642-825题库
Exam AQUESTION 1
What are there methods of network reconnaissance? (choose three) A.
IP spoofing
B. ont-time password
C. dictionary attack
D. packet sniffer
E. ping sweep
F. port scan
Answer: DEF
Section: (none)
------------------------------------------------
QUESTION 2
Which three statements are correct about MPLS-based VPNs? (choose three)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN
membership
B. Scalability becomes challenging for a very large, fully meshed deployment
C. Authentication is done using a digital certificate or pre-shared key
D. A VPN client is required for client-initiated deployments
E. A VPN client is not required for users to interact with the network
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required
Answer: AEF
Section: (none)
------------------------------------------------
QUESTION 3
What are two steps that must be taken when mitigating a worm attack? (choose two) A.
Inoculate systems by applying update patches
B. Limit traffic rate
C. Apply authentication
D. Quarantine infected machines
E. Enable anti-spoof measures
Answer: AD
Section: (none)
------------------------------------------------
QUESTION 4
Refer to the exhibit. What information can be derived from the SDM firewall configuration that
is shown?
Test4exam 帮助通过考
试
untrusted interface
B. Access-list 101 was configured for the trusted interface, and access-list 100 was configured
Af
o.rAt
hcecess-list 100 was configured for the trusted interface, and access-list 101 was configured
fuonrtr t
hu
es
ted interface
C. Access-list 100 was configured for the inbound direction, and access-list 101 was
configured for the
outbound direction on the trusted interface
D. Access-list 100 was configured for the inbound direction, and access-list 101 was
configured for the
outbound direction on the untrusted interface
Answer: A
Section: (none)
------------------------------------------------
QUESTION 5
Which three statements about IOS Firewall configurations are true? (choose three)
A. The IP inspection rule can be applied in the inbound direction on the secured interface
B. The IP inspection rule can be applied in the outbound direction on the secured interdace C.
The ACL applied in the outbound direction on the unsecured interface should be an extended
ACL
D. The ACL applied in the inbound direction on the unsecured interface should be an extended
ACL
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for
the
returning traffic must be a standard ACL
Test4exam 帮助通过考
试
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection
rule must
be applied to the secured interface
Answer: ABD
Section: (none)
------------------------------------------------
QUESTION 6
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful
authentication of the
user
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an
IOS
Firewall based on user provided credentials
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password
Section: (none)
------------------------------------------------
QUESTION 7
Refer to the exhibit. Which two statements are true about the authentication method used to
authenticate
users who want privileged access into Router1? (choose two)
Test4exam 帮助通过考试
A. All users will be authenticated using the RADIUS server. If the RADIUS server is
unavailable, the
router will attempt to authenticate the user using its local database
B. All users will be authenticated using the RADIUS server. If the RADIUS server is
unavailable, the
authentication process stops and no other authentication method is attempted
C. All users will be authenticated using the RADIUS server. If the user authentication fails, the
router will
attempt to authenticate the user using its local database
D. All users will be authenticated using the RADIUS server. If the user authentication fails, the
authentication process stops and no other authentication method is attempted
E. The default login authentication method is applied automatically to all lines including
console, auxiliary,
TTY, and VTY lines
Answer: AD
Section: (none)
------------------------------------------------
QUESTION 8
Refer to the exhibit. On the basis of the presented information, which configuration was
completed on the
router CPE?
批注 [雨林木风1]: www.test4
exam.cn
A. CPE(config)# ip nat inside source list 101 interface Dialer0
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
B. CPE(config)# ip nat inside source list 101 interface Dialer0 overload
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
C. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 a
D. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 overlo
Test4exam 帮助通过考试
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
E. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
F. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 overload
CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
Answer: B
Section: (none)
------------------------------------------------
QUESTION
9
Refer to the exhibit. FastEthernet0/0 has been assigned a network address of 200.0.1.2/24
and no ACL
has been applied to that interface. Serial0/0/0 has been assigned a network address of
200.0.0.1/30.
Assuming that there are no network-related problems, which ping will be successful?
F. from 200.0.1.2 to 200.0.0.2
Answer: A
Section: (none)
------------------------------------------------
QUESTION 10
If an edge Label Switch Router (LSR) is properly configured, which three combinations are
possible?
