NEW QUESTION 1

Refer to the exhibit.

Which two configurations must you perform to enable the device to use this class map? (Choose two)

• A. Configure PDLM
• B. Configure the ip nbar custom command
• C. Configure the ip nbar protocol discovery command
• D. Configure the transport hierarchy
• E. Configure the DSCP value

Answer: BC

NEW QUESTION 2

Which statement is true about Social Engineering attack?

• A. It uses the reconnaissance method for exploitation.
• B. It is a method of extracting a non-confidential information.
• C. The "Phishing" technique is one of the ways to launch the attack.
• D. It is always performed through an email from a person that you know.
• E. It is always done by having malicious ads on untrusted websites for the users to browse.
• F. It can be only done by a person who is not part of the organization.

Answer: A

NEW QUESTION 3

Which of the following could be an evasion technique used by the attacker?

• A. Port access using Dot1x
• B. ACL implementation to drop unwanted traffic
• C. TELNET to launch device administration session
• D. Traffic encryption to bypass IPS detection
• E. URL filtering to block malicious sites
• F. NAT translations on routers and switches

Answer: D

NEW QUESTION 4

Which statement about Social Engineering attack is true?

• A. It is a method of extracting non-confidential information
• B. It can be done by a person who is inside or outside of the organization
• C. It is always done by having malicious ads on untrusted websites for the users to browse
• D. It is always performed through an email from a person that you know
• E. The phishing technique cannot be used to launch the attack
• F. It uses the reconnaissance method for exploitation

Answer: B

NEW QUESTION 5

If an ASA device is configured as a remote access IPsec server with RADIUS authentication and password management enabled, which type of authentication will it use?

• A. RSA
• B. MS-CHAPv2
• C. MS-CHAPv1
• D. NTLM
• E. PAP

Answer: B

NEW QUESTION 6

1821 How does the Cisco Firepower Decrypt-known method perform SSI decryption on inbound traffic?

• A. The system identifies the server certificate during the SSL handshake and downloads the associate private key from the CA to decrypt the traffic
• B. The system matches the incoming server certificate to a previously stored certificate on the server and uses the private key to decrypt the traffic
• C. The system uses a CA certificate on the server to resign the exchanges server certificate then uses the private key of the CA certificate to decrypt the traffic ^^^^
• D. The system uses a CA certificate cm the server to resign the exchanges server certificate then uses separate private key to decrypt the traffic ^^^Jicun me »cr 1-tjCeWnV

Answer: C

NEW QUESTION 7

Which option is a benefit of VRF Selection Using Policy-Based Routing for routing for packets to different VPNs?

• A. It suppprts more than one VPN per interface
• B. It allows bidirectional traffic flow between the service provider and the CEs
• C. It automatically enables fast switching on all directly connected interfaces
• D. It can use global routing tables to forward packets if the destination address matches the VRF configure on the interface
• E. Every PE router in the service provider MPLS cloud can reach every customer network
• F. It inreases the router performance when longer subnet masks are in use

Answer: D

NEW QUESTION 8

Which two descriptions of how the Cisco recommended wireless guest traffic isolation model works are true? (Choose two.)

• A. The foreign controller tunnels the traffic over EoIP to another WLC known as the anchor controller, which is located in the DMZ, thus achieving traffic isolation and keeping guest traffic away from corporate traffic
• B. The anchor controller tunnels the traffic over LWPP to another WLC known as the foreign controller, which is located in the DMZ, thus achieving traffic isolation and keeping guest traffic away from the corporate traffic
• C. The foreignt controller then tunnels the traffic over LWAPP to anchor WLC know as the anchor controller, which is located in the DMZ, thus achieving traffic isolation and keeping guest traffic away from the corporate traffic
• D. The access point that serves the guest sets up LWAPP tunnel to a WLC controller known as the anchor controller
• E. The anchor controller tunnels the traffic over EoIP to another WLC known as the foreign controller, which is located in the DMZ, thus acheiving traffic isolation and keeping guest traffic away from the corporate traffic
• F. The access point that serves the guest sets up an EoIP tunnel to a WLC controller known as the foreign controller
• G. The access point that serves the guest sets up a LWAPP tunnel to a WLC controller known as the foreign controller

Answer: AG

NEW QUESTION 9

Whic statement about Dynamic ARP inspection is true?

