46 A network technician is configuring SNMPv3 and has set a security level of auth. What is the effect of this setting?

authenticates a packet using the SHA algorithm only authenticates a packet by a string match of the username or community string authenticates a packet by using either the HMAC with MD5 method or the SHA method authenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and encrypts the packet using either the DES, 3DES or AES algorithms 47 Which action best describes a MAC address spoofing attack? altering the MAC address of an attacking host to match that of a legitimate host bombarding a switch with fake source MAC addresses forcing the election of a rogue root bridge flooding the LAN with excessive traffic 48 Which three commands are required to configure SSH on a Cisco router? (Choose three.) ip domain-name name in global configuration mode transport input ssh on a vty line no ip domain-lookup in global configuration mode password password on a vty line service password-encryption in global configuration mode crypto key generate rsa in global configuration mode 49

Refer to the exhibit. Which three things occur if a user attempts to log in four times within 10 seconds using an incorrect password? (Choose three.) Subsequent virtual login attempts from the user are blocked for 60 seconds. During the quiet mode, an administrator can virtually log in from any host on network 172.16.1.0/24. Subsequent console login attempts are blocked for 60 seconds. A message is generated indicating the username and source IP address of the user. During the quiet mode, an administrator can log in from host 172.16.1.2. No user can log in virtually from any host for 60 seconds. 50 Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose

two.) Multiple ACLs per protocol and per direction can be applied to an interface. If an ACL contains no permit statements, all traffic is denied by default. The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs. Standard ACLs are placed closest to the source, whereas Extended ACLs are placed closest to the destination. If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface. 51 What is a feature of the TACACS+ protocol? It combines authentication and authorization as one process. It encrypts the entire body of the packet for more secure communications. It utilizes UDP to provide more efficient packet transfer. It hides passwords during transmission using PAP and sends the rest of the packet in plaintext. 52 Which two Cisco IPS management and monitoring tools are examples of GUI-based, centrally managed IPS solutions? (Choose two.) Cisco Adaptive Security Device Manager Cisco IPS Device Manager Cisco Router and Security Device Manager Cisco Security Manager Cisco Security Monitoring, Analysis, and Response System 53

Refer to the exhibit. When configuring SSH on a router using SDM from the Configure menu, which two steps are required? (Choose two.) Choose Additional Tasks > Router Access > SSH to generate the RSA keys. Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol. Choose Additional Tasks > Router Properties > Netflow to generate the RSA keys. Choose Additional Tasks > Router Properties > Logging to specify SSH as the input and output protocol.

Choose Additional Tasks > Router Access > AAA to generate the RSA keys. Choose Additional Tasks > Router Access > Management Access to specify SSH as the input and output protocol. Which5statement describes the operation of the IKE protocol? 4 It uses IPsec to establish the key exchange process. It uses sophisticated hashing algorithms to transmit keys directly across a network. It calculates shared keys based on the exchange of a series of data packets. It uses TCP port 50 to exchange IKE information between the security gateways. 5 5

Refer to the exhibit. Which AAA command logs the activity of a PPP session? aaa accounting connection start-stop group radius aaa accounting connection start-stop group tacacs+ aaa accounting exec start-stop group radius aaa accounting exec start-stop group tacacs+ aaa accounting network start-stop group radius aaa accounting network start-stop group tacacs+ 56 Which three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.) superuser view root view superview CLI view admin view config view 57 An organization requires that individual users be authorized to issue specific Cisco IOS commands. Which AAA protocol supports this requirement? TACACS+ because it separates authentication and authorization, allowing for more customization.

RADIUS because it supports multiple protocols, including ARA and NetBEUI. TACACS+ because it supports extensive accounting on a per-user or per-group basis. RADIUS because it implements authentication and authorization as one process. 58

Refer to the exhibit. Which type of VPN is implemented? remote-access GRE VPN remote-access IPsec VPN remote-access SSL VPN site-to-site GRE VPN site-to-site IPsec VPN site-to-site SSL VPN 59 Which function does an IPS perform? It passively monitors the traffic on a network. It works in inline mode for processing all ingress and egress traffic. It compares the captured traffic stream with known malicious signatures in an offline manner. It can only send an alarm to the management console when malicious traffic is detected. 60 Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.) There is no access control to specific interfaces on a router. The root user must be assigned to each privilege level defined. Commands set on a higher privilege level are not available for lower privileged users. Views are required to define the CLI commands that each user can access. Creating a user account that needs access to most but not all commands can be a tedious process. It is required that all 16 privilege levels be defined, whether they are used or not.