1. When logging is enabled for an ACL entry, how does the router switch packets filtered by the ACL?

topology-based switching autonomous switching process switching optimum switching

2. Which statement is true about the wi$ard?

ne!"tep lockdown feature of the CC# "ecurity Audit

It enables the Secure Copy Protocol (SCP). It supports AAA configuration. It enables TCP intercepts. %t sets an access class ACL on &ty lines. It pro ides an option for configuring S!"P # on all routers.

' . What are three common e(amples of AAA implementation on Cisco routers? )Choose three.* authenticating administrator access to the router console port, au(iliary port, and &ty ports authenticating remote users who are accessing the corporate LA+ through %#sec ,#+ connections implementing public $ey infrastructure to authenticate and authori%e IPsec &P! peers using digital certificates implementing command authori$ation with -ACAC". securing the router by loc$ing down all unused ser ices trac$ing Cisco !etflow accounting statistics

'. /efer to the e(hibit. -he administrator can ping the "01011 interface of /outer2 but is unable to gain -elnet access to the router using the password cisco12'. What is a possible cause of the problem? The Telnet connection between (outerA and (outer) is not wor$ing correctly. -he password cisco12' is wrong. The enable password and the Telnet password need to be the same. The administrator does not ha e enough rights on the PC that is being used.

*. /efer to the e(hibit. An administrator has entered the commands that are shown on router /1. At what trap le&el is the logging function set? + ' * ,

3. %f a switch is configured with the storm!control command and the action shutdown and action trap parameters, which two actions does the switch take when a storm occurs on a port? )Choose two.* -he port is disabled. (Corrected by Elfnet) The switch is rebooted. (Original answer) An "+4# log message is sent. The port is placed in a bloc$ing state. The switch forwards control traffic only.

5. Why does a worm poses a greater threat than a &irus poses? -orms run within a host program. -orms are not detected by anti irus programs. -orms directly attac$ the networ$ de ices. Worms are more network!based than &iruses are.

6. When port security is enabled on a Cisco Catalyst switch, what is the default action when the ma(imum number of allowed 4AC addresses is e(ceeded? The iolation mode for the port is set to restrict. The "AC address table is cleared. and the new "AC address is entered into the table. The port remains enabled. but the bandwidth is throttled until the old "AC addresses are aged out. -he port is shut down.

7. Which type of encryption algorithm uses public and pri&ate keys to pro&ide authentication, integrity, and confidentiality? IPsec symmetric asymmetric shared secret

10. Which three statements describe the %#sec protocol framework? )Choose three.* A8 uses %# protocol 91. A/ pro ides encryption and integrity. A8 pro&ides integrity and authentication. 0SP uses 12P protocol *3. 0SP re4uires both authentication and encryption. :"# pro&ides encryption, authentication, and integrity.

55. /efer to the e(hibit. Which interface configuration completes the C2AC configuration on router /1? (5(config)6 interface fa373 (5(config-if)6 ip inspect I!SI20 in (5(config-if)6 ip access-group 81T)81!2 in (5(config)6 interface fa375 (5(config-if)6 ip inspect I!SI20 in (5(config-if)6 ip access-group 81T)81!2 in (5(config)6 interface fa375 (5(config-if)6 ip inspect 81T)81!2 in (5(config-if)6 ip access-group I!SI20 out (5(config)6 interface fa373 (5(config-if)6 ip inspect 81T)81!2 in (5(config-if)6 ip access-group I!SI20 in /1)config*; interface fa011 /1)config!if*; ip inspect <-2 <+= in

/1)config!if*; ip access!group %+"%=: in

12. Which statement describes the operation of the %>: protocol? It uses IPsec to establish the $ey e9change process. It uses sophisticated hashing algorithms to transmit $eys directly across a networ$. %t calculates shared keys based on the e(change of a series of data packets. It uses TCP port *3 to e9change I:0 information between the security gateways.