• A. It is supported only in DHCP environments to detect invalid ARP requests and response
• B. It requires that DHCP snooping be enabled to build valid binding databas
• C. It validates ARP requests and responses on untrusted ports using MAC address table
• D. It validates ARP requests and responses on trusted ports using IP-to-MAC address binding
• E. It forwards invalid ARP responses and requests on switch untrusted ports
• F. It drops invalid ARP responses and requests on the switch trusted ports

Answer: B

NEW QUESTION 10

Refer to the exhibit.

You applied this VPN cluster configuration to a Cisco ASA and the cluster failed to form.How do you edit the configuration to correct the problem?

• A. Define the maximum allowable number of VPN connections.
• B. Define the master/slave relationship.
• C. Configure the cluster IP address.
• D. Enable load balancing.

Answer: C

NEW QUESTION 11

Refer to the exhibit.
R2# sh run | sec wcp
ip wccp web-cache redirect-list 101 group-list 12 password 0 ccie ip wccp web-cache redirect in
!R
2# sh access-lists Standard IP access list 11 10 permit 171.1.7.12 Standard IP access list 12 10 permit 171.1.7.21
Extended IP access list 101
10 permit tcp 172.16.1.0 0.0.0.255 host 192.168.101.3 eq www
20 permit tcp 172.16.1.0 0.0.0.255 host 192.168.102.3 eq www R1# sh wccp interfaces
IPv4 WCCP interface configuration GigabitEthernet1
Output services 0
Input services 1
Mcast services 0 Exclude In: False
R2# sh ip wccp wec-cache detail
No information is available for the service
R2 is configured as a WCCP router to redirect HTTP traffic for policy implementation to WSA as 171.1.7.12 with the passphrase used for authentication as "ccie". The redirection is for the traffic on R2 Gi2 interface in the inbound direction. There is an issue reported that websites are not accessible anymore. What could be the cause?

• A. There is an issue with WSA server list binded for the redirection
• B. There is an issue with routing of traffic between R2 and WSA
• C. There is an issue with WCCP redirection applied on Gi2 interface
• D. There is an issue with destination servers defined for WCCP redirection
• E. There is an issue with WCCP passphrase cofnigured on R2
• F. There is an issue with source network defined for WCCP redirection

Answer: A

NEW QUESTION 12

Which statement about the TLS security protocol is true?

• A. TLS version 1.0 is less secure then SSL version 3.0
• B. The TLS and SSL versions can interoperate in the client-server handshake
• C. It is always recommended to disable TLS version 1.0 in the browser so that it only supports SSL for better security
• D. You need to replace SSL certificate with TLS certificate for successful TLS operation
• E. There are differences between TLS and SSL version 2 and 3
• F. It only supports data authentication for the client-server session using a browser

Answer: E

NEW QUESTION 13

There is no ICMP connectivity from VPN_PC to Server1 and Server2. What could be the possible cause?

• A. The action is incorrect in the access rule
• B. The destination port configuration is missing in the access rule
• C. The server network has incorrect mask in the access rule
• D. The VLAN tags configuration is missing in the access rule
• E. The source network is incorrect in the access rule
• F. The zone configuration is missing in the access rule

Answer: E

NEW QUESTION 14

Which two options are important considerations when you use NetFlow to obtain the full picture of network taffic? (Choose two)

• A. It monitors only TCP connections.
• B. It monitors only routed traffic.
• C. It monitors all traffic on the interface on which it is deployed.
• D. It monitors only ingress traffic on the interface on which it is deployed.
• E. It is unable to monitor over time.

Answer: BE

NEW QUESTION 15

A university has hired you as a consultant to advise them on the starvation attacks in the campus. They have already implemented DH control the situation but those do not fully contain the issue. Which the issue? (Choose two.)

• A. Use the ip dhcp snooping limit rate command on Trusted and Unsuitable values that are relevant to each interface respectively.
• B. Use the ip dhcp snooping verify mac-address command to ensure the DHCP request matches the clifent hardware address (CHADDR) set
• C. Use the ip dhcp snooping limit rate command only to ensure that request matches the client identifier (CUD) field sent to the DHCP
• D. Use the ip dhcp snooping limit rate command on trusted and unit value.