(choose three)
A. A received IP packet is forwarded based on the IP destination address and the packet is
sent as an IP
packed
Test4exam 帮助通过考试
B. An IP destination exists in the IP forwarding table. A received labeled packet is dropped
because the
label is not found in the LFIB table
C. There is an MPLS label-switched path toward the destination. A received IP packet is
dropped because
the destination is not found in the IP forwarding table
D. A received IP packet is forwarded based on the IP destination address and the packet is
sent as a
labeled packet
E. A received labeled IP packet is forwarded based upon both the table and the IP address
F. A received labeled packet is forwarded based on the label. After the label is swapped, the
newly
labeled packet is sent
Answer: ADF Section:
(none)
------------------------------------------------
QUESTION 11
Which approach for identifying malicious traffic involves looking for a fixed sequence of bytes in
a single
packet or in predefined content?
A. policy-based
B. anomalybased
C.
honeypot-based D.
signature-based
E. regular-expression-based
Answer: D
Section: (none)
------------------------------------------------
QUESTION 12
Which three DSL technologies support an analog POTS channel and utilize the entire
bandwidth of the
copper to carry data? (choose three)
A. ADSL
B. IDSL
C. SDSL
D. RADSL
E. VDSL
Answer: ADE
Section: (none)
------------------------------------------------
QUESTION 13
Refer to the exhibit. On the basis of the information that is provided, which statement is true?
Test4exam 帮助通过考试
A. The IOS firewall hsa allowed an HTTP session between two devices
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic
ACL entries
to be created
to be cerated
C. A UDP seeion that started between 192.168.1.116 and 192.168.101.115 caused dynamic
D. Telnet is the only protocol allowed through this IOS firewall configuration
Answer: B
Section: (none)
------------------------------------------------
QUESTION 14
Refer to the exhibit. What Cisco feature generated the configuration?
Test4exam 帮助通过考
A. EZ VPN
B. IOS Firewall
C.
AutoSecure D.
IOS IPS
E. AAA
F. TACACS+
Answer: C
Section: (none)
------------------------------------------------
QUESTION 15
What are three features of the Cisco IOS Firewall feature set? (choose three) A.
network-based application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services
Test4exam 帮助通过考
试
E. proxy server
F. IPS
Answer: BCF
Section: (none)
------------------------------------------------
QUESTION 16
Drag and drop the Cisco IOS commands that would be used to configured the dialer interface
portion of a
PPPoE client implementation where the client is facing the internet and private IP addressing
is used on
the internal network.
configuration?
Exhibit:
Test4exam 帮助通过考
试
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC
Answer: E
Section: (none)
A. encapsulation aal5snap applied to the PVC
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
QUESTION 18
Which three techniques should be used to secure management protocols? (choose three) A.
Configure SNMP with only read-only community strings
B. Encrypt TFTP and syslog traffic in an IPSec tunnel
C. Implemnent RFC 2827 filtering at the perimeter router when allowing syslog access from
devices on
the outside of a firewall
D. Synchronize the NTP master clock with an Interface atomic clock
E. Use SNMP version 2
F. Use TFTP version 3 or above because these version support a cryptographic authentication
mechanism between peers
Answer: ABC
Section: (none)
------------------------------------------------
QUESTION 19
Which two active response capabilities can be configured on an intrusion detection system
(IDS) in
response to malicious traffic detection? (choose two)
A. the initiation of dynamic access lists on the IDS to prevent futher malicious traffic
Test4exam 帮助通过考
试
B. the configuration of network devices to prevent malicious traffic from passing through
C. the shutdown of ports on intermediary devices
D. the transmission of a TCP reset to the offending end host
E. the invoking of SNMP-sourced controls
Answer: BD
Section: (none)
------------------------------------------------
QUESTION 20
What are three objectives that the no ip inspect command achieves? (choose three) A.
removes the entire CBAC configuration
B. removes all associated static ACLs
C. turns off the automatic audit feature in SDM
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ E.
resets all global timeouts and thresholds to the defaults
F. deletes all existing sessions
Answer: AEF
Section: (none)
------------------------------------------------
QUESTION 21
Refer to the exhibit. Which statement describes the results of clicking the OK button in the
Security Device
Manager (SDM) Add a Signature Location widow?