1'. Which two configuration re?uirements are needed for remote access ,#+s using Cisco :asy ,#+ "er&er, but are not re?uired for site!to!site ,#+s? )Choose two.* group policy lookup (Corrected by Elfnet) IPsec translations (Original Answer) &irtual template interface I:0 policies transform sets

1@. What can be used as a ,#+ gateway when setting up a site!to!site ,#+? Cisco Catalyst switch Cisco router Cisco 1nified Communications "anager Cisco AnyConnect

19. Which type of Layer 2 attack makes a host appear as the root bridge for a LA+? ;A! storm "AC address spoofing "AC address table o erflow "-# manipulation &;A! attac$

5,. /efer to the e(hibit. An administrator has configured a standard ACL on /1 and applied it to interface serial 01010 in the outbound direction. What happens to traffic lea&ing interface serial 01010 that does not match the configured ACL statements? The resulting action is determined by the destination IP address. The resulting action is determined by the destination IP address and port number. The source IP address is chec$ed and. if a match is not found. traffic is routed out interface serial 37375. -he traffic is dropped.

15. -he use of '=:" within the %#sec framework is an e(ample of which of the fi&e %#sec building blocks? authentication confidentiality 2iffie-/ellman

integrity nonrepudiation

5<. /efer to the e(hibit. Which two statements are correct regarding the configuration on switch "1? )Choose two.* #ort Aa019 storm control for broadcasts will be acti&ated if traffic e(ceeds 60.1 percent of the total bandwidth. Port =a37, storm control for multicasts and broadcasts will be acti ated if traffic e9ceeds +.333.333 pac$ets per second. #ort Aa013 storm control for multicasts will be acti&ated if traffic e(ceeds 2,000,000 packets per second. Port =a37* storm control for multicasts will be acti ated if traffic e9ceeds <3.5 percent of the total bandwidth. Port =a37* storm control for broadcasts and multicasts will be acti ated if traffic e9ceeds <3.5 percent of +.333.333 pac$ets per second. 17. What is a characteristic of AAA accounting? Accounting can only be enabled for networ$ connections. 1sers are not re4uired to be authenticated before AAA accounting logs their acti ities on the networ$. (Original) #ossible triggers for the aaa accounting e(ec default command include start!stop and stop! only. (Corrected by Joker!) Accounting is concerned with allowing and disallowing authenticated users access to certain areas and programs on the networ$.

20. A network technician is configuring "+4#&' and has set a security le&el of auth. What is the effect of this setting? authenticates a pac$et using the S/A algorithm only authenticates a pac$et by a string match of the username or community string authenticates a packet by using either the 84AC with 4=9 method or the "8A method

authenticates a pac$et by using either the /"AC "2* or /"AC S/A algorithms and encrypts the pac$et using either the 20S. #20S or A0S algorithms

21. Which action best describes a 4AC address spoofing attack? altering the 4AC address of an attacking host to match that of a legitimate host bombarding a switch with fa$e source "AC addresses forcing the election of a rogue root bridge flooding the ;A! with e9cessi e traffic

22. When configuring a site!to!site %#sec ,#+ using the CL%, the authentication pre!share command is configured in the %"A>4# policy. Which additional peer authentication configuration is re?uired? Configure the message encryption algorithm with the encryptiontype ISA:"P policy configuration command. Configure the 2/ group identifier with the groupnumber ISA:"P policy configuration command. Configure a hostname with the crypto isa$mp identity hostname global configuration command. Configure a #"> with the crypto isakmp key global configuration command.

2'. Which three statements describe limitations in using pri&ilege le&els for assigning command authori$ation? )Choose three.* -here is no access control to specific interfaces on a router. The root user must be assigned to each pri ilege le el defined. Commands set on a higher pri&ilege le&el are not a&ailable for lower pri&ileged users. &iews are re4uired to define the C;I commands that each user can access. Creating a user account that needs access to most but not all commands can be a tedious process. It is re4uired that all 5, pri ilege le els be defined. whether they are used or not.

2@. Which set of Cisco % " commands instructs the %#" to compile a signature category named iosBips into memory and use it to scan traffic? (5(config)6 ip ips signature-category (5(config-ips-category)6 category all

(5(config-ips-category-action)6 retired false /1)config*; ip ips signature!category /1)config!ips!category*; category iosBips basic /1)config!ips!category!action*; retired false (5(config)6 ip ips signature-category (5(config-ips-category)6 category all (5(config-ips-category-action)6 no retired false (5(config)6 ip ips signature-category (5(config-ips-category)6 category ios>ips basic (5(config-ips-category-action)6 no retired false

+*. /efer to the e(hibit. Which three things occur if a user attempts to log in four times within 10 seconds using an incorrect password? )Choose three.* "ubse?uent &irtual login attempts from the user are blocked for 30 seconds. 2uring the 4uiet mode. an administrator can irtually log in from any host on networ$ 5?+.5,.5.37+'. Subse4uent console login attempts are bloc$ed for ,3 seconds. A message is generated indicating the username and source %# address of the user. =uring the ?uiet mode, an administrator can log in from host 152.13.1.2. !o user can log in irtually from any host for ,3 seconds.