Answer: BC

NEW QUESTION 16

Which two characteristics of DTLS are true? (Choose two.)

• A. It supports long data transfers and connectionless data transfers.
• B. It includes a retransmission method because it uses an unreliable datagram transport.
• C. It includes a congestion control mechanism.
• D. It is used mostly by applications that use application layer object-security protocols.
• E. It completes key negotiation and bulk data transfer over a single channel.
• F. It cannot be used if NAT exists along the path.

Answer: BC

NEW QUESTION 17

Which feature of WEP was intended to prevent an attacker from altering and resending data packets over a WEP connection ?

• A. The RC4 cipher
• B. Transport Layer Security
• C. Message Intergrity checks
• D. MD5 hashing
• E. The cyclic redundancy check

Answer: E

NEW QUESTION 18

Which statement correctly describes TAP mode deployment in IPS?

• A. Access rules configured in TAP mode generates events when triggered as well as perform defined action on the traffic stream
• B. TAP mode is available when ports are configured as passive iterfaces
• C. Access rules configured in TAP mode do not generate events
• D. TAP mode implementation requires SPAN configuration on a switch
• E. TAP mode is available when IPS is deployed inline
• F. In TAP mode traffic flow gets disturbed for analysis

Answer: E

NEW QUESTION 19

Which entity is responsible for the Stealthwatch Management Center to interact with ISE?

• A. FMC
• B. DNA
• C. pxGrid
• D. ASA
• E. Threat grid
• F. NGIPs

Answer: CF

NEW QUESTION 20

Which two statements about Cisco AMP for Web Security are true? (Choose two)

• A. It can detect and block malware and other anomalous traffic before it passes through the Web gateway.
• B. It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity
• C. It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats
• D. It continues monitoring files after they pass the Web gateway
• E. It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gateway
• F. It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud-based threat intelligence network

Answer: DF

NEW QUESTION 21

Refer to the exhibit.

A customer reports to Cisco TAC that one of the Windows clients that is supposed to log in to the network using MAB can no longer access any allowed resources. Which possible cause of the MAB failure is true?

• A. MAB is disabled on port Gi1/0/9.
• B. AAA authorization is incorrectly configured on the switch.
• C. CTS is configured incorrectly on the switch.

Answer: A

NEW QUESTION 22

When TCP Intercept is enabled in its default mode, how does it react to a SYN request?

• A. It monitors the sequence of SYN, SYN-ACK, and ACK messages until the connection is fully established.
• B. It monitors the attempted connection and drops it if it fails to establish within 30 seconds.
• C. It allows the connection without inspection.
• D. It intercepts the SYN before it reaches the server and responds with a SYN-ACK.
• E. It drops the connection.

Answer: D

NEW QUESTION 23

What is the best description of a docker file?

• A. Text document used to build an image
• B. Message Daemon files
• C. Software used to manage containers
• D. Repository for docker images

Answer: A

NEW QUESTION 24

Which IETF standard is the most efficient messaging protocol used in a toT network?

• A. CoAP
• B. Man
• C. SNMP
• D. KTTP

Answer: A

NEW QUESTION 25

What does NX-API use as its transport?

• A. SCP
• B. FTP
• C. SSH
• D. SFTP
• E. HTTP/HTTPS

Answer: E

NEW QUESTION 26

Which two description of the HomeNet and ExternalNet variable sets that are used within Cisco Firepower access control and IPS policies are true? (Choose two)

• A. They are used to exclude or include protected network subnets form security intelligence and blacklist filtering
• B. They are used to decrease the number of false positives by defining the protected network
• C. They are used to fine tune the performance of the appliance by optimizing how signatures are matched to packets based on the source and destination addresses in a packet
• D. They are used for reporting reasons to give context on the direction of a connection or maliciousattack as it appears in the event viewer reports
• E. They are a legacy sport feature that has no effect since Firepower 6.x.

Answer: AD

NEW QUESTION 27
......