| How do cable modems transfer data across local cable TV lines? | |
| | carries analog signals end-to-end |
| | carries digital signals end-to-end |
| | toggles between radio frequency and analog data signals |
| | modulates digital data to an RF and transmits it at a specific frequency |
| |
| ||||||||||
| |
| ||||||||||
| |
| ||||||||||||||
|
| |
| | The subnet mask for the DHCP pool is incorrect. |
| | The default router that is specified in the DHCP pool is incorrect. |
| | The DHCP excluded addresses are incorrect. |
| | The command ip nat inside and ip nat outside were issued on the incorrect interfaces. |
| | The overload keyword should be removed. |
| Which statement is true about the use of dead peer detection (DPD) within an IPsec environment? | |
| | DPD and Cisco IOS keepalives are sent together. |
| | DPDs are sent at regular intervals. |
| | DPDs are sent when no traffic is flowing. |
| | DPDs are sent by default only when the IKE policy is initiated. |
| | Cisco IOS keepalives are sent by default instead of the DPDs. |
|
| |
| | The key will not be sent encrypted to the peer. |
| | The default authentication has been changed. |
| | The local IP address is 172.16.153.2. |
| | Access-list 2 will be referenced to control traffic. |
|
| |
| | crypto isakmp policy 15 |
| | crypto isakmp policy 15 |
| | crypto isakmp policy 15 |
| | crypto isakmp policy 15 |
| | crypto isakmp policy 15 |
| If SDM is being used, which statement is true when no IKE policies have been configured on a router? | |
| | The hash algorithm used will be MD5. |
| | The lifetime will be unlimited. |
| | Pre-share authentication will be used. |
| | 3DES encryption will be used. |
| |
| ||||||||||||
|
| |
| | Selecting the interface on which the client connections will terminate. |
| | Configuring IKE policies. |
| | Configuring an IPSec transform set. |
| | Configuring a group policy lookup method. |
| | Configuring user authentication. |
| | Configuring group policies on the local router. |
| Which two statements about the Cisco Easy VPN Client for Windows are true? (Choose two.) | |
| | Previously installed versions of the Cisco Easy VPN Client do not have to be uninstalled before proceeding with a new installation. |
| | Previously installed versions of the Cisco Easy VPN Client must be uninstalled before proceeding with a new installation. |
| | The Cisco Easy VPN Client can be installed by using either InstallShield or the Microsoft Windows Installer (MSI). |
| | The Cisco Easy VPN Client can only be installed by using InstallShield. |
| | The Cisco Easy VPN Client can only be installed by using the Microsoft Windows Installer (MSI). |
| | The Cisco Easy VPN Client is only compatible with a Cisco Easy VPN server. |
| |
| ||||||||||||
|
| |
| | Traffic cannot flow between network A and network B until NAT is activated on RTA. |
| | Because access-list 101 does not permit TCP or UDP, traffic will not be encrypted. |
| | Routers inside the Internet will see packets with the destination IP address of 128.107.155.2. |
| | Routers inside the Internet will see packets with the destination IP address of 192.168.0.2. |
| | Traffic will go through an IPsec tunnel. |
| | Traffic will go through a GRE tunnel. |
| An MPLS network consists of label switching routers (LSR) and edge LSRs. What are two functions of an edge LSR but not functions of an LSR? (Choose two.) | |
| | adding labels |
| | removing labels |
| | forwarding of packets |
| | exchanging Layer 3 routing information |
| | exchanging labels |
| | populating an LFIB |
| Which two statements are characteristics of MPLS? (Choose two.) | |
| | Frame Mode MPLS inserts a 32-bit label between the Layer 2 and Layer 3 headers. |
| | Frame Mode MPLS inserts a 53-bit label between the Layer 2 and Layer 3 headers. |
| | Frame Mode MPLS uses the virtual path identifier/virtual channel identifier (VPI/VCI) fields in the ATM header to label the frame. |
| | MPLS over ATM inserts a 32-bit label between the Layer 2 and Layer 3 headers. |
| | MPLS over ATM inserts a 53-bit label between the Layer 2 and Layer 3 headers. |
| | MPLS over ATM uses the virtual path identifier/virtual channel identifier (VPI/VCI) fields in the ATM header to label the frame. |
| |
| ||||||||||||||
