81-120

Question 1

Which 802.1x component enforces the network access policy? 
A. RADIUS Server 
B. Authentication server 
C. Supplicant 
D. Authenticator

Answer 1

Authenticator

Question 2

Which two advantages does the on-premise model for MDM deployment have over the cloudbased model? (Choose two)
A. The on-premise model is easier and faster to deploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model provides more control of the MDM solution than the cloud-based model
E. The on-premise model generally has less latency than the cloud-based model

Answer 2

The on-premise model provides more control of the MDM solution than the cloud-based model

The on-premise model generally has less latency than the cloud-based model

Question 3

How can you prevent NAT rules from sending traffic to incorrect interfaces?
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line
C. Configure twice NAT instead of object NAT
D. Use packet-tracer rules to reroute misrouted NAT entries

Answer 3

Assign the output interface in the NAT statement

Question 4

What are characteristics of the Radius Protocol? (Choose two)
A. Uses TCP port 49
B. Uses UDP Port 49
C. Uses TCP 1812/1813
D. Uses UDP 1812/1813
E. Combines authentication and authorization

Answer 4

Uses UDP 1812/1813

Combines authentication and authorization

Question 5

Which command is to make sure that AAA Authentication is configured and to make sure that user can access the exec level to configure?

A. AAA authentication enable default local
B. AAA authentication enable local
C. AAA authentication enable tacacs+ default

Answer 5

AAA authentication enable default local

Question 6

Which primary security attributes can be achieved by BYOD Architecture?(Choose two) 
A. Trusted enterprise network 
B. public wireless network 
C. checking compliance with policy 
D. pushing patches

Answer 6

Trusted enterprise network

checking compliance with policy

Question 7

A user reports difficulties accessing certain external web pages, when examining traffic to and from the external domain in full packet captures, you notice many SYNs that have the same sequence number, source, and destination IP address, but have different payloads. Which problem is a possible explanation of this situation?
A. insufficient network resources
B. failure of full packet capture solution
C. misconfiguration of web filter
D. TCP injection

Answer 7

TCP injection

Question 8

What is the primary purpose of the Integrated Services Routers (ISR) in the BYOD solution?
A. Provide connectivity in the home office environment back to the corporate campus
B. Provide WAN and Internet access for users on the corporate campus
C. Enforce firewall-type filtering in the data centre
D. Provide connectivity for the mobile phone environment back to the corporate campus

Answer 8

Provide connectivity in the home office environment back to the corporate campus

Question 9

Which is not a function of mobile device management (MDM)?
A. Enforce strong passwords on BYOD devices
B. Deploy software updates to BYOD devices
C. Remotely wipe data from BYOD devices
D. Enforce data encryption requirements on BYOD devices

Answer 9

Deploy software updates to BYOD devices

Question 10

The purpose of the certificate authority (CA) is to ensure what?
A. BYOD endpoints are posture checked
B. BYOD endpoints belong to the organization
C. BYOD endpoints have no malware installed
D. BYOD users exist in the corporate LDAP directory

Answer 10

BYOD endpoints belong to the organization

Question 11

The purpose of the RSA SecureID server/application is to provide what?
A. Authentication, authorization, accounting (AAA) functions
B. One-time password (OTP) capabilities
C. 802.1X enforcement
D. VPN access

Answer 11

One-time password (OTP) capabilities

Question 12

What does ASA Transparent mode support? 
A. It supports OSPF. 
B. It supports the use dynamic NAT. 
C. IP for each interface. 
D. Requires a management IP address.

Answer 12

It supports the use dynamic NAT.

Question 13

What will happen with traffic if zone-pair created, but policy did not applied?
A. All traffic will be dropped.
B. All traffic will be passed with logging.
C. All traffic will be passed without logging.
D. All traffic will be inspected.

Answer 13

All traffic will be dropped.

Question 14

Which Cisco IOS device support firewall, antispyware, anti-phishing, protection, etc.? 
A. Cisco IOS router 
B. Cisco 4100 IOS IPS appliance
 C. Cisco 5500 series ASA 
D. Cisco 5500x next generation ASA

Answer 14

Cisco 5500x next generation ASA

Question 15

What configurations are under crypto map? (Choose two) 
A. set peer 
B. set host 
C. set transform-set 
D. interface

Answer 15

set peer

set transform-set

Question 16

Which two options are Private-VLAN secondary VLAN types? (Choose two) 
A. Isolated 
B. Secured 
C. Community 
D. Common 
E. Segregated

Answer 16

Isolated

Community

Question 17

Which type of VLANs can communicate to PVLANs? (or something like this) (Choose two) Which two are valid types of VLANs using PVLANs? (choose two) 
A. promiscuous 
B. isolated
C. community 
D. backup 
E. secondary

Answer 17

isolated

community

Question 18

What protocol provides CIA?

A. HA B. ESP C. IKEV1 D. IKEV2

Answer 18

ESP

Question 19

Drag the recommendations on the left to the Cryptographic Algorithms on the right. Options will be used more than once.