Exhibit:
A. SDM will respond with a message asking for the URL that points to the 256MB.sdf file
B. Cisco IOS IPS will choose to load the 256MB.sdf only if the Built-in Signatures (as backup)
check box
is unchecked
Test4exam 帮助通过考
试
C. If Cisco IOS IPS fails to load the 256MB.sdf, it will load the builtoin signatures provided the
Built-in
Signatures (as backup) check box is checked
D. Cisco IOS IPS will choose to load the 256MB.sdf and then also add the Cisco IOS built-in
signatures
E. SDM will respond with an error that indicates that no such file exists
Answer: C
Section: (none)
------------------------------------------------
QUESTION 22
Which statement is true about a worm attack?
A. Human interaction is required to facilitate the spread
B. The worm executes arbitrary code and installs copies of itself in the memory of the infected
computer
C. Extremely large volumes of requests are sent over a network or over the Internet
D. Data or commands are injected into an existing stream of data. That stream is passed
between a client
and server application
Answer: B
Section: (none)
------------------------------------------------
QUESTION 23
Which three categories of signatures can a Cisco IPS microengine identify? (choose three) A.
DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures
Answer: ACF
Section: (none)
------------------------------------------------
QUESTION 24
Refer to the exhibit. ACL 150 was configured on Router RTA to mitigate against a range of
common
threats. On the basis of the information in the exhibit, which statement is true?
Exhibit:
Test4exam 帮助通过考
试
A. ACL 150 will mitigate common threats
B. Interface Fa0/0 and interface Fa0/1 should have been configured with the IP address
10.1.1.1 and
10.2.1.1, respectively
C. The ip access-group 150 command should have been applied to interface FastEthernet 0/0
in an
inbound clirection
D. The ip access-group 150 command should have been applied to interface FastEthernet 0/0
in an
outbound clirection
E. The ip access-group 150 command should have been applied to interface FastEthernet 0/1
in an
outbound clirection
F. The last statement in ACL 150 should have been access-list 150 permit tcp 10.2.1.0
0.0.0.255 any
established
Answer: A
Section: (none)
------------------------------------------------
QUESTION 25
Which form of DSL technology is typically used as a replacement for T1 lines? A.
VDSL
B.
HDSL C.
ADSL D.
SDSL
E. G.SHDSL
F. IDSL
Answer: B
Section: (none)
------------------------------------------------
QUESTION 26
Test4exam 帮助通过考
试
Which two statements are true about broadband cable (HFC) system? (choose two) A.
Cable modems only operate at Layer 1 of the OSI model
B. Cable modems only operate at Layer 1 and 2 of the OSI model
C. Cable modems only operate at Layer 1, 2 and 3 of the OSI model
D. A function of the cable modem termination system (CMTS) is to convert the modulated
signal from the
cable modem into a cligital signal
E. A function of the cable modem termination system is to convert the digital data stream from
the end
user host into a modulated RF signal for transmission onto the cable system
Answer: BD
Section: (none)
------------------------------------------------
QUESTION 27
Refer to the exhibit. On the basis of the information presented, which configuration change
would correct
the Secure Shell (SSH) problem?
Exhibit:
A. Configure router RTA with the ip domain name domain-name global configuration command
B. Configure router RTA with the crypto key generate rsa general-keys modulus
modulus-number global
configuration command
C. Configure router RTA with the crypto key generate rsa usage-keys modulus
modulus-number global
configuration command
D. Configure router RTA with the transport input ssh vty line configuration command
E. Configure router RTA with the no transport input telnet vty line configuration command
Answer: D
Section: (none)
------------------------------------------------
QUESTION 28
Which statement is true about the management protocols? A.
TFTP data is sent encrypted
B. Syslog data is sent encrypted between the server and device
C. SNMP v1/v2 can be compromised because the community striong information for
authentication is
sent in clear text
D. NTP v.3 does not support a cryptographic authentication mechanlsm between peers
Answer: C
Section: (none)
Test4exam 帮助通过考
试
------------------------------------------------
QUESTION 29
Which PPPoA configuration statement is true?
A. The dsl operating-mode auto command is required if the default mode has been changed
B. The encapsulation ppp command is required
C. The ip mtu 1492 command must be applied on the dialer inteface
D. The ip mut 1496 command must be applied on the dialer interface
E. The ip mut 1492 command must be applied on the Ethernet interface
F. The ip mut 1496 command must be applied on the Ethernet interface
Answer: A
Section: (none)
------------------------------------------------
QUESTION 30
Refer to the exhibit. Which two statements about the Network Time Protocol (NTP) are true?