| Which VPN implementation model provides optimum routing between customer sites without any special design or configuration effort? | |
| | overlay VPNs |
| | GRE VPNs |
| | VPDN VPNs |
| | peer-to-peer VPNs |
| | non-service-provider MPLS VPNs |
| What is the benefit of implementing the peer-to-peer VPN model? | |
| | The service provider takes care of configuration tasks when adding new VPN sites. |
| | A full mesh of VCs between customer sites is used to provide optimum intersite routing. |
| | The service provider does not participate in customer routing. |
| | The service provider PE routers carry all customer routes. |
| What is the length of a VPNv4 address that uses MPLS-VPN with route distinguishers (RD)? | |
| | 32 bits |
| | 48 bits |
| | 64 bits |
| | 96 bits |
| | 128 bits |
| | 160 bits |
| |
| ||||||||||||||
| Which two statements are correct about applying the mpls ip command on a router interface? (Choose two.) | |
| | Label switching is enabled on the interface. |
| | The command mpls ip must be run on another interface before label switching is enabled. |
| | Because the interface will now use labels to forward IP packets, the interface will no longer transmit or receive routing updates. |
| | The interface will not forward packets until it establishes an MPLS neighbor. |
| | A non-proprietary protocol that is used to distribute labels is activated. |
| | A Cisco proprietary protocol that is used to distribute labels is activated |
| p interface configuration command. What additonal configuration is required to prevent fragmentation across the MPLS network? | |
| | Serial interfaces require the mpls mtu 1492 command. |
| | Ethernet interfaces require the mpls mtu 1492 command. |
| | Serial interfaces require the mpls mtu 1512 command. |
| | Ethernet interfaces require the mpls mtu 1512 command. |
| | MPLS will automatically sense the interface mtu and ensure all frames are within this MTU limit. No extra configuration is required. |
|
| |
| | RTA(config)# interface Serial 0 |
| | RTA(config)# interface Serial 0 |
| | RTA(config)# interface FastEthernet 0/0 |
| | RTA(config)# interface FastEthernet 0/0 |
| | RTA(config)# interface FastEthernet 0/1 |
| | RTA(config)# interface FastEthernet 0/1 |
| ABC Company has configured a full mesh of GRE tunnels to link remote sites via the Internet. Which two statements correctly describe the site interconnections? (Choose two.) | |
| | ABC Company now has a peer-to-peer Layer 3 VPN between sites. |
| | ABC Company now has an overlay Layer 2 VPN between sites. |
| | ABC Company now has an overlay Layer 3 VPN between sites. |
| | All ABC Company subnets will need to be advertised to the Internet to provide Layer 3 connectivity. |
| | This cannot be considered a virtual private network unless IPsec is enabled. |
| | ABC Company routers attached to the Internet can exchange routing updates directly with one another across GRE tunnels. |
| Refer to the exhibit. Which statement is correct about the peer-to-peer VPN model shown? | |
| | The model outlines a network that uses tunnels to establish secure communications between Site#1 and Site#2. |
| | The model outlines a network that interconnects Site#1 and Site#2 via Frame Relay permanent virtual circuits. |
| | The model outlines a network that allows routers attached to Site#1 and Site#2 to advertise routes across the WAN without routers inside the WAN participating in the routing updates. |
| | The model outlines a network that provides point-to-point links between Site#1 and Site#2 unknown to devices inside the WAN. |
| | The model outlines a network that allows routers attached to Site#1 and Site#2 to advertise private routes across the WAN with routers inside the WAN participating in the private routing updates. |
| ABC Company has subscribed to a carrier-provided, full-mesh Frame Relay network. Which two statements correctly describe this network? (Choose two.) | |
| | ABC Company now has a peer-to-peer Layer 2 VPN between sites. |
| | ABC Company now has an overlay Layer 2VPN between sites. |
| | The carrier participates in ABC Company routing updates across the Frame Relay network. |
| | The carrier only provides Layer 3 point-to-point links between sites and does not participate in ABC Company routing updates across the Frame Relay network. |
