tap mode are true? (Choose two.)
A. It requires an synchronous routing configuration for full traffic analysis.
B. The device forwards all traffic, regardless of its source or destination.
C. It directly analyses the actual packets as they pass through the system.
D. It can analyse events without impacting network efficiency.
E. It is unable to drop packets in the main flow
It can analyse events without impacting network efficiency.
It is unable to drop packets in the main flow
How will a stateful firewall handle an inbound packet that it receives and cannot match in its state table?
A. Passes the traffic.
B. Drops the traffic.
C. Broadcasts the traffic.
D. Looks for an ACL, and acts based upon the ACL.
Looks for an ACL, and acts based upon the ACL.
