What is a dynamic crypto map? (Choose three.

) - Essentially, it is a static crypto map entry without all the parameters configured. - It is used by the router to initiate new IPsec SAs with remote peers. - It is used in evaluating traffic. - It is useful with large networ s and many peers, as well as for !C clients. -------------------Which trun port supports simultaneous tagged and untagged traffic? - ISL trunk port - IEEE "#$.%& trun port - 802.10 - RS P -------------------What is the 'uality that most distinguishes EI()! from other routing protocols? - con!er"ence time - #ink-state mechanisms - route selection - de$au#t route mechanisms - si%e o$ routin" tab#e -------------------*ow many +!s can the W,-.-/ased W0- support? - 100 - 200 - 1## (2### clients) - &00 -------------------Which 3-!4 pac et type contains information a/out the hello5dead timer, the area I0, the router priority, 0)560) I! address, and the stu/ area flag? - LSR - '(' - *ello - LS) -------------------Which protocol is used to agree on a common session ey for the I7E tunnel? - 0iffie-*ellman - ISA*+P - I*, - SP- ,SP

*ow many ./ps of I0-5I!- inspection is the I0-.-$ a/le to support? - 100 - 2.0 - &00 - 8## -------------------What does the Engine96uild94ailed message usually indicate? :he rule was not properly formatted. he si"nature editin" was incomp#ete. he en"ine ran out o$ memory. he en"ine needs to be reinsta##ed.

-------------------Which routing protocol uses ;ser 0atagram !rotocol (;0!) and has its updates sent unrelia/ly with /est-effort delivery? - I/RP - ,I/RP01SP- )I! - (/P - IS-IS -------------------What should a good security policy do? - de$ine data and assets to be co!ered by the po#icy - inc#ude risk assessment - include incident response - de$ine trust re#ationships -------------------Which algorithm used /y I!sec produces a <2-/it fingerprint? - the *.+C algorithm - the 'i$$ie-2e##man a#"orithm - S2A - I*, - ,SP -------------------What aspect of the I!sec -+ negotiation protects the data flows specified /y that crypto map entry=s access list? - I*, - $irewa## A3L - the transform set defined in the crypto map entry - crypto peer

- asymmetric encryption -------------------What are /uilt-in signatures for I0- sensors called? - attac signatures - custom si"natures - nati!e si"natures - automatic si"natures -------------------Every in/ound pac et is chec ed against the connection state information in memory, as well as which additional element? - the stateful pac et inspection algorithm - the -I( - the 3,- the RA'I)S ser!er -------------------What is a 0.> networ ? - a network used $or untrusted hosts - a /uffer ?one used to isolate traffic that comes from an untrusted networ - a ser!er network outside the $irewa## - a network used by anti-mi#itary acti!ists - an inside subnet "i!en specia# access #ist processin" -------------------Which command correctly configures the *-)! *ello Interval to five seconds? - Switch4con$i"56standby he##otime . - Switch4con$i"56standby 10 timers . 1. - -witch(config-if)@stand/y %# timers 8 %8 - Switch4con$i"-i$56standby he##otime . -------------------What choices do you have for assigning an action? (Choose two.) - alarm - drop - reboot - o!erride - subdue -------------------What is the valid range of A,+B I0s specified in the IEEE "#$ %& standard? - 1 to 102& - # to C#<C

- 1 to &7&0 - 0 to &102 -------------------What must you do to configure a router running EI()! so that it advertises su/nets across a classful networ /oundary? - ,nter the ip c#ass#ess command. - 8othin"9,I/RP is a c#ass#ess protoco# that does not automatica##y summari%e. - 8othin"9there is no way to accomp#ish this type o$ con$i"uration. - Enter the no auto-summary command.

Which statements descri/e policies when designing cryptographic solutions? (Choose three.) - Identify re'uirements. - Identi$yin" constraints is not necessary. - -elect appropriate mechanisms and services. - 'etermine areas o$ the or"ani%ation ac:uirin" new properties. - ;tili?e security policies. -------------------In the relationship /etween the 0), the 60), and each router in the networ , what criterion determines which router serves as the master in the eDchange process? he router with the #owest I' acts as the master. :he router with the highest I0 acts as the master. he router with the #owest IP address acts as the master. he router with the #owest priority acts as the master.

