A Cisco ASA queries an LDAP server for a VPN user OU attribute of bsnsw and receives multiple results. Which of the following is the ASA most likely to match? (Select the best answer.) A. the last result in the list of results containing the attribute B. the first result in the list of results […]

Which of the following are Cisco IOS privilege levels that are not typically assigned by default? (Select 3 choices.) A. 1 B. 5 C. 7 D. 10 E. 15 Explanation: Of the available choices, privilege levels 5, 7, and 10 are custom privilege levels and are not typically assigned by default. Privilege levels can be […]

Which of the following traffic can be statefully inspected by Cisco IOS ZFW? (Select the best answer.) A. IPv6 unicast traffic B. IPv6 multicast traffic C. IPv4 unicast traffic D. IPv4 multicast traffic Explanation: In a Cisco IOS zonebased policy firewall (ZFW) configuration, IP version 4 (IPv4) unicast traffic can be statefully inspected. As of […]

Which of the following devices are least likely to deny a connection inline when an attack is detected? (Select 2 choices.) A. an IPS B. a router C. an IDS D. a Layer 3 switch E. a Layer 2 switch Explanation: A Layer 2 switch and an Intrusion Detection System (IDS) are least likely to […]

Which of the following threats has a dedicated FirePOWER preprocessor engine? (Select the best answer.) A. Back Orifice B. distributed port scan C. port sweep D. SYN flood Explanation: Of the choices provided, only Back Orifice is a threat that has a dedicated FirePOWER preprocessor engine. A FirePOWER Intrusion Prevention System (IPS) has several predefined […]

You have been asked to enable the Cisco IOS Resilient Configuration feature on a Cisco router. You issue the following commands on the router: Router#configure terminal Router(config)#secure boot-image Which of the following commands are you most likely to issue next to complete the configuration? (Select the best answer.) A. reload B. confreg 0x2102 C. secure […]

Which of the following ISAKMP states indicates that the IKE peers have negotiated security parameters and exchanged keys using aggressive mode during phase 1 of the IKE process? (Select the best answer.) A. AG_INIT_EXCH B. MM_KEY_EXCH C. MM_SA_SETUP D. QM_IDLE Explanation: The AG_INIT_EXCH Internet Security Association and Key Management Protocol (ISAKMP) state indicates that the […]

Which of the following is most likely to protect the availability component of the CIA triad? (Select the best answer.) A. data encryption B. an IPS C. a virus scanner D. a VPN Explanation: Of the available choices, an Intrusion Prevention System (IPS) is most likely to protect the availability component of the confidentiality, integrity, […]

RADIUS and TACACS+ have which of the following in common? (Select the best answer.) A. They communicate by using the same transport protocol. B. They are AAA protocols. C. They are Ciscoproprietary protocols. D. They encrypt the entire packet. Explanation: Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication DialIn User Service (RADIUS) […]

To which of the following are you most likely to connect to manage a Cisco router in ROMmon mode? (Select 2 choices.) A. an auxiliary port B. a console port C. a serial port D. an Ethernet port E. a VTY port Explanation: Of the available choices, you are most likely to use either an […]