Which of the following statements is correct regarding the traffic types that can be matched in a class map on a
Cisco ASA? (Select the best answer.)

Which of the following are symmetric encryption algorithms? (Select 3 choices.)

You have issued the following commands to modify the 802.1X configuration on a switch port:
switch(configif)#authentication order mab dot1x
switch(configif)#authentication priority dot1x mab
switch(configif)#authentication event fail action nextmethod
switch(configif)#authentication event noresponse action authorize
vlan 1313
A new host is attached to the switch port. The host’s MAC address is in the authentication database, but the
host’s certificate for 802.1X authentication is expired.Which of the following statements is true regarding the host in this scenario? (Select the best answer.)

According to the branch location ACL design guidelines in the Cisco BYOD Design Guide, which protocols
should not be permitted by the default ACL that is applied to the access ports of a Layer 2 switch? (Select 2choices.)

Refer to the exhibit:

You have created a network object NAT rule in ASDM to translate the real IP address of a DMZ web server,
DMZWWWINT, to an IP address in the OUTSIDE network, DMZWWWEXT. The DMZ interface has a
security level of 50, and the OUTSIDE interface has a security level of 0. In addition, the ASA is running system
software version 8.4.
Which of the following statements are true regarding the ACL that will be required to enable hosts in the
OUTSIDE network to communicate with the DMZ web server? (Select 2 choices.)

Which of the following can be used to encrypt email messages, files, and disk drives? (Select the best answer.)

Which of the following is a Cisco IPS appliance feature that analyzes normal network activity to detect hosts
that are infected with worms? (Select the best answer.)

Your company is using a shopping cart web application that is known to be vulnerable to a code injection
attack. Your company has no support agreement for the application, and the application is no longer updated by
its author. Modifying the code would require the hiring of additional help and an extensive interview process.
Which of the following should your company do in the meantime to most quickly mitigate the threat? (Select the
best answer.)

You want to implement a VPN with an alwayson fail close policy for Cisco AnyConnect clients.
Which of the following does Cisco recommend that you do? (Select the best answer.)

You issue the following commands on a Cisco router:
tacacsserver host ts1 single-connection timeout 20
tacacsserver timeout 30
Which of the following are true about how the Cisco router communicates with the TACACS+ server? (Select 2
choices.)