QUESTION 71 Which of the following router commands enables the AAA process?
A. aaa new-model
B. aaa setup-dbase
C. aaa config-login
D. aaa server-sync Answer: A Explanation: The router global configuration command aaa new-model, enables aaa (radius, tacacs+) configuration commands on the router, and disables tacacs and xtacacs.
QUESTION 72 How many incomplete connections must a router have by default before TCP Intercept will start dropping incomplete connections?
A. 500
B. 1100
C. 700
D. 900
E. 200 Answer: B Explanation: Once the number of incomplete connections (TCP SYN) reaches 1100, TCP Intercept will start deleting incomplete sessions (oldest session first, by default). Configure the incomplete session threshold with the ip tcp intercept max- incomplete high (number) command.
QUESTION 73 What is the RADIUS vendor-specific attribute number?
A. 26
B. 50
C. 14
D. 38 Answer: A Explanation: The vendor-specific RADIUS attribute (attribute number 26) allows vendors to create their own extended RADIUS attributes. Cisco is vendor ID number 9.
QUESTION 74 Which of the following is the default login URL for CSACS 3.0?
A. http://127.0.0.1:4002
B. http://127.0.0.1:2002
C. http://127.0.0.1:2502
D. http://127.0.0.1:4502 Answer: B Explanation: Use IP address 127.0.0.1 (local loopback) with port 2002 to access CSACS from the host CSACS is installed on. Substitute the local loopback with the IP address of the CSACS server to access the server remotely I.E. 192.168.10.10:2002.
QUESTION 75 Which of the following router commands can monitor AAA RADIUS?
A. show radius errors
B. show radius statistics
C. show ip aaa
D. show radius monitoring Answer: B Explanation: Use the router command show radius statistics to view general RADIUS statistics for authentication and accounting.
QUESTION 76 Which of the following encryption protocols can the Cisco IOS Firewall support? Select all that apply.
A. CAST
B. Two fish
C. DES
D. 3DES
E. AES Answer: C, D, E Explanation: The Cisco IOS Firewall can support DES (56 bit), 3DES (168 bit), and AES (128, 192, 256 bit) encryption protocols for VPN tunnels.
QUESTION 77 What is the bit length of the Diffie-Hellman group 1 algorithm?
A. 768 bits
B. 512 bytes
C. 512 bits
D. 768 bytes Answer: A Explanation: The Diffie-Hellman protocol uses complex mathematical algorithms to generate a secret key over an insecure link such as the Internet. Only the public keys are exchanged, the secret key that is generated is never sent over the link. Diffie-Hellman group 1 uses 768 bit keys.
QUESTION 78 Which of the following dynamically alters access lists?
A. CBAC
B. IPSEC
C. Kerberos
D. AAA Answer: A Explanation: CBAC monitors traffic and dynamically alters access lists to allow specified return traffic. CBAC then dynamically closes the hole(s) in the access list(s) once the session is finished.
QUESTION 79 What is the command to enable logging to all configured destinations (other than the console) on a router?
A. logging facility
B. logging enable
C. logging on
D. logging server
E. logging messages
F. logging enabled Answer: C Explanation: Enable logging to destinations other than the console port, such as internal buffers, terminal monitor (telnet/vty line), or a syslog server with the logging on command.
QUESTION 80 How many IDS signatures can the Cisco IOS Firewall scan for?
A. 207
B. 59
