NEW QUESTION 1
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?

• A. STP bpdu guard
• B. STP root guard
• C. SPT bpdu filter

Answer: B

NEW QUESTION 2
A security engineer must evaluate Cisco Security Manager. Which two options are benefits of using Cisco Security Manager to manage security? (Choose two)

• A. Configuration of access control plane policies on multiple Cisco ASA firewalls at once
• B. automatic software upgrades on multiple firewall devices
• C. ability to console into each firewall from centralized management
• D. configuration of ACLs on multiple Cisco VSG firewalls at once
• E. configuration of IPS signatures on multiple Firepower sensors at once

Answer: BE

Explanation:
automatic software upgrades on multiple firewall devices configuraion of IPS signatures on multiple Firepower sensors at once

NEW QUESTION 3
A network engineer wants to add new view to an IOS device configured with RBAC. Which privilege
is required for that task?

• A. Level 16
• B. Level 15
• C. root view
• D. admin view

Answer: B

NEW QUESTION 4
An engineer has downloaded the database files for botnet traffic filtering on an AS

• A. Where are these database files stored?
• B. flash memory
• C. SSD drive
• D. ROMMON
• E. running memory

Answer: A

NEW QUESTION 5
Refer to the exhibit.

Which two statements about this firewall output are true? (Choose two.)

• A. The output is from a packet tracer debug.
• B. All packets are allowed to 192.168.1.0 255.255.0.0.
• C. All packets are allowed to 192.168.1.0 255.255.255.0.
• D. All packets are denied.
• E. The output is from a debug all command.

Answer: AC

NEW QUESTION 6
Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose
three.)

• A. Service
• B. Change Audit
• C. Vendor Advisory
• D. TAC Service Request
• E. Validated Design
• F. Smart Business Architecture

Answer: ABC

NEW QUESTION 7
DRAG DROP
Drag and Drop Syslog security level to match its related.

Answer:

Explanation:

NEW QUESTION 8
Which statement about Cisco ASA botnet filtering is true?

• A. BTF takes the MD5 value and compares it against the dynamic database
• B. BTF checks if the domain name in a DNS reply matches a name in the BTF database
• C. BTF can rate-limit traffic to known botnet addresses
• D. BTF redirects DNS queries to a BTF server for further analysis

Answer: C

NEW QUESTION 9
If you disable PortFast on switch ports that are connected to a Cisco ASA and globally turn on BPDU filtering, what is the effect on the switch ports?

• A. The switch ports are prevented from going into an err-disable state if a BPDU is received.
• B. The switch ports are prevented from going into an err-disable state if a BPDU is sent.
• C. The switch ports are prevented from going into an err-disable state if a BPDU is received and sent.
• D. The switch ports are prevented from forming a trunk.

Answer: C

NEW QUESTION 10
Which Cisco Security Manager form factor is recommended for deployments with fewer than 25
devices?

• A. only Cisco Security Manager Standard
• B. only Cisco Security Manager Professional
• C. only Cisco Security Manager UCS Server Bundle
• D. both Cisco Security Manager Standard and Cisco Security Manager Professional

Answer: A

NEW QUESTION 11
When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

• A. By enabling ARP inspection; however, it cannot be controlled by an ACL
• B. By enabling ARP inspection or by configuring ACLs
• C. By configuring ACLs; however, ARP inspection is not supported
• D. By configuring NAT and ARP inspection

Answer: A

NEW QUESTION 12
Which option is a consequence when an engineer changes the snmp server local engineID in router?

• A. The SNMP configuration that was created previously is invalid.
• B. The users that were created previously are invalid.
• C. The community that was created previously is invalid.
• D. The groups that were created previously are invalid

Answer: B

NEW QUESTION 13
How many bridge groups are supported on a firewall that operate in transparent mode?

• A. 8
• B. 16
• C. 10
• D. 6

Answer: A

NEW QUESTION 14
Refer to the exhibit.

A network engineer applies the configuration shown to set up a capture on a Cisco Adaptive Security Appliance. When attempting to start a capture, this error message is observed:
ERROR: Capture doesn’t support access-list <20> containing mixed policies For which two reasons does this error message occur? (Choose two.)

• A. The ACL number is incorrect.
• B. Access list type is incorrect.
• C. IPv6 is enabled on the Cisco ASA.
• D. A named ACL is required.
• E. IPv6 is not specified on the access list with “any4” keyword.

Answer: DE

NEW QUESTION 15
Refer to the exhibit.

What type of attack is being mitigated on the Cisco ASA appliance?

• A. HTTP and POST flood attack
• B. HTTP Compromised-Key Attack
• C. HTTP Shockwave Flash exploit
• D. HTTP SQL injection attack

Answer: D

NEW QUESTION 16
Where do you apply a control plane services policy to implement Management Plane Protection on a Cisco Router?

• A. Control-plane router
• B. Control-plane host
• C. Control-plane interface management 0/0
• D. Control-plane service policy

Answer: B

Explanation:
http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html

NEW QUESTION 17
In which way are management packets classified on a firewall that operates in multiple context
mode?

• A. by their interface IP address
• B. by the routing table
• C. by NAT
• D. by their MAC addresses

Answer: A

NEW QUESTION 18
Which command change secure HTTP port from 443 to 444?

• A. IP http secure-port 444
• B. IP http secure-server
• C. http server enable 444
• D. IP http server-secure

Answer: C

Explanation: The ip http secure-port command can set the HTTPS port number from the default value of 443, if required.
http://www.ciscopress.com/articles/article.asp?p=2246945&seqNum=2

NEW QUESTION 19
To which port does a firewall send secure logging messages?

• A. TCP/1500
• B. UDP/1500
• C. TCP/500
• D. UDP/500

Answer: A