NEW QUESTION 1
Which option best describes RPL?

• A. RPL stands for Routing over low priority links that use link-state LSAs to determine the best route between two root border routers.
• B. RPL stands for Routing over low priority links that use distance vector DOGAG to determine the best route between two root border routers.
• C. RPL stands for Routing over Low-power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router.
• D. RPL stands for Routing over Low-power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router.

Answer: D

NEW QUESTION 2
Drag the ACI security principle on the left to its definition on the right.

Answer:

Explanation: 1-6, 2-1, 3-5, 4-2, 5-3, 6-4

NEW QUESTION 3
You have an ISE deployment with 2 nodes that are configured as PAN and MnT (Primary and Secondary), and 4 Policy Services Nodes. How many additional
PSNs can you add to this deployment?

• A. 3
• B. 5
• C. 1
• D. 4
• E. 2

Answer: D

NEW QUESTION 4
Which two statements about ping flood attacks are true? (Choose two.)

• A. They attack by sending ping requests to the broadcast address of the network.
• B. They use SYN packets.
• C. The attack is intended to overwhelm the CPU of the target victim.
• D. They use UDP packets.
• E. They use ICMP packets.
• F. They attack by sending ping requests to the return address of the network.

Answer: CE

NEW QUESTION 5
In an effort to secure your enterprise campus network, any endpoint that connects to the network should authenticate before being granted access. For all corporate-owned endpoints, such as laptops, mobile phones and tablets, you would like to enable 802.1x and once authenticated allow full access to the network. For all employee owned personal devices, you would like to use web authentication, and only allow limited access to the network. Which two authentication methods can ensure that an employee on a personal device can't use his or her Active Directory credentials to log on to the network by simply re configuring their supplicant to use 802.1x and getting unfettered access? (Choose two.)

• A. Use PEAP-EAP-MSCHAPv2
• B. Use EAP-FAST
• C. Use EAP-TLS or EAP-TTLS
• D. Use EAP-MSCHAPv2
• E. Use PAP-CHAP-MSCHAP
• F. Use PEAP-EAP-TLS

Answer: AB

NEW QUESTION 6
When an organization is choosing a cloud computing model to adopt, many consideration are studies to determine the most suitable model. To which model is cloud interdependency mainly attributed?

• A. Hybrid cloud
• B. Public cloud
• C. Community cloud
• D. Private cloud

Answer: A

NEW QUESTION 7
Refer to the exhibit.

What are two effects of the given configuration? (Choose two.)

• A. It enables the ASA to download the static botnet filter database.
• B. It enables the ASA to download the dynamic botnet filter database.
• C. It enables botnet filtering in single context mode.
• D. It enables botnet filtering in mutiple context mode.
• E. It enables multiple context mode.
• F. It enables single context mode.

Answer: BD

NEW QUESTION 8
What are the three configurations in which SSL VPN can be implemented? (Choose three.)

• A. WebVPN
• B. PVC TunnelMode
• C. Interactivemode
• D. L2TP overIPSec
• E. Thin-Client
• F. AnyConnect TunnelMode
• G. Clientless
• H. CHAP

Answer: EFG

NEW QUESTION 9
Which statement about Remote Triggered Black Hole Filtering feature is true?

• A. It works in conjunction with QoS to drop the traffic that has a lower priority.
• B. The Null0 interface used for filtering able to receive the traffic but never forwards it.
• C. In RTBH filtering, the trigger device redistributes dynamic routes to the eBGP peers.
• D. It helps mitigate DDoS attack based only on destination address.
• E. It drops malicious traffic at the customer edge router by forwarding it to a Null0 interface.
• F. In RTBH filtering, the trigger device is always an ISP edge router.

Answer: C

NEW QUESTION 10
Refer to the exhibit.

A customer reports to Cisco TAC that one of the Windows clients that is supposed to login in to the network using MAB can no longer access
any allowed resources. Which possible cause of the MAB failure is true?