| | The Frame Relay network cannot be considered a virtual private network unless IPsec is enabled. |
| | ABC Company routers that are attached to the Frame Relay network can exchange routing updates directly with one another. |
| |
| ||||||||||||||
| |
| ||||||||||||||
| |
| ||||||||||||
| |
| ||||||||||||
| What is the maximum number of methods that can be specified in an AAA authentication method list? | |
| | 1 |
| | 4 |
| | 6 |
| | unlimited |
| Which command is used to display TACACS+ configuration and setting information? | |
| | show authentication |
| | show tacacs |
| | show statistics tacacs |
| | show tacacs settings |
| Which keyword is used for minimal accounting and sends a stop record accounting notice at the end of the requested user process? | |
| | stop-only |
| | start-stop |
| | wait-stop |
| | end-stop |
| |
| ||||||||||
| Which statement about the login block-for 15 attempts 3 within 5 command is true? | |
| | The hosts that are predefined in the ACL are not subjected to the quiet time. |
| | After 10 login attempts, the quiet period will start. |
| | Connection attempts made via Telnet and SSH are not affected by the quiet period. |
| | Once the quiet period is activated, it will last for 15 seconds. |
| | This command only applies to hosts defined by ACL 15. |
| Which sequence of steps is recommended for worm attack mitigation? | |
| | Step 1: Containment |
| | Step 1: Containment |
| | Step 1: Inoculation |
| | Step 1: Inoculation |
| | Step 1: Quarantine |
| | Step 1: Quarantine |
| |
| ||||||||||||||
| Which two statements are true about network attacks that use intelligence? (Choose two.) | |
| | A Trojan horse can contain a worm. |
| | A virus can contain a Trojan horse and worms. |
| | A worm can contain a Trojan horse. |
| | A worm can contain a Trojan horse and viruses. |
| | A worm executes and installs copies of itself in the memory of the infected computer. |
| |
| ||||||||||||
| Which range of custom privilege levels can be configured on Cisco routers? | |
| | 1 through 15 |
| | 0 through 14 |
| | 1 through 16 |
| | 2 through 14 |
| | 2 through 15 |
| | 0 through 15 |
|
| |
| | The login authentication DEFAULT command is missing in line vty 0 4 configuration mode. |
| | The vty lines have not been configured, so by default telnet access is denied. |
| | The login command is missing in line vty 0 4 configuration mode. |
| | AAA has not been configured on RTB. |
| | Telnet has been restricted outgoing on RTB. |
|
| |
| | The login authentication default command is missing in line vty 0 4 configuration mode. |
| | The login authentication default-list command is missing in line vty 0 4 configuration mode. |
| | The login command is missing in line vty 0 4 configuration mode. |
| | The peer relationship with the TACACS+ server is unknown. |
| | The TACACS+ server address and key have not been configured. |
| | The user entered an invalid username and password. |
| Which two benefits does stateful packet filtering have over packet filtering or application layer gateways? (Choose two.) | |
| | requires less memory |
| | does not require CEF |
| | modifies the source of traffic |
| | has higher performance |
| | operates mainly at the network layer |
| | is application-aware |
| |
| ||||||||||||
| Which statement is true about configuring the Cisco IOS Firewall interfaces? | |
| | Only one interface can be configured on a device, and the direction can be configured for both inbound and outbound. |
| | Only one interface can be configured on a device, and the direction can be configured for either inbound or outbound. |
| | More than one interface can be configured on a device, but rules can only be applied in a single direction. |
| | More than one interface can be configured on a device, and a separate rule can be configured for the inbound and outbound direction, respectively. |
| Which Cisco IOS Firewall feature statement is true? | |
| | Administrators cannot define their own custom IPS signatures. |
| | Cisco IOS Firewall cannot filter UDP packets. |
| | The authentication proxy is compatible with other Cisco IOS security features, such as NAT, IPsec, and VPN client software. |
| | The Cisco IOS Firewall feature set can only be configured using the SDM. |
