|
QUESTION 11 What is the command that was run, resulting in the output in the attached exhibit?
A. crypto key generate rsa usage-keys
B. crypto key generate rsa
C. show crypto key mypubkey rsa
D. crypto isakmp identity address Answer: A Explanation: crypto key generate rsa usage-keys The name for the keys will be: myrouter.example.com Choose the size of the key modulus in the range of 360 to 2048 for your Signature Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]? Generating RSA keys.... [OK]. Choose the size of the key modulus in the range of 360 to 2048 for your Encryption Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]? Generating RSA keys.... [OK]. The following example generates general-purpose RSA keys. (Note, you cannot generate both special-usage and general-purpose keys; you can generate only one or the other.) NOTICE the difference crypto key generate rsa The name for the keys will be: myrouter.example.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]? Generating RSA keys.... [OK].
QUESTION 12 With PIX OS version 6.2, how many levels of command authorization are there?
A. 1
B. 16
C. 255
D. 15
E. 2, exec and enable. Answer: B Explanation: Most commands in the PIX are at level 15, although a few are at level 0. To show current settings for all commands, issue the following command show privilege all
QUESTION 13 What product allows you to administer user authentication, accounting, and authorization?
A. ACS
B. PDM
C. CSPM
D. RADIUSAnswer: A Explanation: ACS offers centralized command and control for all user authentication, authorization, and accounting PDM Cisco PIX Device Manager (PDM) offers enterprise and service provider users the features they need to easily manage Cisco PIX Firewalls. CSPMmanaging policy through your Managed Devices is the goal of using CSPM button Remote Authentication Dial-In User Service is a distributed client/server system that secures networks against unauthorized access. (it is a protocol like tacacs+, not an application)
QUESTION 14 What is recommended file, accessible only by root, where hashed UNIX passwords are stored?
A. passwd
B. /etc/shadow
C. /etc/shadow/passwd
D. /etc/password
E. /var/adm/shpass
F. /etc/passwd Answer: B Explanation: One of these is the shadow password scheme, which is used by default. The encrypted password is not kept in
/etc/passwd, but rather in /etc/shadow. /etc/passwd has a placeholder, x, in this field. passwd is readable by everyone, whereas shadow is readable only by root. The shadow file also contains password aging controls.
QUESTION 15 Which of these best describe IPSec? (Select all that apply)
A. confidentiality
B. integrity
C. origin authentication
D. anti-replay
E. CA Answer: A, B, C, D Explanation: IPSec provides the following network security services. These services are optional. In general, local security policy will dictate the use of one or more of these services: Data Confidentiality-The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity-The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. Data Origin Authentication-The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service. Anti-Replay-The IPSec receiver can detect and reject replayed packets
QUESTION 16 On a PIX firewall, which level is considered least secure?
A. 0
B. 100
C. 1
D. 99
E. 255 Answer: A Explanation: Either 0 for the outside network or 100 for the inside network. Perimeter interfaces can use any number between 1 and 99. By default, PIX Firewall sets the security level for the inside interface to security100 and the outside interface to security0. The first perimeter interface is initially set to security10, the second to security15, the third to security20, and the fourth perimeter interface to security25 (a total of 6 interfaces are permitted, with a total of 4 perimeter interfaces permitted). For access from a higher security to a lower security level, nat and global commands or static commands must be present. For access from a lower security level to a higher security level, static and access-list commands must be present. Interfaces with the same security level cannot communicate with each other. We recommend that every interface have a unique security level.
QUESTION 17 What is the purpose of a CA? (Select all that apply)
A. Manage and issue certificates.
B. Simplify administration of IPSec devices.
C. Define traffic flow.
D. Help IPSec configurations to scale.
E. Monitor IPSec statistics between sa's. Answer: A, B
Explanation: Unlike RADIUS and TACACS+ authentication servers, Certificate Authority servers rely on a third-party authority to establish the trust relationship between two network objects that communicate
QUESTION 18 You are trying to browse the Internet and your connection is going through routers communicating via a GRE tunnel. The connections between the routers and GRE tunnels are up but accessing the Internet still doesn't work. What is the most likely cause of the problem? (Select all that apply)
A. Change the maximum segment size.
B. Use different IP addresses.
C. You are using incorrect IP addresses.
D. Hackers
E. You need to use the command "ip tcp adjust-mss".
F. Your link is down. Answer: A, E Explanation: When GRE tunnels are created, the default Maximum Transfer Unit (MTU) size is 1,514 bytes; this size is fixed regardless of the physical interfaces. Physical interfaces have different MTU sizes When the OSPF routing protocol runs over GRE tunnels with different physical interfaces having different MTU sizes, initialization fails due to an MTU mismatch. Change the TCP MSS option value on SYN packets that traverse through the router (available in IOS 12.2(4)T and higher). This reduces the MSS option value in the TCP SYN packet so that it's smaller than the value in the ip tcp adjust-mss value command, in this case 1436 (MTU minus the size of the IP, TCP, and GRE headers). The end hosts now send TCP/IP packets no larger than this value.
QUESTION 19 What are the three components that the Cisco Secure IDS consists of? (Select all that apply)
A. sensor
B. director
C. post office
D. log server
E. encryption
F. firewall Answer: A, B, C
QUESTION 20 When going from the outside network to the inside network, what occurs first, encryption or NAT translation?
A. NAT translation
B. encryption Answer: A
Search and Find Anything Here
|
|