(choose two)
Exhibit:
A. Router RTA will adjust for eastern daylight savings time
B. To enable authentication, the ntp authenticate command is required on routers RTA and
RTB
C. To enable NTP, the ntp master command must be configured on routers RTA and RTB D.
Only NTP time requests are allowed from the host with IP address 10.1.1.1
E. The preferred time source located at 120.207.244.240 will used for synchronization
regardless of the
other time sources
Answer: AB
Section: (none)
Test4exam 帮助通过考
试
------------------------------------------------
QUESTION 31
Refer to the exhibit. What does the "26" in the first two hop outputs indicate?
Exhibit:
A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router
D. the IPv4 label for the destination router
Answer: B
Section: (none)
------------------------------------------------
QUESTION 32
Which two statements about the Cisco AutoSecure feature are true? (choose two)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8
characters in
length
B. Cisco123 would be a valid password for both the enable password and the enable secret
commands
C. The auto secure command can be used to secure the router login as well as the NTP and
SSH
protocols
D. For an interactive full session of AutoSecure, the auto secure login command should be
used
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto
secure
command is enabled
Answer: CE Section:
(none)
------------------------------------------------
QUESTION 33
An administrator is troubleshooting an ADSL connection. For which OSI layer is the ping atm
interface
command useful for probing problems?
A. Layer 1
B. Layer 2
Test4exam 帮助通过考
试
C. Layer 3
D. Layer 4
Answer: B
Section: (none)
------------------------------------------------
QUESTION 34
Which statements about an IPS is true?
A. The IPS is in the traffic path
B. Only one active interface is required
C. Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS
D. When malicious traffic is detected, the IPS will only send an alert to a mangement station
Answer: A
Section: (none)
------------------------------------------------
QUESTION 35
Which three statements about frame-mode MPLS are true? (choose three)
A. MPLS has three distinct components consisting of the data plane, the forwarding plane, and
the control
plane
B. The control plane is a simple label-based forwarding engine that is independent of the type
of routing
protocol or label exchange protocol
C. The CEF FIB table contains information about outgoing interfaces and their corresponding
Layer 2
header
D. The MPLS data plane takes care of forwarding based on either destination addresses or
labels
E. To exchange labels, the control plane requires protocols such as Tag Distribution Protocol
(TDP) or
MPLS Label Distribution Protocol (LDP)
F. Whenever a router receives a packet that should be CEF-switched, but the destination is
not in the
FIB, the packet is dropped
Answer: DEF
Section: (none)
------------------------------------------------
QUESTION 36
Refer to the exhibit. On the basis of the partial configuration, whitch two statements are true?
(choose two)
Test4exam 帮助通过考
试
Exhibit:
A. A CBAC inspection rule is configured on router RTA
B. A named ACL called SDM_LOW is configured on router RTA
C. A QoS policy has been applied on interfaces Serial 0/0 and FastEthernet 0/1
D. Interface Fa0/0 should be the inside interface and interface Fa0/1 should be the outside
interface
E. On interface Fa0/0, the ip inspect statement should be incoming
F. The interface commands ip inspect SDM_LOW in allow CBAC to monitor multiple protocols
Answer: AF
Section: (none)
------------------------------------------------
QUESTION 37
Which statement about the aaa authentication enable default group radius enable command is
true?
A. If the radius server returns an error, the enable password will be used
B. If the radius server returns a 'failed' message, the enable password will be used
C. The command login authentication group will associate the AAA authentication to a
specified interface
D. If the group database is unavilable, the radius server will be used
Answer: A
Section: (none)
------------------------------------------------
QUESTION 38
Refer to the exhibit. When editing the Invalid DHCP Packet signature using security device
manager
Test4exam 帮助通过考
试
(SDM), which additional severity levels can be chosen? (choose three)
Test4exam 帮助通过考
试
Exhibit:
A. low
B. urgent
C. high D.
debug
E. informational
F. warning
Answer: ACE
Section: (none)
------------------------------------------------:
QUESTION 39
Which two statements about packet sniffers or packet sniffing are true? (choose two)
A. A packet sniffer requires the use of a network adapter card in nonpromiscuous mode to
capture all
network packets that are sent across a LAN
B. Packet sniffers can only work in a switched Ethernet environment
C. To reduce the risk of packet snigging, cryptographic protocols such as Serure Shell
Protocol (SSH) and
Secure Sockets Layer (SSL) should be used
D. To reduce the risk of packet sniffing, strong authentication, such as one time passwords,
should be
used
E. To reduce the risk of packet sniffing, traffic rate limiting and RFC 2827 filtering should be
used
Answer: CD
Test4exam 帮助通过考试
Test4exam 帮助通过考
试
Section: (none)
------------------------------------------------
QUESTION 40
Refer to the exhibit. Which statement best describes Security Device Event Exchange
(SDEE)?
