EnsurepassQUESTION 131 What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)   A. DHCP snooping B. IP Source Guard C. Telnet D. Secure Shell E. SNMP   Correct Answer: AB     QUESTION 132 What are two enhancements of SSHv2 over SSHv1? (Choose two.)   A. VRF-aware SSH support B. DH group exchange support C. RSA support D. keyboard-interactive authentication E. SHA support   Correct Read more [...]
EnsurepassQUESTION 121 Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices?   A. Prime Infrastructure B. Prime Assurance C. Prime Network Registrar D. Prime Network Analysis Module   Correct Answer: A     QUESTION 122 Where on a firewall does an administrator assign interface s to contexts?   A. in the system execution space B. in the admin context C. in a user-defined context Read more [...]
EnsurepassQUESTION 111   SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?   A. an SNMP group B. at least one interface C. the SNMP Read more [...]
EnsurepassQUESTION 101 At which layer does MACsec provide encryption?   A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4   Correct Answer: B     QUESTION 102 Which log level provides the most detail on the Cisco Web Security Appliance?   A. Debug B. Critical C. Trace D. Informational   Correct Answer: C     QUESTION 103 A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the Read more [...]
EnsurepassQUESTION 91 A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?   A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan- number C. Configure an arp access-list and apply it to the ip arp inspection command D. Enable port security   Correct Answer: C     Read more [...]
EnsurepassQUESTION 81 To which port does a firewall send secure logging messages?   A. TCP/1500 B. UDP/1500 C. TCP/500 D. UDP/500   Correct Answer: A     QUESTION 82 Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?   A. Cisco Security Manager B. Cisco IPS Manager Express C. Cisco IPS Device Manager D. Cisco Adaptive Security Device Manager   Correct Answer: A     QUESTION 83 Read more [...]
EnsurepassQUESTION 71 Which feature can suppress packet flooding in a network?   A. PortFast B. BPDU guard C. Dynamic ARP Inspection D. storm control   Correct Answer: D QUESTION 72 In a Cisco ASAv failover deployment, which interface is preconfigured as the failover interface?   A. GigabitEthernet0/2 B. GigabitEthernet0/4 C. GigabitEthernet0/6 D. GigabitEthernet0/8   Correct Answer: D     QUESTION 73 What are the three types of private VLAN Read more [...]
EnsurepassQUESTION 61 What is the default behavior of NAT control on Cisco ASA Software Version 8.3?   A. NAT control has been deprecated on Cisco ASA Software Version 8.3. B. It will prevent traffic from traversing from one enclave to the next without proper access configuration. C. It will allow traffic to traverse from one enclave to the next without proper access configuration. D. It will deny all traffic.   Correct Answer: A     QUESTION 62 Which kind of Layer Read more [...]
EnsurepassQUESTION 51 A Cisco ASA is configured in multiple context mode and has two user-defined contexts--Context_A and Context_B. From which context are device logging messages sent?   A. Admin B. Context_A C. Context_B D. System   Correct Answer: A     QUESTION 52 What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two .)   A. identifying Layer 2 ARP attacks B. detecting spoofed MAC addresses and tracking 802.1X actions Read more [...]
EnsurepassQUESTION 41 When configuring a new context on a Cisco ASA device, which command creates a domain for the context?   A. domain config name B. domain-name C. changeto/domain name change D. domain context 2   Correct Answer: B     QUESTION 42 Which two options are two purposes of the packet-tracer command? (Choose two.)   A. to filter and monitor ingress traffic to a switch B. to configure an interface-specific packet trace C. to inject virtual Read more [...]
EnsurepassQUESTION 21 Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?   A. to provide detailed packet-trace information B. to specify the source interface for the packet trace C. to display the trace capture in XML format D. to specify the protocol type for the packet trace   Correct Answer: B     QUESTION 22 You are the network security engineer for the Secure-X network. The company has recently Read more [...]