CCNA CCNP Cisco Certification Exam Braindumps

9. Refer to the exhibit. What type of security solution will be provided for the inside network?
A. The TCP connection that matches the defined ACL will be reset by the router if the connection does not complete the three-way handshake within the defined time period.
B. The router will reply to the TCP connection requests. If the three-way handshake completes successfully, the router will establish a TCP connection between itself and the server.
C. The TCP traffic that matches the ACL will be allowed to pass through the router and create a TCP connection with the server.
D. The router will intercept the traceroute messages. It will validate the connection requests before forwarding the packets to the inside network.
Answer: B

Implementing Secure Converged Wide Area Networks

10. Refer to the exhibit.Which statement about the authentication process is true?
A. The LIST1 list will disable authentication on the console port.
B. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port.
C. All login requests will be authenticated using the group tacacs+ method.
D. All login requests will be authenticated using the local database method.
E. The default login authentication will automatically be applied to all login connections.
Answer: A

11. Which three statements about the Cisco Easy VPN feature are true? (Choose three.)
A. If the VPN server is configured for Xauth, the VPN client waits for a username / password challenge.
B. The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C. The VPN client initiates aggressive mode (AM) if a pre-shared key is used for authentication during the IKE phase 1 process.
D. The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E. The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F. When connecting with a VPN client, the VPN server must be configured for ISAKMP group 1, 2 or 5.
Answer: ABC

12. What are three features of the Cisco IOS Firewall feature set? (Choose three.)
A. network-based application recognition (NBAR)
B. authentication proxy
C. stateful packet filtering
D. AAA services
E. proxy server
F. IPS
Answer: BCF

http://www.killtest.org/642-825.pdf

1.Which routing protocol does not support the use of MD5 authentication?
A.BGP
B.IGRP
C.EIGRP
D.OSPF
E.IS-IS
Correct:C
2.What is an assumption of SAFE SMR?
A.implementing SAFE SMR guarantees a secure environment
B.the security policy is already in place
C.network contains only Cisco devices
D.SAFE SMR does not assume application and OS security
Correct:B
3.Why are all providers of Internet connectivity urged to implement the filtering described in RFC 2827?
A.to prohibit attackers from using source addresses that reside within a range of legitimately advertised prefixes
B.to prohibit attackers from using forged source addresses that do not reside within a range of legitimately advertised prefixes
C.to filter Java applications that come from a source that is not trusted
D.to stop internal users from reaching web sites that violate the established security policy
Correct:B

VPN and Security Cisco SAFE Implementation Exam (CSI)

4.The VPN acceleration module (VAM) is available on what series of VPN optimized routers? Choose two.
A.1700 Series
B.2600 Series
C.3600 Series
D.7100 Series
E.7200 Series
Correct:D E
5.Which two devices in the SAFE SMR small network campus module should have HIDS installed? Choose two.
A.Layer 2 switches
B.firewalls
C.management hosts
D.desktop workstations
E.corporate servers
F.lab workstations
Correct:C E
6.In which module does the firewall exist in the SAFE SMR small network design?
A.Internet
B.campus
C.corporate Internet
D.edge
Correct:C

6. A wireless controller can reside in how many mobility groups?
A. two
B. three
C. four
D. one
Answer: D

7. To implement the optional phase zero when using EAP-FAST for authentication, which of the following parameters must be set on the Cisco Secure ACS?
A. EAP-FAST master server
B. Allow automatic PAC provisioning
C. client initial message
D. authority ID info
Answer: B

8. When conducting an Assisted Site Survey, the WLSE does which of the following during the Radio Scan process?
A. chooses the least congested channel
B. uses the configured channel
C. sets all access points to the same channel
D. steps through each of the allowed channels
Answer: C

9. The wireless LAN controller maintains up to how many controller crash files?
A. 20
B. 5
C. 15
D. 10
Answer: B

10. In a network using Cisco autonomous access points running WDS, what port is used for authentication by the local authentication service on an access point?
A. 1813
B. 1645
C. 1646
D. 1812
Answer: D

642-587:Advanced Wireless LAN for Field Engineers

11. On the WLSE, Radio Management must be enabled to use most of the features of which one of the following?
A. Devices
B. IDS
C. Configure
D. Reports
Answer: B

12. Client association using EAP-Cisco Wireless (LEAP) is failing, but EAP-PEAP is functioning on an autonomous access point. Which of the following needs to be enabled on the access point so EAP-Cisco Wireless (LEAP) is enabled?
A. open authentication plus MAC
B. open authentication plus EAP
C. shared key
D. network EAP
Answer: D

13. What is the maximum number of users that can be added to an autonomous access point that is being used as a local authenticator?
A. 75
B. 100
C. 25
D. 50
Answer: D