Exhibit:
A. It is an application level communications protocol that is used to exchange IPS messages
between IPS
clients and servers
B. It is a process for ensuring IPS communication between the SDM-enabled devices
C. It is a suite of protocols for ensuring IPS communication between the SDM-enable devices
D. It is an OSI level-7 protocol, and it is used to exchange IPS messages between IPS agents
E. The primary purpose of SDEE is for SDM users to send messages to IPS agents
Answer: A
Section: (none)
------------------------------------------------
QUESTION 41
Which two actions can a Cisco IOS Firewall take when the threshold for the number of
half-opened TCP
sessions is exceeded?
A. It can send a reset message to the endpoints of the oldest half-opened session B.
It can send a reset message to the endpoints of the newest half-opened session C. It
can send a reset message to the endpoints of a random half-opened session
D. It can block all EST packets temporarily for the duration configured by the threshold value
E. It can block all SYN packets temporarily for the duration configured by the threshold value
Test4exam 帮助通过考
试
F. It can block all reset packets temporarily for the duration configured by the threshold value
Answer: AE
Section: (none)
------------------------------------------------
QUESTION 42
What technology must be enable as a prerequisite to running MPLS on a Cisco router
A. process switching
B. routing-table driven switching
C. cache driven switching
D. CEF switching
E. fast switching
Answer: D
Section: (none)
------------------------------------------------
QUESTION 43
Which three statements about hybrid fiber-coaxial (HFC) networks are true? (choose three) A.
A tap produces a significantly larger output signal
B. An amplifier divides the input RF signal power to provide subscriber drop connections
C. Baseband sends multiple pieces of data simultaneously to increase the effective rate of
transmission
D. Downstream is the direction of an RF signal transmission (TV channels and data) from the
source
(headend) to the destination (subscribers)
E. The term CATV refers to residential cable systems
F. Upstream is the direction from subscribers to the headend
Answer: DEF
Section: (none)
------------------------------------------------
QUESTION 44
Which Cisco IOS Firewall Feature Set allows a per-user policy to be downloaded dynamically to
a router
from a TACACS+ or RADIUS server using AAA services? A.
Intrusion Prevention System
B. Reflexive ACLs
C. Authentication Proxy
D. Lock-and-Key (dynamic ACLs)
E. Port-to-Application Mapping
Answer: C
Section: (none)
------------------------------------------------
QUESTION 45
Drag and drop the Cisco IOS commands that would be used to configured the physical
interface portion of
a PPPoE client configuration.
Test4exam 帮助通过考
试
Answer:
Section: (none)
Answer
------------------------------------------------
QUESTION 46
Refer to the exhibit. Which network threat would the configuration in the exhibit mitigate?
Exhibit:
Test4exam 帮助通过考
试
A. DoS ping attacks
B. DoS TCP SYN attack
C. IP address spoofing attack - inbound
D. IP address spoofing attack - outbound
E. SNMP service filtering attack
Answer: A
Section: (none)
------------------------------------------------
QUESTION 47
Which two statements about common network attacks are true? (choose two)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and
man-in-themiddle
attacks
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the
middle
attacks
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the
middle attacks
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection
and
Internet information queries
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and
Internet information queries
Test4exam 帮助通过考试
Test4exam 帮助通过考
试
F. Reconnaissance attacks can consist of ping sweeps. ports scans. man-in-middle attacks
and Internet
information queries
Answer: AE
Section: (none)
------------------------------------------------
QUESTION 48
Refer to the exhibit. All routers participate in the MPLS domain. An IGP propagates the routing
information
for network 10.10.10.0/24 from R5 to R1. However, router R3 summarizes the routing
information to
10.10.0.0/16. How will the routes be propagated through the MPLS domain?
