Question 1.
When configuring the Cisco VPN Client with transparent tunneling, what is true about the IPSec over TCP option?

A. The port number is negotiated automatically.
B. Clients will have access to the secured tunnel and local resources.
C. The port number must match the configuration on the secure gateway.
D. Packets are encapsulated using Protocol 50 (Encapsulating Security Payload, or ESP).

Answer: C

Question 2.
Refer to the exhibit.
 
MPLS must be enabled on all routers in the MPLS domain that consists of Cisco routers and equipment of other vendors. 

What MPLS distribution protocol(s) should be used on router R2 Fast Ethernet interface Fa0/0 so that the Label Information Base (LIB) table is populated across the MPLS domain?

A. Only LDP should be enabled on Fa0/0 interface.
B. Only TDP should be enabled on Fa0/0 interface.
C. Both distribution protocols LDP and TDP should be enabled on the Fa0/0 interface.
D. MPLS cannot be enabled in a domain consisting of Cisco and non-Cisco devices.

Answer: C

Question 3.
Which two statements about common network attacks are true? (Choose two.)

A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man in-
    the- middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the- 
    middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the- middle 
    attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection 
    and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet 
    information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and 
    Internet information queries.

Answer: A, E

Question 4.
Which two statements about worms, viruses, or Trojan horses are true? (Choose two.)

A. A Trojan horse has three components: an enabling vulnerability, a propagation mechanism, 
    and a payload.
B. A Trojan horse virus propagates itself by infecting other programs on the same computer.
C. A virus cannot spread to a new computer without human assistance.
D. A virus has three components: an enabling vulnerability, a propagation mechanism, and a 
    payload.
E. A worm can spread itself automatically from one computer to the next over an unprotected 
    network.
F. A worm is a program that appears desirable but actually contains something harmful.

Answer: C, E

Question 5.
Which two statements about management protocols are true? (Choose two.)

A. Syslog version 2 or above should be used because it provides encryption of the syslog 
    messages.
B. NTP version 3 or above should be used because these versions support a cryptographic 
    authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for 
    management packets.
D. SSH, SSL and Telnet are recommended protocols to remotely manage infrastructure devices.
E. TFTP authentication (username and password) is sent in an encrypted format, and no 
    additional encryption is required.

Answer: B, C

Question 6.
Which two statements about the Cisco Autosecure feature are true? (Choose two.)

A. All passwords entered during the Autosecure configuration must be a minimum of 8 characters 
    in length.
B. Cisco 123 would be a valid password for both the enable password and the enable secret 
    commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH 
    protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure 
    command is enabled.

Answer: C, E

Question 7.
Which three statements are correct about MPLS-based VPNs? (Choose three.)

A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN 
    membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-iniated deployments.
E. A VPN client is not required for users to interact with the network.
F- An MPLS-based VPN is highly scalable because no site-to-site peering is required.

Answer: A, E, F

Question 8.
Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?

A. 3DES
B. multipoint GRE
C. tunnel
D. transport

Answer: D

Question 9.
Which two statements are true about broadband cable (HFC) systems? (Choose two.)

A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal 
    from the cable modem into a digital signal.
F. A function of the cable modem termination system is to convert the digital data stream from the 
   end user host into a modulated RF signal for transmission onto the cable system.

Answer: B, D

Question 10.
Refer to the exhibit.
 
Which two statements about the AAA configuration are true? (Choose two.)

A. A good security practice is to have the none parameter configured as the final method used to 
    ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be 
    able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available. then the user Bob could be able to enter privileged 
    mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method 
    previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.

Answer: D, F

	Web www.certsbraindumps.com