23. Which statement describes configuring ACLs to control -elnet traffic destined to the router itself? The AC; must be applied to each ty line indi idually. The AC; is applied to the Telnet port with the ip access-group command. Apply the AC; to the ty lines without the in or out option re4uired when applying AC;s to interfaces. (Original) -he ACL should be applied to all &ty lines in the in direction to pre&ent an unwanted user from connecting to an unsecured port. (Corrected by Joker!)

25. What are three characteristics of the A"A routed mode? )Choose three.* This mode does not support !"s# $o%# or &'C! (elay) (Original) The interfaces of the ASA separate Layer 3 networks and require different IP addresses in different subnets) (Corrected by Elfnet * Joker!) It is the traditional firewall deployment mode. NAT can be implemented between connected networks. (Corrected by Elfnet * Joker!) This mode is referred to as a +bump in the wire), (Original) -n this mode# the A%A is in.isible to an attacker)

26. Which authentication method is a&ailable when specifying a method list for group policy lookup using the CC# :asy ,#+ "er&er wi$ard? Acti e 2irectory :erberos (Original) Certificate Authority /A=%<" (Corrected by Joker! * Andy) TACACS@

27. Which access list statement permits 8--# traffic that is sourced from host 10.1.127.100 port @'00 and destined to host 172.136.'0.10? access-list 535 permit tcp any e4 '#33 access-list 535 permit tcp 5A+.5,<.#3.53 3.3.3.3 e4 <3 53.5.3.3 3.3.+**.+** access-list 535 permit tcp 53.5.5+A.3 3.3.3.+** e4 www 5A+.5,<.#3.53 3.3.3.3 e4 www access!list 101 permit tcp 10.1.126.0 0.0.1.299 e? @'00 172.136.'0.0 0.0.0.19 e? www access-list 535 permit tcp host 5A+.5,<.#3.53 e4 <3 53.5.3.3 3.3.+**.+** e4 '#33

#3. /efer to the e(hibit. What conclusion can be drawn from the e(hibited window when it is displayed on a remote user computer screen? The user has connected to a secure web ser er. -he user has established a client!based ,#+ connection. The user has logged out of the AnyConnect &P! client. The user is installing the AnyConnect &P! client. The user is using a web browser to connect to a clientless SS; &P!.

'1. What will be disabled as a result of the no ser&ice password!reco&ery command? aaa new-model global configuration command changes to the configuration register password encryption ser ice ability to access / 4mon

'2. Which type of %#" signature detection is used to distract and confuse attackers? pattern-based detection anomaly-based detection policy-based detection honey pot!based detection

##. /efer to the e(hibit. An administrator has configured router /1 as indicated. 8owe&er, "=:: messages fail to log. Which solution corrects this problem? Issue the logging on command in global configuration. %ssue the ip ips notify sdee command in global configuration. Issue the ip audit notify log command in global configuration. Issue the clear ip ips sdee e ents command to clear the S200 buffer.

'@. Which attack allows the attacker to see all frames on a broadcast network by causing a switch to flood all incoming traffic? ;A! storm (Original) &;A! hopping STP manipulation 4AC table o&erflow (Corrected by Joker! * Andy) <3+.54 double tagging

#*. /efer to the e(hibit. -he indicated window has appeared in the web browser of a remote user. What is the cause of this message? The user has timed out of an AnyConnect SS; &P! installation. -he user has logged out of a clientless ""L ,#+ session. (Corrected by Joker!) The user has logged out of a Cisco &P! Client session.

The user has logged out of an AnyConnect IPsec &P! session. The user has logged out of an AnyConnect SS; &P! session. (Original)

'3. An administrator has been asked to configure basic access security on a router, including creating secure passwords and disabling unattended connections. Which three actions accomplish this using recommended security practices? )Choose three.* Create passwords with only alphanumeric characters. "et the minimum password length to 10 characters. Set the e9ecuti e timeout parameters on the console port to 5+3 and 3. (Original) "et the e(ecuti&e timeout parameters on the &ty lines to ' and 0. (Corrected by Joker!) :nable the password encryption ser&ice for the router. 0nable login using the Au9 port with the e9ecuti e timeout set to 3 and 3.