Avoid ,Legacy

DES, 3DES, MD5, SHA1, HMAC-MD5

Answer 19

Des- avoid
3DES - Legacy
MD5 - Avoid
SHA1, HMAC-MD5 - legacy

Question 20

What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two)
A. SNMPv3 is secure because you can configure authentication and privacy.
B. SNMPv3 is a Cisco proprietary protocol.
C. SNMPv2 is secure because you can configure authentication and privacy.
D. SNMPv2 is insecure because it sends information in clear text.
E. SNMPv3 is insecure because it sends information in clear text.

Answer 20

SNMPv3 is secure because you can configure authentication and privacy.

SNMPv2 is insecure because it sends information in clear text

Question 21

Which two are valid types of VLANs using PVLANs? (Choose two) 
A. Backup VLAN 
B. Secondary VLAN 
C. Promiscuous VLAN 
D. Community VLAN 
E. Isolated VLAN

Answer 21

Community VLAN

Isolated VLAN

Question 22

Which security principle has been violated if data is altered in an unauthorized manner? 
A. accountability 
B. availability 
C. confidentiality 
D. integrity

Answer 22

integrity

Question 23

Which two actions can a zone-based firewall apply to a packet as it transits a zone pair? (Choose two) 
A. drop  
B. inspect  
C. queue  
D. quarantine  
E. block

Answer 23

Drop

Inpect

Question 24

Which information can you display by executing the show crypto ipsec sa command?

A. proxy information for the connection between two peers
B. IPsec SAs established between two peers
C. recent changes to the IP address of a peer router
D. ISAKMP SAs that are established between two peers

Answer 24

IPsec SAs established between two peers

Question 25

6 Which command can you enter to configure OSPF to use hashing to authenticate routing updates? A. ip ospf authentication message-digest B. ip ospf priority 1 C. neighbor 192.168.0.112 cost md5 D. ip ospf authentication-key

Answer 25

ip ospf authentication message-digest

Question 26

How is management traffic isolated on a Cisco ASR 1002? A. Traffic is isolated based upon how you configure routing on the device. B. There is no management traffic isolation on a Cisco ASR 1002. C. The management interface is configured in a special VRF that provides traffic isolation from the default routing table. D. Traffic isolation is done on the VLAN level.

Answer 26

The management interface is configured in a special VRF that provides traffic isolation from the default routing table.

Question 27

Which statement about traffic inspection using the Cisco Modular Policy Framework on the ASA is true? A. HTTP inspection is supported with Cloud Web Security inspection. B. QoS policing and QoS pnonty queuing can be configured for the same traffic. C. ASA with FirePOWER supports HTTP inspection. D. Traffic can be sent to multiple modules for inspection.

Answer 27

HTTP inspection is supported with Cloud Web Security inspection.

Question 28

Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch? A. Control Plane Policing B. Policy Map C. Service Policy D. Cisco Express Forwarding

Answer 28

Control Plane Policing maintain packet forwarding ##

Question 29

Refer to the exhibit. What is the effect of the given configuration? Router1#int f0/0 -> ip ospf message-digest-key 1 md5 cisco Router2# int f0/0 -> ip ospf message-digest-key 1 md5 cisco A. The two routers receive normal updates from one another. B. It enables authentication. C. It prevents keychain authentication. D. The two devices are able to pass the message digest to one another.

Answer 29

It enables authentication.

Question 30

Which two actions can an end user take to manage a lost or stolen device in Cisco ISE? (Choose two) A. Reinstate a device that the user previously marked as lost or stolen. B. Activate Cisco ISE Endpoint protection Services to quarantine the device. C. Request revocation of the digital certificate of the device. D. Add the MAC address of the device to a list of blacklisted devices. E. Force the device to be locked with a PIN.

Answer 30

Reinstate a device that the user previously marked as lost or stolen. Force the device to be locked with a PIN.

Question 31

What are two default behaviours of the traffic on a zone based firewall? (Choose two) A. The CBAC rules that are configured on router interfaces apply to zone interfaces. B. Communication is blocked between interfaces that are members of the same zone. C. Traffic within the self zone uses an implicit deny all. D. All traffic between zones is implicit blocked. E. Communication is allowed between interfaces that are members of the same zone.

Answer 31

All traffic between zones is implicit blocked. Communication is allowed between interfaces that are members of the same zone.

Question 32

``` Which type of firewall monitors and protects a specific system? A. proxy firewall B. stateless firewall C. application firewall D. personal firewall ```

Answer 32

personal firewall firewall monitors and protect specific system ##

Question 33

``` On an ASA, which maps are used to identify traffic? A. Policy maps B. Class maps C. Route maps D. Service maps ```

Answer 33

Class maps identify traffic ##

Question 34

``` Which two roles of the Cisco WSA are true? (Choose two) A. web proxy B. URL filter C. antispam D. IPS E. firewall ```

Answer 34

web proxy URL filter Cisco WSA ##