QUESTION 71 Under which circumstances will the Diffie-Hellman key exchange allows two parties to establish a shared secret key? (Choose all that apply.)

A. Over an insurance medium.

B. After there termination of a secure session.

C. Prior to the initiation of a secure session.

D. After a session has been fully secured.

E. During a secure session over a secure medium. Answer: A, C Explanation: DH is used over a insecure medium

QUESTION 72 Exhibit: aaa new-model aaa authentication login default local aaa authentication exec default local username abc privilege 5 password xyz privilege exec level 3 debug ip icmp What will happen when user ABC Telnets to the router and tries to debug ICMP if a router has been configured as shown above? (Choose all that apply.)

A. The user will be locked out due to the aaa new-model command being enabled and no TACACS server defined.

B. The user can gain entry with a local username/password at Level 5 and run the debug ip icmp command unchallenged.

C. The user can gain entry with the local username/password, but no debug commands will be carried out because command authorization will fail.

D. The user can gain entry with the local username/password at Level 5, but cannot use any commands because none are assigned at Level 5. Answer: B Explanation: To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router. privilege level 0 - includes the disable, enable, exit, help, and logout commands privilege level 1 - normal level on Telnet; includes all user-level commands at the router> prompt privilege level 15 - includes all enable-level commands at the router# prompt username john privilege 9 password 0 doe - He can configure snmp-server community because configure terminal is at level 8 (at or below level 9), and snmp-server community is level-8 command.

QUESTION 73 How does Cisco Secure Intrusion Detection System sensor behave when it detects unauthorized activity?

A. Cisco Secure Intrusion System sensor will send an e-mail to the network administrator.

B. Cisco Secure Intrusion System sensor will send an alarm to Cisco Secure Intrusion Detection System Director.

C. Cisco Secure Intrusion System sensor will shut down the interface where the traffic arrived, if device management is configured.

D. Cisco Secure Intrusion System sensor will perform a trace route to the attacking device. Answer: B Explanation: CSIDS does a lot of these things, but the sensor is more specified. It sends the alarm to the full CSIDS director

QUESTION 74 The newly appointed Cisco Highway trainee technician wants to know if one can change the situation where every time a typing mistake is made at the exec prompt of a router, the message from the router indicates a lookup is being performed. Also, there is a waiting period of several seconds before the next command can be typed. What will your reply be?

A. No, this is a default feature of Cisco IOS software.

B. Yes, by using the no ip domain-lookup command.

C. Yes, by using the no ip helper-address command.

D. Yes, by using the no ip multicast helper-map command.

E. Yes, by using the no exec lookup command. Answer: B Explanation: You can disable IP domain lookup using the no ip domain-lookup command under the router's global configuration mode. This will stop the IP domain lookup and speed up the show command output.

QUESTION 75 Which network management software installation is a prerequisite for the Cisco Secure Intrusion Detection System Director software?

A. Cisco Works 2000 on Unix.

B. Sun Net Manager on Solaris.

C. Microsoft Internet Information Server on Windows NT.

D. Net Sonar on Linux.

E. HP Open View on HPUX or Solaris. Answer: E Explanation: The following software must be installed on your workstation: HP-UX HP-UX 10.20 HP Open View 4.1, 5.01, or 6.0 Web browser (for NSDB and help file) Sun Solaris Solaris 2.5.1 or 2.6 HP Open View 4.1, 5.01, or 6.0 Web browser (for NSDB and help file)

QUESTION 76 What does the transport mode & tunnel mode in the IPSec protocol suite describe?

A. It describes AH header and datagram layouts.

B. It describes Diffie-Hellman keying.

C. It describes SHA security algorithm.

D. It describes ESP header and datagram layouts. Answer: D Explanation:

OK I don't get this question ESP or AH can be used in tunnel or transport mode. - CCIE Professional Development Network Security Practices and Principles by Saadat Malik pg 313-316 In Transport Mode ESP, the ESP header is inserted into the IP datagram immediately prior to the transport-layer protocol header (such as

TCP, UDP, or ICMP). In Tunnel Mode ESP, the original IP datagram is placed in the encrypted portion of the ESP and that entire ESP frame is placed within a datagram having unencrypted IP headers.

QUESTION 77 Which of the following is a well known port commonly used for TFTP?

A. TCP 23

B. UDP 69

C. UDP 23

D. UDP 161 Answer: B Explanation:

Abbreviation of Trivial File Transfer Protocol, a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP) and provides no security features. It is often used by servers to boot diskless workstations, X-terminals, and routers.

QUESTION 78 RPF is an acronym for which of the following:

A. Reverse Path Flooding

B. Router Protocol Filter

C. Routing Protocol File

D. Reverse Path Forwarding

E. None of the above. Answer: D Explanation: This chapter describes Unicast Reverse Path Forwarding (Unicast RPF) commands.

QUESTION 79 Which negotiation is excluded from IKE Phase 1 policy?

A. Encryption algorithm

B. Authentication method.

C. Crypto-map access-list

D. Diffie-Hellman group.

E. Lifetime

F. All of the above. Answer: C Explanation:

"Ike Phase 1 Policy Parameters - Encryption, Hash, Authentication method, Key exchange, Ike SA lifetimes" Cisco Secure PIX Firewall Advanced 2.0 14-14 "IKE's responsibilities in the IPSEC protocol include Negotiating protocol parameters, Exchanging public keys, authenticating both sides, managing keys after the exchange...In Phase 1 exchange, peers negotiate a secure, authenticated channel with which to communicate." CCIE Professional Development Network Security Practices and Principles by Saadat Malik pg 276, 278 "The first two messages in IKE main mode negotiation are used to negotiate the various values, hash mechanisms, and encryption mechanisms to use for the later half of the IKE negotiations." CCIE Professional Development Network Security Practices and Principles by Saadit Malik pg 280