'5. Which type of intrusion pre&ention technology is primarily used by Cisco %#" security appliances? rule-based profile-based signature!based !et=low anomaly-based protocol analysis-based

'6. Which type of packets e(iting the network of an organi$ation should be blocked by an ACL? pac$ets that are not encrypted pac$ets that are not translated with !AT packets with source %# addresses outside of the organi$ationCs network address space pac$ets with destination IP addresses outside of the organi%ationBs networ$ address space

'7. An administrator wants to pre&ent a rogue Layer 2 de&ice from intercepting traffic from multiple ,LA+s on a network. Which two actions help mitigate this type of acti&ity? )Choose two.*

=isable =-# on ports that re?uire trunking. Place unused acti e ports in an unused &;A!. Secure the nati e &;A!. &;A! 5. with encryption. "et the nati&e ,LA+ on the trunk ports to an unused ,LA+. Turn off trun$ing on all trun$ ports and manually configure each &;A! as re4uired on each port.

@0. Which command would an administrator use to clear generated crypto keys? (outer(config)6 crypto $ey decrypt (outer(config-line)6 transport input ssh clear (outer(config)6 crypto $ey rsa /outer)config*; crypto key $eroi$e rsa

@1. What occurs after /"A keys are generated on a Cisco router to prepare for secure de&ice management? All ty ports are automatically configured for SS/ to pro ide secure management. The general-purpose $ey si%e must be specified for authentication with the crypto $ey generate rsa general-$eys moduluscommand. The $eys must be %eroi%ed to reset secure shell before configuring other parameters. -he generated keys can be used by ""8.

'+. /efer to the e(hibit. An administrator has configured an A"A 9909 as indicated but is still unable toping the inside interface from an inside host. What is the cause of this problem? An IP address should be configured on the 0thernet 373 and 375 interfaces. (Original) -he no shutdown command should be entered on interface :thernet 011. (Corrected by Joker! * Andy) The security le el of the inside interface should be 3 and the outside interface should be 533.

&;A! 5 should be assigned to interface 0thernet 373 and &;A! + to 0thernet 375. &;A! 5 should be the outside interface and &;A! + should be the inside interface.

'#. /efer to the e(hibit. An administrator is e(amining the message in a syslog ser&er. What can be determined from the message? -his is a notification message for a normal but significant condition. This is an alert message for which immediate action is needed. This is an error message for which warning conditions e9ist. This is an error message indicating the system is unusable.

@@. What is a result of securing the Cisco % " image using the Cisco % " /esilient Configuration feature? -he Cisco % " image file is not &isible in the output of the show flash command. The Cisco I8S image is encrypted and then automatically bac$ed up to a T=TP ser er. The Cisco I8S image is encrypted and then automatically bac$ed up to the !&(A". -hen the router boots up. the Cisco I8S image is loaded from a secured =TP location.

@9. Which two commands are needed on e&ery %#&3 ACL to allow %#&3 neighbor disco&ery? )Choose two.* permit tcp any any ac$ permit icmp any any nd!na permit icmp any any echo-reply permit icmp any any nd!ns permit ip , any any fragments permit ip , any any routing

@3. Which technology does CC# re?uire for configuring remote access ,#+ support with the :asy ,#+ "er&er wi$ard? AutoSecure (ole-)ased C;I Access

AAA port forwarding

@5. What are three goals of a port scan attack? )Choose three.* disable used ports and ser ices determine potential &ulnerabilities identify acti&e ser&ices identify peripheral configurations identify operating systems disco er system passwords

'<. /efer to the e(hibit. An administrator is implementing ,#+ support on an A"A 9909. What type of ,#+ support is being implemented? client-based IPsec &P! using Cisco &P! Client client-based IPsec &P! using AnyConnect client-based SS; &P! using AnyConnect (Original) clientless IPsec &P! clientless ""L ,#+ (Corrected by Joker! * Andy) site-to-site IPsec &P!

@7. Which type of ,#+ may re?uire the Cisco ,#+ Client software? remote access ,#+ SS; &P! site-to-site &P! "P;S &P!