| | The Cisco IOS Firewall feature set is included on all IOS 12.4 images or higher. |
| | When a match against a signature is detected by the Cisco IOS Firewall IPS, it can be configured to reset a UDP connection. |
| What are the two guidelines for applying inspection rules and ACLs on the router interface where traffic initiates? (Choose two.) | |
| | Apply a rule in the inbound direction that inspects wanted traffic. |
| | Apply a rule in the outbound direction that inspects wanted traffic. |
| | In the inbound direction apply an ACL that permits only wanted traffic. |
| | In the outbound direction apply an ACL that permits only wanted traffic. |
| | In the inbound direction apply an ACL to deny all traffic that has not been inspected by the firewall. |
| What is the primary use of the state information on a Cisco IOS Firewall? | |
| | to enable logging of traffic |
| | to verify the content of the traffic |
| | to allow deeper packet inspection for stateless protocols such as UDP, as well as for more complex protocols including GRE and IPsec |
| | to allow a temporary opening in the ACL and permit return traffic based on permissible sessions |
| | to eliminate the possibility of embryonic connections |
| Which two statements about the use of a Cisco IOS firewall are true? (Choose two.) | |
| | The Cisco IOS Firewall provides stateful packet filtering. |
| | Standard ACLs are no longer needed when the Cisco IOS Firewall is being used. |
| | The Cisco IOS Firewall is unable to detect fragmented packets. |
| | The Cisco IOS Firewall is application-aware and can inspect a session in more detail than can packet filtering. |
| | The Cisco IOS Firewall can handle UDP connections in the exact same manner that TCP connections are handled. |
| Which three statements about router services are true? (Choose three.) | |
| | BOOTP server is disabled by default and should be enabled to support DHCP. |
| | Configuration auto-loading is enabled by default but should be disabled if not required. |
| | Finger service is enabled by default but should be disabled if not required. |
| | ICMP unreachable notifications are enabled by default but should be disabled on untrusted interfaces. |
| | Proxy ARP is disabled by default and should remain disabled if not required. |
| | TCP keepalives are disabled by default but should be enabled globally. |
| Which two statements about router services are true? (Choose two.) | |
| | Cisco Discovery Protocol (CDP) is enabled by default but should be disabled if not required. |
| | The FTP server is enabled by default but should be disabled if not required. |
| | ICMP redirects are enabled by default and should remain enabled. |
| | IP source routing is enabled by default and should remain enabled. |
| | The Network Time Protocol (NTP) is enabled by default but should be disabled if not required. |
| | Simple Network Management Protocol (SNMP) is enabled by default but should be disabled if not required. |
|
| |
| | Incoming traffic that matches state table entries will be logged. |
| | All incoming IP traffic on the outside interface will be blocked unless the traffic matches state table entries. |
| | ICMP packet-too-big messages incoming on the outside interface will not match in the state table but will be permitted. |
| | All incoming traffic on the outside interface will be logged. |
|
| |
| | Double-clicking the field name Source will sort the list alphabetically in ascending or descending order. |
| | Firewall features should only be applied in an outbound direction. |
| | Interface Fa0/0 is on the inside trusted network. |
| | The IOS firewall configuration is incomplete. |
| | The firewall will filter and deny CUSseeMe protocol traffic. |
| How are Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) components used conjunctively? | |
| | The IDS blocks offending traffic and the IPS verifies that offending traffic was blocked. |
| | The IDS will send alert messages about "gray area" traffic while the IPS will block malicious traffic. |
| | The IPS will block all traffic that the IDS does not mark as legitimate. |
| | The IPS will send alert messages when the IDS sends traffic through that is marked as malicious. |
|
| |
| | A = Adjacency Table |
| | A = BGP Table |
| | A = BGP Table |
| | A = IP Routing Table |
| | A = IP Routing Table |
