NEW QUESTION 1
Which statement about VRF-aware GDOI group members is true?

• A. The GM cannot route control traffic through the same VRF as data traffic.
• B. Multiple VRFs are used to separate control traffic and data traffic.
• C. Registration traffic and rekey traffic must operate on different VRFs.
• D. IPsec is used only to secure data traffic.

Answer: B

NEW QUESTION 2
AMP for Endpoint is supported on which of these platforms?

• A. Windows, MAC, ANDROID
• B. Windows, MAC, LINUX (SuSE, UBUNTU), ANDROID
• C. Window
• D. ANDROID, LINUX (SuSE, REDHAT)
• E. Windows, ANDROID, LINUX (REDHA, CentOS), MAC

Answer: D

NEW QUESTION 3
Which three VSA attributes are present in a RADIUS WLAN Access-Accept packet? (Choose three)

• A. Tunnel-Private-Group-ID
• B. Tunnel-Type
• C. SSID
• D. EAP-Message
• E. LEAP Session-Key
• F. Authorization-Algorithm-Type

Answer: CEF

NEW QUESTION 4
Which two characteristics of DTLS are true? (Choose two)

• A. It is used mostly by applications that use application layer object-protocols
• B. It includes a congestion control mechanism
• C. It completes key negotiation and bulk data transfer over a single channel.
• D. It supports long data transfers and connectionless data transfers.
• E. It cannot be used if NAT exists along the path.
• F. It concludes a retransmission method because it uses an unreliable datagram transport.

Answer: BF

NEW QUESTION 5
Which statement about the restrictions of redirection on Cisco Cloud Web Security tunnels on ISR4000 Series Router is true?

• A. The cws-tunnel out command can be configured up to a maximum of three WAN interfaces
• B. User authentication (through NTLM) is supported
• C. Access lists based on object groups are supported in white listing and redirect list configuration
• D. IPv6 is not supported
• E. Multiple access list are supported for white listing

Answer: C

NEW QUESTION 6
Which option is a benefit of VRF Selection Using Policy-Based Routing for routing for packets to different VPNs?

• A. It suppprts more than one VPN per interface
• B. It allows bidirectional traffic flow between the service provider and the CEs
• C. It automatically enables fast switching on all directly connected interfaces
• D. It can use global routing tables to forward packets if the destination address matches the VRF configure on the interface
• E. Every PE router in the service provider MPLS cloud can reach every customer network
• F. It inreases the router performance when longer subnet masks are in use

Answer: D

NEW QUESTION 7
In which two situations is web authentication appropriate? (Choose two)

• A. When secure connections to the network are unnecessary.
• B. When a fallback authentication method is necessary
• C. When 802.1x authentication is required.
• D. When devices outside the control of the orgacization`s IT department are permitted to connect to the network.
• E. When WEP encryption must be deployed on a large scale.

Answer: BD

NEW QUESTION 8
Which two statements about SPAN sessions are true? (Choose two.)

• A. A single switch stack can support up to 32 source and RSPAN destination sessions.
• B. Source ports and source VLANs can be mixed in the same session
• C. They can monitor sent and received packets in the same session.
• D. Multiple SPAN sessions can use the same destination port.
• E. Local SPAN and RSPAN can be mixed in the same session.
• F. They can be configured on ports in the disabled state before enabling the port.

Answer: CF

NEW QUESTION 9
Which Cisco Firepower intrusion Event Impact level indicates the vulnerable to the attack, and requires the most immediate urgent.

• A. Impact Level 3
• B. Impact Level 4
• C. Impact Level 2
• D. Impact Level 0
• E. Impact Level 1

Answer: E

NEW QUESTION 10
Which ports is used by ISE pxGrid service for inter-node communication?

• A. UDP port 161 and 162
• B. TCP port 443
• C. TCP port 5222
• D. UPD port 9995

Answer: C

NEW QUESTION 11
Which effect of the crypto key encrypt write rsa command on a router is true?

• A. The device locks the encrypted key, but the key is lost when the router is reloaded.
• B. The device encrypts and locks the key before authenticating it with an external CA server.
• C. The device unlocks the encrypted key, but the key is lost when the router is reloaded.
• D. The device locks the encrypted key and saves it to the NVRAM.
• E. The device saves the unlocked encrypted key to the NVRAM.

Answer: E

NEW QUESTION 12
Which IPS deployment mode can blacklist traffic?

• A. Transparent
• B. Strict
• C. Inline
• D. Passive
• E. Tap
• F. Switched

Answer: C

NEW QUESTION 13
Which two methods can be used to remove the previous vendor profiles the mobile device?

• A. Disable the ISE profiling feature
• B. Vendor profiles cannot be remove
• C. Go to My Devices portal in ISE and click corporate wipe
• D. Use the “full wipe” option and reset the device to factory setting
• E. Use the “corporate wipe” option offered by the vendor

Answer: CE

NEW QUESTION 14
Which action must happen before you enroll a device to a mobile device management service fro a different vendor?

• A. wipe the entire device and start from scratch
• B. Allow both vendor profiles remain on the device.
• C. Remove the profiles form the previous vendor from the device
• D. Alter the administrator so that they can remove this device form the network

Answer: C

NEW QUESTION 15
Drag the PCI-DSS requirements on the left to its security controls on the right.

Answer:

Explanation: 1-5, 2-1, 3-2, 4-3, 5-4

NEW QUESTION 16
Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)

• A. Web-VPN-ACL-Filters
• B. IPsec-Default-Domain
• C. IPsec-Client-Firewall-Name
• D. Authorization-Type
• E. L2TP-Encryption
• F. Authenticated-User-idle-Timeout

Answer: ABF

NEW QUESTION 17
Which tunnel type does the Cisco unified Wireless Solution use to map a provisioned guest WLAN to an anchor WLC?

• A. PEAP
• B. IPsec
• C. TLS
• D. GRE
• E. EAPoL
• F. EoIP

Answer: F

NEW QUESTION 18
Refer to the exhibit
========================================
ASA1
router ospf 12
network 10.1.11.0 255.255.255.0 area 1 area 1 authentication message-digest interface G0/1
namif inside security-level 100
ip address 10.1.11.1 255.255.255.0 standby 10.1.11.2 ospf message-digest-key 12 md5 cisco
R2
router ospf 12
area 0 authentication message-digest area 1 authentication message-digest network 10.1.11.0 0.0.0.255 area 1
network 10.1.12.0 0.0.0.255 area 0
network 172.16.100.0 0.0.0.255 area 0 interface GigabitEthernet2
ip address 10.1.11.22 255.255.255.0
ip ospf message-digest-key 21 md5 cisco
========================================
Refer to the exhibit. Firewall ASA1 and router R2 are running OSPF routing process in area 1 connected via 10.11.1.0/24 subnet in the inside zone. It has been reported that ASA1 cannot see any OSPF learned routes. Which two possible issues are true?

• A. The R2 has mismatched message-digest key IDs
• B. On ASA1, a standby interface must be disabled on Gio/1 interface
• C. On R2, an incorrect subnet is defined for the Gi2 interface
• D. On ASA1, a Gi0/1 interface must have security level at "0"
• E. On ASA1, an incorrect subnet mask is on the Gi0/1 interface
• F. On R2, the 172.16.100.0/24 subnet must not be in the OSPF routing process
• G. On R2, the 10.1.11.0/24 subnet must be in area "0"in the OSPF routing proces

Answer: A