|
QUESTION 121 You are the network administrator at Cisco Highway. Cisco Highway has a Cisco Secure UNIX. Your newly appointed Cisco Highway trainee technician wants to know how RADIUS debugging turned on for the Cisco Secure UNIX. What will your reply be?
A. Set the server value to debug in the advanced GUI, and modify the syslog.conf and CSU.cfg files.
B. Modify the syslogd.conf and CSU.cfg files.
C. Modify the CSU.cfg file.
D. Issue the debug radius command.
E. Issue the debug UNIX command. Answer: B
QUESTION 122 You are the Cisco Highway network administrator. The Cisco Highway network is using Certificate Authorizes (CA) for ISAKMP negotiation. You want to configure ISAKMP. Which of the following will work?
A. crypto isakmp policy 4 authentication cert-rsa
B. crypto isakmp policy 4 authentication ca
C. cpto isakmp policy 4 authentication cert-sig
D. crypto isakmp policy 4 authentication rsa-sig
E. cryptp isakmp policy 4 authentication rsa-enc Answer: B
QUESTION 123 You are the network administrator at Cisco Highway. A workstation on the Cisco Highway network has been the victim of a program that invokes a land.c attack. The newly appointed Cisco Highway trainee technician wants to know what this program does. What will your reply be?
A. It sends a stimules stream of ICMP echo requests ("pings") to the broadcast address of the reflector subnet, the source addresses of these packets are falsified to be the address of the ultimate target.
B. It sends a stimulus stream of UDP echo requests to the broadcast address of the reflector subnet, the source addresses of these packets are falsified to be the address of the ultimate target.
C. It sends an IP datagram with the protocol field of the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset *8)+ (IP data length) 65535; in other words, the IP offer (which represents the starting position of this fragment in the original packet, and which is in 8 byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
D. It sends a TCP SYN packet (a connection initiation), giving the target host's address as both source and destination, and using the same port on the target host as both source and destination. Answer: C
QUESTION 124 The newly appointed Cisco Highway trainee technician wants to know when it would be wise to decrease the security association lifetime on a router. What will your reply be?
A. To ease the workload on the router CPU and RAM.
B. To give a potential hackler less time to dechiper the keying.
C. To improve Perfect Forward Secrecy (PFS).
D. If the lifetime of the peer router on the other end of the tunnel is shorter, the lifetime on the local router must be decreased so that the SA lifetime of both routers is the same.
E. None of the above. Answer: D
QUESTION 125 You are performing device management with a Cisco router. Which of the following is true?
A. The Cisco Secure Intrusion Detection System sensor can apply access-list definition 198 and 199 (default) to the router in response to an attack signature.
B. The Cisco Secure Intrusion Detection System sensor can shut down the router interface in response to an attack signature.
C. The Cisco Secure Intrusion Detection System sensor can emit an audible alarm when the Cisco router is attached.
D. The Cisco Secure Intrusion Detection System sensor can modify the routing table to divert the attacking traffic. Answer: A
QUESTION 126 In the context of Network Security, which of the following best describes the term 'countermeasure'?
A. A policy, procedure or technology that protects a computer or network against a given vulnerability or exploit.
B. Technology that legally permits you to launch a counter attack against someone who is attacking your network.
C. A plan to identify intruders on your system.
D. A plan to close all possible vulnerabilities on your network. Answer: A
QUESTION 127 Cisco's RADIUS implementation supports one vendor-specific option using which of the following formats?
A. Vendor-ID 26, and the supported option has vendor-type 1, which is named "cisco-avpair".
B. Vendor-ID 9, and the supported option has vendor-type 26, which is named "cisco-avpair".
C. Vendor-ID 9, and the supported option has vendor-type 1, which is named "cisco-avpair".
D. Vendor-ID 1, and the supported option has vendor-type 9, which is named "cisco-avpair".
E. Vendor-ID 1, and the supported option has vendor-type 9, which is named extended "cisco-avpair".
F. All of the above. Answer: C
QUESTION 128 You are the network technician at Cisco Highway. You are implementing a firewall on the Cisco Highway network. You need to ensure that PPTP can pass through the firewall. Which of the following should you permit?
A. IP Protocol 47 and UDP 1723
B. IP Protocol 47 and TCP 47.
C. IP Protocol 47 and TCP 1723.
D. IP Protocol 1723 and TCP 47.
E. TCP and UDP 1723. Answer: C
QUESTION 129 Which of the following is a primary difference between ISDN and iDSL?
A. ISDN is a circuit switched service and iDSL is a dedicated service that uses the physical layer of ISDN.
B. ISDN can be used on the same pair of wires as an analog POTS circuit, but iDSL cannot.
C. An iDSL circuit can call a switched 56k circuit, but ISDN cannot.
D. iDSL has two D channels and ISDN has one D channel. Answer: B
QUESTION 130 You are the network administrator at Cisco Highway. You want to pass RIP updates through an IPSec tunnel. What should you do?
A. Define the IPSec tunnel as an interface on the router and specify that interface in the RIP configuration.
B. Define the IPSec proxy to allow and accept broadcast traffic.
C. Define the IPSec proxy to allow only RIP traffic through the tunnel.
D. Define a GRE tunnel, send the RIP updates through the GRE and encrypt all GRE traffic. Answer: D
Search and Find Anything Here
|
|
