Which of the following threats has a dedicated FirePOWER preprocessor engine? (Select the best answer.) A. Back Orifice B. distributed port scan C. port sweep D. SYN flood Explanation: Of the choices provided, only Back Orifice is a threat that has a dedicated FirePOWER preprocessor engine. A FirePOWER Intrusion Prevention System (IPS) has several predefined […]

You have been asked to enable the Cisco IOS Resilient Configuration feature on a Cisco router. You issue the following commands on the router: Router#configure terminal Router(config)#secure boot-image Which of the following commands are you most likely to issue next to complete the configuration? (Select the best answer.) A. reload B. confreg 0x2102 C. secure […]

Which of the following ISAKMP states indicates that the IKE peers have negotiated security parameters and exchanged keys using aggressive mode during phase 1 of the IKE process? (Select the best answer.) A. AG_INIT_EXCH B. MM_KEY_EXCH C. MM_SA_SETUP D. QM_IDLE Explanation: The AG_INIT_EXCH Internet Security Association and Key Management Protocol (ISAKMP) state indicates that the […]

Which of the following is most likely to protect the availability component of the CIA triad? (Select the best answer.) A. data encryption B. an IPS C. a virus scanner D. a VPN Explanation: Of the available choices, an Intrusion Prevention System (IPS) is most likely to protect the availability component of the confidentiality, integrity, […]

RADIUS and TACACS+ have which of the following in common? (Select the best answer.) A. They communicate by using the same transport protocol. B. They are AAA protocols. C. They are Ciscoproprietary protocols. D. They encrypt the entire packet. Explanation: Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication DialIn User Service (RADIUS) […]

To which of the following are you most likely to connect to manage a Cisco router in ROMmon mode? (Select 2 choices.) A. an auxiliary port B. a console port C. a serial port D. an Ethernet port E. a VTY port Explanation: Of the available choices, you are most likely to use either an […]

Which of the following MPF elements can be used to configure Application layer protocol inspection? (Select the best answer.) A. a class map B. a policy map C. a service policy D. a global policy E. an extended access list F. a standard access list Explanation: A policy map can be used to configure Application […]

You enable logging at the end of the session in Cisco FireSIGHT Management Center. Which of the following is true? (Select the best answer.) A. The log will contain less information than at the beginning of the session. B. You will not be able to log connections handled by an SSL policy. C. Information will […]

You have configured a BYOD implementation at a branch location, including an extended ACL named DEFAULTACL on the Layer 2 ports of each access switch. BYOD clients are able to obtain IP addresses, but connectivity to other network services seems to be sporadic or nonexistent, depending on the service. You issue the show ip accesslist […]

Your company’s active ASA currently shares its stateful failover link with a regular data interface. Your supervisor asks you to configure a failover key on both the active ASA and the standby ASA. Which of the following is most likely the reason? (Select the best answer.) A. so that the risk of exposure of VPN […]