• A. The switch is properly configured and the issue is on the RADIUS server
• B. There is an issue with the CoA configuration
• C. AAA authorization is incorrectly configured on the switch
• D. There is an issue with the DHCP pool configuration
• E. CTS is configured incorrectly on the switch
• F. MAB is disabled on port Gi1/0/9

Answer: F

NEW QUESTION 11
Which statement about the wireless security technologies is true?

• A. WPA2-PSK mode provides better security by having same passphrase across the network
• B. WPA2 provides message integrity using AES
• C. WPA2-PSK mode does not allow a passphrase to be stored locally on the device
• D. WPA2 is more secure than WPA because it uses TKIP for encryption
• E. WEP is more secure than WPA2 because it uses AES for encryption
• F. WPA2-ENT mode does not require RADIUS for authentication

Answer: B

NEW QUESTION 12
Which two statements about EVPN are true? (Choose two.)

• A. EVPN route exchange enables PEs to discover one another and elect a DF.
• B. EVPN routes can advertise backbone MAC reachability.
• C. EVLs allow you to map traffic on one or more VLANs or ports to a Bridge Domain.
• D. EVPN routes can advertise VLAN membership and verify the reachability of Ethernet segments.
• E. It is a next-generation Ethernet L2VPN solution that supports load balancing at the individual flow leveland provider advanced access redundancy.
• F. It is a next-generation Ethernet L3VPN solution that simplifies control-plane operations and enhances scalability.

Answer: AB

NEW QUESTION 13
Which three statements about the SHA-2 algorithm are true? (Choose three.)

• A. It provides a fixed-length output using a collision-resistant cryptographic hash.
• B. It provides a variable-length output using a collision-resistant cryptographic hash.
• C. It generates a 512-bit message digest.
• D. It generates a 160-bit message digest.
• E. It is used for integrity verification
• F. It is the collective term for the SHA-224, SHA-256, SHA-384, and SHA-512 algorithms.

Answer: AEF

NEW QUESTION 14
Which two statements about 6to4 tunneling are true? (Choose two.)

• A. It provides a /128 address block.
• B. It supports static and BGPV4 routing.
• C. It provides a /48 address block.
• D. It supports managed NAT along the path of the tunnel.
• E. The prefix address of the tunnel is determined by the IPv6 configuration of the interface.
• F. It supports multihoming.

Answer: BC

NEW QUESTION 15
Which statement about ASA clustering requirements is true?

• A. Only routed mode is allowed in the single context mode
• B. Units in the cluster can be running different software version as long as they have identical hardware configuration
• C. Units in the cluster can have different hardware configuration as long as they are running same software version
• D. Units in the cluster can be in different geographical locations
• E. Units in the cluster can be in different security context modes
• F. Units in the cluster cannot have different software version even though they have identical hardware configuration.

Answer: F

NEW QUESTION 16
Which statement is true regarding Private VLAN?

• A. A private VLAN domain can have multiple primary VLANs
• B. Each secondary VLAN in a private VLAN domain needs to have a separate associated primary VLAN
• C. Each port in a private VLAN domain is a member of all the secondary VLANs in the domain
• D. A subdomain in a primary VLAN domain consists of a primary and secondary VLAN pair
• E. In a private VLAN domain a secondary VLAN port needs to be an isolated port for it to be able to communicate with a layer-3 device
• F. In a private VLAN domain a secondary VLAN can have only one promiscuous port

Answer: F

NEW QUESTION 17
Which policy action allows to a pass without any further inspection by the intrusion when implementing Cisco Firepower access control policy?

• A. Pass
• B. Interactive block
• C. Allow
• D. Monitor
• E. Block
• F. Trust

Answer: F

NEW QUESTION 18
Which two options are important considerations when you use NetFlow to obtain the full picture of network taffic? (Choose two)

• A. It monitors only TCP connections.
• B. It monitors only routed traffic.
• C. It monitors all traffic on the interface on which it is deployed.
• D. It monitors only ingress traffic on the interface on which it is deployed.
• E. It is unable to monitor over time.

Answer: BE