-------------------Which statements are true of I7E configuration? (Choose two.) - his $eature is desi"ned to enab#e the con$i"uration mode $or e!ery I*, connection by de$au#t. - :he gateway can initiate the configuration mode with the client. - :he client can initiate the configuration mode with the gateway. - Inter$aces with crypto maps that are con$i"ured $or I*, mode con$i"uration may e;perience a short connection setup time. -------------------Which type of antenna gives wide angle unidirectional coverage /ut is fairly tolerant of orientation? - omni - <a"i - patch - parabo#ic dish

-------------------What are the capa/ilities provided /y the mas included in )I!v$? (Choose three.) - classless routing - A,-. - $aster con!er"ence - manual route summari?ation - route #oad-ba#ancin" -------------------What information does the +-0. home page B3: show? - configured signatures - states o$ the inter$ace - !ersion that is runnin" - #icensin" in$ormation - per$ormance in$ormation -------------------0isa/ling which service will prevent any system from determining the model num/er and the Cisco software version /eing run? - C0! - S8+P - ,ncryption Ser!ice - IP Identi$ication Ser!ice -------------------If a harsh environment /ecomes a factor in router placement, what can /e used for protection from the elements? - e$#on enc#osure - dedicated rack - sealed /oD - space heater -------------------Which redundancy features are offered /y A))!? (Choose two.) - A))! provides redundancy for the real I! address of a router or for a virtual I! address shared among the A))! group mem/ers. - + A))! group has one master router and one or more /ac up routers. - =RRP is proprietary and pro!ides redundancy on#y $or an a##-3isco network. - =RRP a##ows mu#tip#e acti!e $orwardin" routers at one time. -------------------What is the approach used to provide default values on many of the features and reduce the compleDity of setting up a site-to-site A!B? - ,asy =P8

- ,;press Setup - &uic -etup - 3#ick-to-=P8 button - 'e$au#t button -------------------What percentage of overlap is re'uired for smooth, relia/le handoffs /etween +!s? - 10 percent - %8 percent - 20 percent - 2. percent -------------------Which modes can the Cisco Easy A!B remote client operate in? (Choose two.) - Remote 3#ient mode - Client mode - Betwor EDtension mode - 3#ient 8etwork mode -------------------Which protocol ma es I!sec more scala/le /y simplifying the ey management? - ,ncapsu#atin" Security Protoco# 4,SP5 - Internet Security Association and *ey +ana"ement Protoco#s 4ISA*+P5 - Authentication 2eader 4A25 - Internet 7ey EDchange (I7E) -------------------Each interface participating in 3-!4 uses what I! multicast address to send periodic hello pac ets? - $$C.#.#.8 - 22&.0.0.10 - 22&.0.0.> - 22&.0.0.1 -------------------What must you do /efore you can edit signatures? - Authenticate to the IPS en"ine. - 'own#oad a $resh copy o$ the ru#e $rom 3isco. - 3hoose the si"nature action. - Ena/le an I!- rule. -------------------+ W0- +! serving clients can support 1# mem/er +!s. If the W0- +! is dedicated, how many mem/er +!s can it support?

- 20 - ?0 - 2# - 70 -------------------:he optimal num/er of 3-!4 routers per area varies /ased on factors such as networ sta/ility, /ut Cisco recommends no more than how many routers per area? - 20 to .0 routers - >0 to 80 routers - 8# to %## routers - 100 to 1.0 routers -------------------What authentication system relies on eys from /oth the sender and the receiver? - username0password - !7I - preshared key - biometric -------------------What is a signature? - a set of rules used to detect typical intrusive activity - an identi$ication system - a di"ita# proo$ o$ identity - the #o" pattern indicatin" a se:uence o$ ma#icious packets - an encrypted ticket used to indicate @trusted@ packets -------------------What client software must /e installed on a host whose host policy state has to /e validated /efore permitting networ access? - 33A +ana"er - 33A A"ent - C:+ - no specia# so$tware is re:uired -------------------What are used to define which type of I! traffic will /e protected /y crypto and which traffic will not? - crypto peers - crypto access lists - I*, authentication methods - $irewa## A3Ls - 8A ru#es

-------------------In addition to offering various defensive and notification mechanisms, what would C-+ have the a/ility to do in the event of an un nown attac crashing a we/ server? AA Incorrect AA BB - Send e-mai# to administrators. - Send e-mai# to 3isco. - It cou#d restart the ser!er process. - Resume user state a$ter reboot.

-------------------Inbound and outbound ACLs can be set up on interfaces by choosing which options? - Access Rules and Interface Configuration - Security Policy and Interface Configuration - Security Policy and Access Rules - Security Policy and Syslog

-------------------How many modules does the Cisco I S!-" allow to be installed simultaneously# while still pro$iding traffic inspection and protection? - Four - Six - %ight - Ten

What service will detect which users are logged in to a networ device? PA' Ser!ice 3P0)'P 4inger -er$ice IP (11 P Ser!er

What is the Holddown timer

It is an inter!al" in seconds" when routing information regarding a worse or e#ui!alent metric $ath is su$$ressed% &our answer ' It is an inter!al of time" in seconds" when a route is declared in!alid% It is an amount of time" in seconds" that must $ass (efore the route is remo!ed from the routing ta(le% It is a rate" in seconds" at which u$dates are sent

Incorrect