NEW QUESTION 1
What are two features that helps to mitigate man-in-the-middle attacks? (Choose two.)

• A. DHCP snooping
• B. ARP spoofing
• C. destination MAC ACLs
• D. dynamic ARP inspection
• E. ARP sniffing on specific ports

Answer: AD

NEW QUESTION 2
Which command is used to enable 802.1x authorization on an interface?

• A. authentication open
• B. aaa authorization auth-proxy default
• C. authentication control-direction both
• D. aaa authorization network default group tacacs+
• E. authentication port-control auto

Answer: D

NEW QUESTION 3
Which two limitations of ISE inline posture are true?

• A. The Cisco Discovery Protocol is not supported
• B. QoS is not supported in a virtual environment
• C. The Simple Network Management Protocol agent is not supported
• D. Flexible NetFlow is not supported
• E. Multicast is not supported

Answer: AC

NEW QUESTION 4
Which command sequence can you enter to enable IP multicast for WCCPv2?

• A. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0Router(config-if)#ip wccp web-cache redirect out
• B. Router(config)#ip wccp web-cache group-list Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen
• C. Router(config)#ip wccp web-cache service-list Router(config)# interface FastEthernet0/0 Router(config)# ip wccp web-cache group-listen
• D. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0Router(config)# ip wccp web-cache redirect in
• E. Router(config)#ip wccp web-cache group-address 224.1.1.100 Router(config)# interface FastEthernet0/0Router(config)# ip wccp web-cache group-listen

Answer: E

NEW QUESTION 5
Which protocol does ISE use to secure a connection through the Cisco IronPort tunne infrastructure?

• A. HTTP
• B. IKEv2
• C. TLS
• D. SSH
• E. SNMP
• F. IKEv1

Answer: D

NEW QUESTION 6
Drag and drop the protocol on the left onto their description on the right:

Answer:

Explanation: A-2 B-4 C-1 D-3

NEW QUESTION 7
Refer to the exhibit.
R1
ntp authentication-key 12 md5 cisco ntp authenticate
ntp trusted-key 12
ntp source GigabitEthernet ntp master 1
!i
nterface GigabitEthernet1
ip address 171.1.7.21 255.255.255.0 R2
ntp authentication-key 12 md5 cisco ntp authentication-key 102 md5 cisco ntp authenticate
ntp trusted-key 12
ntp trusted-key 102
ntp server 171.1.7.21 key 102
R2# ping 172.1.7.21
Type escape sequence to abort
Sending 5 100-byte ICMP Echos to 171.1.7.21, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms R2# sh ntp asso detail
171.1.7.21 configured ipv4, authenticated instance invalid, unsynced, stratum 6 ref ID INIT, time 00000000 0000000 (17:00:00.000 ccie Wed Dec 31, 2021)
R2 is getting time synchronized from NTP server R1. It has been reported that clock on R2 Is not able to associate with the NTP server R1. What could be the possible cause?

• A. R2 has incorrect NTP server address
• B. R1 has incorrect NTP source interface defined
• C. R2 has incorrect trusted key binded with the NTP server
• D. R2 does not support NTP authentication
• E. R2 should not have two trusted keys for the NTP authentication
• F. R2 has connectivity issue with the NTP server

Answer: C

NEW QUESTION 8
Which encryption type is used by ESA for implementing the Email Encryption?

• A. PKI
• B. S/MIME Encryption
• C. Identity Based Encryption(IBE)
• D. TLS
• E. SSL Encryption

Answer: B

NEW QUESTION 9
Which statement correctly describes AES encryption algorithm?

• A. It works on substitution and permutation principle
• B. It uses three encryption keys of length 168, 112 and 56 bits
• C. Reapplying same encryption key three times makes it less vulnerable then 3DES
• D. It only provides data integrity
• E. Theoretically 3DES is more secure then AES

Answer: A

NEW QUESTION 10
Which two options are benefits of global ACLs? (Choose two)

• A. They save memory because they work without being replicated on each interface.
• B. They are more efficient because they are processed before interface access rules.
• C. They are flexible because they match source and destination IP addresses for packets that arrive on any interface.
• D. They only operate on logical interfaces.
• E. They can be applied to multiple interfaces.

Answer: AC

NEW QUESTION 11
Drag each component of an Adaptive Wireless IPS deployment on the left to the matching description on the right

Answer:

Explanation: 1-F, 2-E, 3-B, 4-G, 5-D, 6-C, 7-A

NEW QUESTION 12
On Nexus 9000, in Python interactive mode, which command is correctly used to disable an interface?

• A. cli("conf t ; interface eth1/1 ; shutdown")
• B. cli("conf t"), cli("interface eth1/1"), cli("shutdown")
• C. cli("interface eth1/1 ; shutdown")
• D. cli("conf t"), cli("interface eth1/1 ; shutdown")

Answer: A

NEW QUESTION 13
Which two protocols are supported when using TACACS+? (Choose two)

• A. MS-CHAP
• B. CHAP
• C. NASI
• D. HDLC
• E. AppleTalk

Answer: CE

NEW QUESTION 14
Which of the following is used by WSA to extract session information from ISE and use that in access policies?

• A. RPC
• B. pxGrid
• C. SXP
• D. Proprietary protocol over TCP/8302
• E. EAP
• F. RADIUS

Answer: B

NEW QUESTION 15

Refer to the exhibit. Which statement about router R1 is true?

• A. Its NVRAM contains public and private crypto keys
• B. RMON is configured
• C. Its private-config is corrupt
• D. Its startup configuration is missing
• E. It running configuration is missing

Answer: A

Explanation: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/50282-ios-caios. html

NEW QUESTION 16
Which two statements about ICMP redirect messages are true? (Choose two.)

• A. Redirects are only punted to the CPU if the packets are also source-routed.
• B. The messages contain an ICMP Type 3 and ICMP code 7.
• C. By default, configuring HSRP on the interface disables ICMP redirect functionality.
• D. They are generated when a packet enters and exits the same route interface.
• E. They are generated by the host to inform the router of an temate route to the destination.

Answer: CD

NEW QUESTION 17
Which statement correctly describes Botnet attack?

• A. It is launched by a single machine controlled by command and control system
• B. It is a form of a fragmentation attack to evade an intrusion prevention security device
• C. It is a form of a man-in-the-middle attack where the compromised machine is controlled remotely
• D. It is launched by a collection of machines controlled by command and control system
• E. It is a form of a wireless attack where attacker installs an access point to create backdoor to a network
• F. It is launched by a collection of machines to execute DDoS against the attacker

Answer: D

NEW QUESTION 18
An organization plans to upgrade its Internet-facing ASA running version 8.2 on an older HW platform to 5585/X version 9.6. The configuration was backed up and submitted for review before the migration takes
place. Which three changes must be made before the configuration is applied to the new ASA firewall?
(Choose three.)

• A. Static NAT statements are changed to xlate statements
• B. NAT control must be disabled so that traffic is allowed through the ASA
• C. Inbound ACLs must contain the pre-NAT IP instead the post-NAT IP
• D. NAT Control must be enabled so that traffic is allowed through the ASA
• E. Static NAT statements are changed to NAT statements
• F. Inbound ACLs must contain the post-NAT IP instead of the pre-NAT IP

Answer: ACD