|
QUESTION 81 What services are common in AH and ESP?
A. confidentiality, connectionless integrity and anti-replay service
B. data origin authentication, confidentiality and anti-replay service
C. connectionless integrity data origin authentication and anti-replay service
D. confidentiality, connectionless integrity and data origin authentication Answer: B Cisco Self-Study CCSP SECUR page 314-315
QUESTION 82 Which protocol is used by Cisco IOS Encryption to secure exchange encryption keys for IPSEC?
A. DH
B. DES
C. Digital Signature Standard
D. ESP Answer: D Cisco Self-Study CCSP SECUR page 314 This is a trick question because it is asking what protocol not what encryption algorithm. Therefore the correct answer choice shall be ESP.
QUESTION 83 Which IOS command sets the timeout for router terminal line?
A. exec-timeout minute [seconds]
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds] Answer: A http://www.cisco.com/warp/public/793/access_dial/comm_server.html
QUESTION 84 What statement best describe a digital certificate?
A. IT is a signed by CA
B. IT is a public key infrastructure symmetrical key
C. It is used by IPSEC to encrypt a client session
D. It is a CA's encryption policy Answer: A Cisco Self-Study CCSP SECUR page 344 Both routers exchange digital certificates that have been signed by CA
QUESTION 85 Which ESP mode is used to provide end to end protection of message between two hosts?
A. transport mode
B. encrypted mode
C. ESP mode
D. tunnel mode Answer: A http://www.cisco.com/warp/public/707/24.html
QUESTION 86 What determine an IPSEC policy?
A. to gather piece data you will need in later step to minimize mis-configuration
B. to ensure the network work without encryption
C. to establish IKE policy
D. to ensure ACL are compatible with IKE Answer: C Cisco Self-Study CCSP SECUR page 314 The IPSEC policies are often referred to as the IKE phase 2 policies...
QUESTION 87 An authentication attempt to a CSACS for Windows server failed yet no log entries are in the report. Why? (Choose two)
A. User is not defined
B. User belong to the wrong group
C. CSAuth service is down on the Cisco Secure ACS Server
D. password has expired
E. user enter incorrect password
F. Communication path between the NAS and Cisco Secure ACS server is down Answer: C, F
QUESTION 88 What determine an IPSEC policy?
A. to gather piece data you will need in later step to minimize mis-configuration
B. to ensure the network work without encryption
C. to establish IKE policy
D. to ensure ACL are compatible with IKE Answer: C Cisco Self-Study CCSP SECUR page 314 The IPSEC policies are often referred to as the IKE phase 2 policies...
QUESTION 89 Which error message indicates that ISAKMP peers failed protection suite negotiation for ISAKMP?
A. %Crypto-6-IKMP_SA_AUTH Can accept Quick Mode exchange form %15 if SA is authenticated
B. %Crypto-6-IKMP_SA_OFFERED Remote peer% respond attribute [chars] offered
C. %Crypto-6-IKMP_SA_NOT_OFFERED Remote peer% respond attribute [chars] not offered
D. %Crypto-6-IKMP_SA_NO_AUTH Remote peer% respond attribute [chars] not offered Answer: C http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122sems/semsvol1/emfcpad.htm
QUESTION 90 What are three possible state activities in Management Center for VPN?
A. editable
B. authored
C. approved
D. submitted
E. edited
F. logged Answer: A, C, D Cisco Self-Study CCSP SECUR page 392~393 Editable, Approved, and Submitted status
Search and Find Anything Here
|
|