90. "ales representati&es of an organi$ation use computers in hotel business centers to occasionally access corporate e!mail and the in&entory database. What would be the best ,#+ solution to implement on an A"A to support these users? client-based IPsec &P! using Cisco &P! Client (Original answer) client-based IPsec &P! using AnyConnect client-based SS; &P! using AnyConnect clientless IPsec &P! using a web browser clientless ""L ,#+ using a web browser (Corrected by Elfnet) site-to-site IPsec &P!

*5. /efer to the e(hibit. What information can be obtained from the AAA configuration statements? -he authentication method list used for -elnet is named ACC:"". The authentication method list used by the console port is named ACC0SS. The local database is chec$ed first when authenticating console and Telnet access to the router. If the TACACS@ AAA ser er is not a ailable. no users can establish a Telnet session with the router. If the TACACS@ AAA ser er is not a ailable. console access to the router can be authenticated using the local database.

92. What must be configured before any /ole!2ased CL% &iews can be created? aaa new!model command multiple pri ilege le els secret password for the root user usernames and passwords

*#. /efer to the e(hibit. 2ased on the output from the show secure bootset command on router /1, which three conclusions can be drawn regarding Cisco % " /esilience? )Choose three.* A copy of the Cisco I8S image file has been made. A copy of the router configuration file has been made. -he Cisco % " image file is hidden and cannot be copied, modified, or deleted. The Cisco I8S image filename will be listed when the show flash command is issued on (5. The copy tftp flash command was issued on (5. -he secure boot!config command was issued on /1.

9@. What are two disad&antages of using network %#"? )Choose two.* +etwork %#" has a difficult time reconstructing fragmented traffic to determine if an attack was successful. +etwork %#" is incapable of e(amining encrypted traffic. !etwor$ IPS is operating system-dependent and must be customi%ed for each platform. !etwor$ IPS is unable to pro ide a clear indication of the e9tent to which the networ$ is being attac$ed. !etwor$ IPS sensors are difficult to deploy when new networ$s are added.

99. Which statement describes the CC# "ecurity Audit wi$ard? After the wi%ard identifies the ulnerabilities. the CCP 8ne-Step ;oc$down feature must be used to ma$e all security-related configuration changes. After the wi%ard identifies the ulnerabilities. it automatically ma$es all security-related configuration changes. The wi%ard autosenses the inside trusted and outside untrusted interfaces to determine possible security problems that might e9ist. (Original Answer)

-he wi$ard is based on the Cisco % " Auto"ecure feature. (Corrected by Elfnet * Andy) The wi%ard is enabled by using the Intrusion Pre ention tas$.

93. Which three statements describe $one!based policy firewall rules that go&ern interface beha&ior and the traffic mo&ing between $one member interfaces? )Choose three.* An interface can be assigned to multiple security %ones. (Original) Interfaces can be assigned to a %one before the %one is created. #ass, inspect, and drop options can only be applied between two $ones. (Corrected by Joker! * Andy) %f traffic is to flow between all interfaces in a router, each interface must be a member of a $one. Traffic is implicitly pre ented from flowing by default among interfaces that are members of the same %one. -o permit traffic to and from a $one member interface, a policy allowing or inspecting traffic must be configured between that $one and any other $one.

*?. /efer to the e(hibit. Which option tab on the CC# screen is used to &iew the -op -hreats table and deploy signatures associated with those threats? Create IPS 0dit IPS "ecurity =ashboard IPS Sensor IPS "igration

96. Which statement correctly describes a type of filtering firewall? A transparent firewall is typically implemented on a PC or ser er with firewall software running on it. A pac$et-filtering firewall e9pands the number of IP addresses a ailable and hides networ$ addressing design.

An application gateway firewall (pro9y firewall) is typically implemented on a router to filter ;ayer # and ;ayer ' information. A stateful firewall monitors the state of connections, whether the connection is in an initiation, data transfer, or termination state.

97. Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? auditing accounting authori$ation authentication

30. Which three statements should be considered when applying ACLs to a Cisco router? )Choose three.* Place generic AC; entries at the top of the AC;. (Original) #lace more specific ACL entries at the top of the ACL. /outer!generated packets pass through ACLs on the router without filtering. AC;s always search for the most specific entry before ta$ing any filtering action. A ma9imum of three IP access lists can be assigned to an interface per direction (in or out). An access list applied to any interface without a configured ACL allows all traffic to pass. (Corrected by Elfnet * Joker!)