Exhibit:
A. R3, using LDP, will advertise labels for both networks, and the information will be
propagated
throughout the MPLS domain
B. R3 will label the summary route using a pop label. The route will then be propagated
through the rest
of the MPLS domain. R3 will label the 10.10.10.0/24 network and forward to R2 where the
network will
be dropped
C. R3 will label the 10.10.10.0/24 network using a pop label which will be propagated through
the rest of
the MPLS domain. R3 will label the summary route and forward to R2 where the network will be
dropped
D. None of the networks will be labeled and propagated through the MPLS domain because
aggregation
breaks the MPLS domain
Answer: B
Section: (none)
------------------------------------------------
A. Labeled packets can be sent over an interface
B. MPLS Layer 2 negotiations have occurred
C. IP label switching has been disabled on this interface
D. None of the MPLS protocols have been configured on the interface
Answer: D
Test4exam 帮助通过考
试
QUESTION 49
Refer to the exhibit. What statement is true about the interface S1/0 on router R1?
Exhibit:
Section: (none)
------------------------------------------------
QUESTION 50
Refer to the exhibit. FastEthernet0/0 has been assigned a network address of 200.0.1.2/24
and no ACL
has been applied to the interface. Serial0/0/0 has been assigned a network address of
200.0.0.1/30. An
inspection rule of ip inspect name OUTBOUND tcp has been applied to Serial 0/0/0
Assuming that there are no network-related issues, which of the following traffic will be
successful?
(choose two)
Exhibit:
A. a ping from 200.0.1.1 to 200.0.0.2
B. a ping from 200.0.0.2 to 200.0.1.1
Test4exam 帮助通过考
试
C. a ping from 200.0.0.1 to 200.0.0.2
D. a ping from 200.0.1.2 to 200.0.0.1
E. a Telnet from 200.0.1.1 to 200.0.0.2
F. a Telnet from 200.0.0.2 to 200.0.1.1
Answer: CE
Section: (none)
------------------------------------------------
QUESTION 51
Refer to the exhibit. Which configuration option would correctly configure router RTA to
mitigate a range
of threats?
Exhibit:
Test4exam 帮助通过考
试
A. RTA(config)# interface Fa0/0
RTA(config-if)# ip access-group 150 in
B. RTA(config)# interface Fa0/0
RTA(config-if)# ip access-group 150 out
C. RTA(config)# interface Fa0/1
RTA(config-if)# ip access-group 150 in
D. RTA(config)# interface Fa0/1
RTA(config-if)# ip access-group 150 out
E. RTA(config)# line vty 0 4
RTA(config-if)# ip access-group 150 in
F. RTA(config)# line vty 0 4
RTA(config-if)# ip access-group 150 out
Answer: C
Section: (none)
------------------------------------------------
QUESTION 52
Which two statements about packet sniffers or packet sniffing are true? (choose two) A.
Packet sniffers can only work in a switched Ethernet environment
B. To reduce the risk of packet sniffing, traffic rate limitation and RFC 2827 filtering should be
used
C. To reduce the risk of packet sniffing, cryptographic protocols such as SSH and SSL should be
used
D. To reduce the risk of packet sniffing, strong authentication, such as one-time passwords,
should be
used
Answer: CD
Section: (none)
------------------------------------------------
QUESTION 53
Refer to the exhibit. Which of the configuration tasks would allow you to quickly deploy default
Test4exam 帮助通过考
试
signatures?
Exhibit:
A. firewall and ACLs
B. security audit
C. routing
D. NAT
E. intrusion prevention
F. NAC
Answer: E
Section: (none)
------------------------------------------------
QUESTION 54
Which Cisco SDM feature expedites the deployment of the default IPS settings and provides
configuration
steps for interface and traffic flow selection, SDF location, and signature deployment? A.
IPS Edit menu
B. IPS Command wizard
C. IPS Policies wizard
D. IPS Signature wizard
Answer: C
Section: (none)
------------------------------------------------
QUESTION 55
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the
Cisco
Test4exam 帮助通过考试
Security Device Manager (SDM)? (choose three)
Exhibit:
Test4exam 帮助通过考
试
A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router
Answer: CDF
Section: (none)
------------------------------------------------
谢 谢
谢 谢好久没去关注了,今天再去看看,谢谢了!
好久没去关注了,今天再去看看,谢谢了!谢谢楼主。
谢谢楼主。这个贴不错!!!!!
这个贴不错!!!!! [s:156xiexie 到底能不能下啊 谢谢分享!顶起!
页:
[1]