|
Today cleared, I prepar it fromwww.examcheets.com
I had no probs in my test.
Q NO. 1 In which module does the
firewall exist in the SAFE SMR small network design?
A. Internet
B. Campus
C. Corporate
Internet
D. Edge
Answer:
Q NO. 2 HIDS local attack mitigation
is performed on what device within the SAFE SMR small network
corporate Internet module?
A. Layer 2
switches
B. Firewalls
C. Routers
D. Public
services servers
Answer:
Q NO. 3 What is the function of a
crypto map on a PIX Firewall?
A. To
configure a pre-shared authentication key and associate the key with
an IKE peer address or host name.
B. To
configure a pre-shared authentication key and associate the key with
an IPSec peer address or host name.
C. To
specify which algorithms to use with the selected security protocol.
D. To
filter and classify the traffic to be protected.
Answer:
Q NO. 4 Which is a component of
Cisco security solutions?
A. Secure
connectivity
B. Secure
solution
C. Secure
availability
D. Secure
productivity
Answer:
Q NO. 5 How is unauthorized access
mitigated in the SAFE SMR midsize network design corporate Internet
module?
A. CAR at the
ISP edge and TCP setup controls at the firewall.
B. OS and IDS
detection.
C. Filtering at
the ISP, edge router, and corporate firewall.
D. IDS at the
host and network levels.
F. RFC 2827 and
1918 filtering at ISP edge and midsize network edge.
Answer:
Q NO. 6 Choose the true statements
regarding IP spoofing attack and DoS attack. (Choose all that apply)
A IP
spoofing attack is a prelude for a DoS attack.
B. DoS
attack is a prelude for a IP spoofing attack.
C. IP
spoofing attack is generally performed by inserting a string of
malicious commands into the data that is passed between a client and
a server.
D. A DoS
attack is generally performed by inserting a string of malicious
command into the data that is passed between a client and a server.
Answer: A. C
Q NO. 7 The IPSec receiver (the one
who receives the IPSec packets) can detect and reject replayed
packets.
A. True
B. False
Answer: A
Q NO. 8
When configuring
an IKE proposal on a VPN 3000 Concentrator, which of the following
proposal names are valid?
A. Proposal
Name: IKE-3DES
B. Proposal
Name: IKE-3DES-MD5-DH7
C. Proposal
Name: IKE-DH7-3DES-MD5
D. Proposal
Name: IKE-3DES-DH7-MD5
Answer: B
Q NO. 9 Which method will always
compute the password if it is made up of the character set you
selected to test?
A. Brute force
computation
B. Strong
password computation
C. Password
reassemble
D. Brute force
mechanism
Answer: A
Q NO. 10 How are packet sniffers
attacks mitigated in the SAFE SMR small network corporate Internet
module?
A. RFC 2827 and
1918 filtering at ISP edge and local firewall.
B. Switched
infrastructure and HIDS.
C. Protocol
filtering
D. Restrictive
trust model and private VLANs.
E. Restrictive
filtering and HIDS.
Answer: B
Q NO. 11 Which type of attack is
usually implemented using packet sniffers?
A.
Man-in-the-middle
B. DoS
C. Brute force
D. IP spoofing
Answer: A
Q NO. 12 Which three key devices are
in the SAFE SMR small network corporate Internet module? (Choose
three)
A. Servers
B. VPN
concentrators
C. Layer 3
switches
D. Firewalls
E. Layer 2
switches
F. NIDS
Answer: A, D, E
Q NO. 13 Cisco Secure ACS supports
with of the following authentication methods? (Choose all that
apply)
A. Radius
B. MPPE
C. PAP
D. TACACS+
E. PPP
F. CHAP
Answer: A, C,
D, F
Q NO. 14 For the first time you want
to set up your IDS Appliance using IDM (IDS Device Manager): Choose
the steps that you should take:
A. Specify list
of hosts authorized to managed appliance.
B.
Communications Infrastructure.
C. Enter
network setting.
D. Specify
Logging Device.
E. Signatures
Answer: A, B, C
Q NO. 15 What are three of the key
devices in the SAFE SMR small network campus module? (Choose three)
A. Layer 2
switches
B. IOS firewall
C. User
workstations
D. PIX firewall
E. Corporate
servers
F. NIDS
Answer: A, C, E
Q NO. 16 What can mitigate the
chance of a department accessing confidential information on another
department's server through the use of access control in the SAFE
SMR midsize network design midsize network campus module?
A. Layer 2
switch
B. Layer 3
switch
C. General
Layer 4 through 7 analysis
D. General
Layer 1 through 3 analysis
Answer: B
Q NO. 17 Which command implements
Unicast RPF IP spoofing protection?
A. access-list
B. access-group
C. ip verify
reverse-path interface
D. tcp verify
reverse-path interface
E. udp verify
reverse-path interface
Answer: C
|
