Question 1
Which three statements about WCCP are true? (Choose three.)
- A. The minimum WCCP-Fast Timers message interval is 500 ms.
- B. If a specific capability is missing from the Capabilities Info Component, the router is assumed to support the default capability.
- C. If the packet return method is missing from a packet return method advertisement, the web cache uses the Layer 2 rewrite method.
- D. The router must receive a valid receive ID before it negotiates capabilities.
- E. The assignment method supports GRE encapsulation for sending traffic.
- F. The web cache transmits its capabilities as soon as it receives a receive ID from a router.
Answer : ADE
Explanation:
Reference:
//tools.ietf.org/id/draft-wilson-wrec-wccp-v2-01.txt
Question 2
Which two options are important considerations when you use
NetFlow to obtain the full picture of network traffic? (Choose two.)
- A. It monitors only routed traffic.
- B. It is unable to monitor over time.
- C. It monitors only ingress traffic on the interface on which it is deployed.
- D. It monitors all traffic on the interface on which it is deployed.
- E. It monitors only TCP connections.
Question 3
Which three VSA attributes are present in a RADIUS WLAN Access-Accept packet? (Choose three.)
- A. EAP-Message
- B. Tunnel-Type
- C. LEAP Session-Key
- D. Tunnel-Private-Group-ID
- E. Authorization-Algorithm-Type
- F. SSID
Answer : ABC
Explanation:
Question 4
Which two options are unicast address types for IPv6
addressing? (Choose two.)
- A. global
- B. established
- C. link-local
- D. static
- E. dynamic
Answer : AC
Reference:
//www.ciscopress.com/articles/article.asp?p=2803866&seqNum=4
Question 5
A client computer at 10.10.7.4 is trying to access a Linux server (11.0.1.9) that is running a Tomcat Server application.
What TCP dump filter would be best to verify that traffic is reaching the Linux Server eth0 interface?
- A. tcpdump ""i eth0 host 10.10.7.4 and host 11.0.1.9 and port 8080
- B. tcpdump ""i eth0 host 10.10.7.4 and host 11.0.1.9
- C. tcpdump ""ieth0 dst 11.0.1.9 anddstport 8080
- D. tcpdump ""i eth0src10.10.7.4 anddst11.0.1.9 anddstport 8080
Question 6
Which two statements about uRPF are true? (Choose two.)
- A. The administrator can configure the allow-default command to force the routing table to use only the default route.
- B. In strict mode, only one routing path can be available to reach network devices on a subnet.
- C. The administrator can use the show cef interface command to determine whether uRPF is enabled.
- D. The administrator can configure the ip verify unicast source reachable-via any command to enable the RPF check to work through HSRP routing groups.
- E. It is not supported on the Cisco ASA security appliance.
Question 7
Which three options are fields in a CoA Request code packet? (Choose three.)
- A. length
- B. calling-station-ID
- C. authenticator
- D. acct-session-ID
- E. state
- F. identifier
Answer : ACF
Explanation:
Reference:
//www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-usr-aaa-15-sy-book/sec-rad-coa.html
Question 8
When TCP Intercept is enabled in its default mode, how does it react to a SYN request?
- A. It drops the connection.
- B. It intercepts the SYN before it reaches the server and responds with a SYN-ACK.
- C. It allows the connection without inspection.
- D. It monitors the attempted connection and drops it if it fails to establish within 30 seconds.
- E. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.
Answer : B
Reference:
//www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfdenl.html
Question 9
View the Exhibit.
monitor session 1 source interface gigabitEthernet 0/1
monitor session 1 destination interface gigabitEthernet 0/20 encapsulation
dot1q ingress vlan 3
Refer to the exhibit. What are two functionalities of this configuration? (Choose two.)
- A. The encapsulation command is used to do deep scan on dot1q encapsulated traffic
- B. Traffic will not be able to pass on gigabitEthernet 0/1
- C. The ingress command is used for an IDS to send a reset on vlan 3 only
- D. Traffic will only be sent to gigabitEthernet 0/20
- E. The source interface should always be a VLAN
Question 10
View the Exhibit.
Refer to the exhibit. What are two effects of the given configuration? (Choose two.)
- A. The connection will remain open if the PASV reply command include 5 commas.
- B. TCP connections will be completed only to TCP ports from 1 to 1024
- C. FTP clients will be able to determine the server"™s system type
- D. The client must always send the PASV reply
- E. The connection will remain open if the size of the STOR command is greater than a fixed constant
Question 11
View the Exhibit.
Refer to the exhibit. Which two effects of this configuration are true? (Choose two.)
- A. If the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN 50.
- B. The device allows multiple authenticated sessions for a single MAC address in the voice domain.
- C. If multiple hosts have authenticated to the same port, each can be in their own assigned VLAN.
- D. If the authentication priority is changed, the order in which authentication is performed also changes.
- E. The switch periodically sends an EAP-Identity-Request to the endpoint supplicant.
- F. The port attempts 802.1x authentication first, and then falls back to MAC authentication bypass.
Question 12
Which two options are normal functionalities for ICMP? (Choose two.)
- A. packet filtering
- B. host detection
- C. relaying traffic statistics to applications
- D. path MTU discovery
- E. router discovery
- F. port scanning
Question 13
Which command sequence do you enter to add the host 10.2.1.0 to the CISCO object group?
- A. object-group network CISCOgroup-object 10.2.1.0
- B. object network CISCOnetwork-object object 10.2.1.0
- C. object network CISCOgroup-object 10.2.1.0
- D. object-group network CISCOnetwork-objecthost10.2.1.0
Question 14
View the Exhibit.
Refer to the exhibit. Which effect of this configuration is true?
- A. A downloadable ACL is applied after an AV pair ACL.
- B. For all users, entries in a downloadable ACL are given priority over entries in an AV pair ACL.
- C. The downloadable ACL and the AV pair ACL entries are merged together, one ACE at a time.
- D. The downloadable ACL and AV pair ACL entries are merged immediately when the RADIUS server is activated.
- E. The downloadable ACL and AV pair ACL entries are merged after three connection attempts are made to the RADIUS server.
Answer : A
Reference:
//www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/aaa-radius.html
Question 15
Which two events can cause a failover event on an active/standby setup? (Choose two.)
- A. The stateful failover link fails.
- B. The failover link fails.
- C. The active unit experiences interface failure above the threshold.
- D. The active unit fails.
- E. The unit that was previously active recovers.