CCIE Security Written Exam (v5.0)
1.What are the most common methods that security auditors use to access an
organization's security processes? (choose two)
A. physical observation
B. social engineering attempts
C. penetration testing
D. policy assessment
E. document review
F. interviews
Answer: AF
2.Which three statements about WCCP are true? (choose three)
A. if a specific capability is missing from the capabilities Info Component, the router is
assumed to support the default capability.
B. the web cache transmits its capabilities as soon as it receives a Receive ID from a
router
C. the minimum WCCP-Fast Timers message interval is 500 ms.
D. the assignment method supports GRE encapsulation for sending traffic
E. if the packet return method is missing from a packet return method advertisement, the
web cache uses the layer 2 rewrite method
F. the router must receive a valid receive ID before it negotiates capabilities.
Answer: ACF
3.Refer to the exhibit,
Which two effects of this configuration are true? (Choose two)
A. the switch periodically sends an EAP-Identity-Request to the endpoint supplicant
B. the device allows multiple authenticated sessions for a single MAC address in the
voice domain
C. if the TACACS+ server is unreachable, the switch places hosts on critical ports in
VLAN50
D. if the authentication priority is changed, the order is Which authentications is
performed also changes
E. if multiple hosts have authenticated to the same port, each can be in their own
assigned VLAN
F. the port attempts 802.1x authentication first, and then falls back to MAC authentication
bypass.
Answer: CF
4.Which 2 statements about 6to4 tunneling are true? (choose two)
A. it provides a /128 address book.
B. it supports static and BGPv4 routing
C. it provides a /48 address block
D. it supports managed NAT along the path of the tunnel
E. the prefix address of the tunnel is determined by the IPv6 configuration of the interface
F. it supports multihoming
Answer: BC
5.Which 2 statements about a wireless access point configured with the guest-mode
command are true? (Choose two)
A. it can support more than one guest mode SSID
B. it supports associations by client that perform passive scans
C. it allows client configured without SSID to associate
D. it allows associated client to transmit packet using its SSID
E. if one device on a network is configure in guest-mode, client can use the guest-mode
SSID to connect to any device in the same network.
Answer: BC
6.Refer to the exhibit.
Which two statement about a device with this configuration are true? (choose two)
A. when a peer establishes a new connection to the device, CTS retains all existing SGT
mapping entries for 3 minutes.
B. if a peer reconnects to device within 120 seconds of terminating a CTS-SXP
connection, the reconciliation timers starts
C. when a peer re-establishes a previous connection to the device, CTS retains all
existing SGT mapping entries for 3 minutes
D. if a peer reconnects to device within 180 seconds of terminating a CTS-SXP
connection, the reconciliation timer starts
E. if a peer re-establishes a connection to the device before the hold-down timer expires,
the device retains the SGT mapping entries it learned during the previous connection for
an additional 3 minutes
F. it sets the internal hold down timer of the device to 3 minutes
Answer: BE
7.Which option is a data modeling language used to model configuration and state data
of network elements?
A. RESTCONF
B. SNMPv4
C. NETCONF
D. YANG
Answer: D
8.Refer to the exhibit
Which data format is used in this script?
A. JSON
B. YANG
C. API
D. XML
E. JavaScript
Answer: D
9.Which three statements about VRF-Aware Cisco Firewall are true? (choose three)
A. it supports both global and per-VRF commands and DoS parameters
B. it enables services providers to deploy firewalls on customer devices
C. it can generate syslog messages that are visible only to individual VPNs
D. it can support VPN networks with overlapping address ranges without NAT.
E. it enables service providers to implement firewalls on PE devices
F. it can run as more than on instance.
Answer: CEF
10.Which OpenStack project has orchestration capabilities?
A. Cinder
B. Horizon
C. Sahara
D. Heat
Answer: D
11.Which two statements about Role-Based Access Control are true? (Choose two)
A. the user profile on an AAA server is configured with the roles that grant user privileges
B. if the same user name is used for a local user account and a remote user account, the
roles defined in the remote user account override the local user account.
C. server profile administrators have read and write access to all system logs by default.
D. A view is created on the Cisco IOS device to leverage RBAC
E. Network administrators have read and write access to all system logs by default
Answer: AD
12.Refer to the exhibit
Which two statements about the given IPv6 ZBF configuration are true? (choose two)
A. it inspects TCP, UDP, ICMP, and FTP traffic from Z1 to Z2
B. it provides backward compatibility with legacy IPv4 inspection
C. it inspects TCP, UDP, ICMP, and FTP traffic from Z2 to Z1
D. it passes TCP, UDP, ICMP, and FTP traffic in both directions between Z1 to Z2
E. it provides backward compatibility with legacy IPv6 inspection
F. it passes TCP, UDP, ICMP, and FTP traffic from Z1 TO Z2.
Answer: AE
13.Which three options are fields in a CoA Request Response code packet? (choose
three)
A. calling-station-ID
B. identifier
C. state
D. length
E. acc-session-ID
F. authenticator
Answer: BDF
14.Refer to the exhibit.
What are two effects of the given configuration? (choose two)
A. it enables the ASA to download the static botnet filter database
B. it enables the ASA to download the dynamic botnet filter database
C. it enables botnet filtering in single context mode
D. it enables multiple context mode
E. it enables single context mode
Answer: BD
15.Which option best describes RPL?
A. RPL stands for Routing Over Low priority links that use link-state LSAs to determine
the best route between two root border routers
B. RPL stands for Routing Over Low priority links that use distance vector DOGAG to
determine the best route between two root border routers
C. RPL stands for Routing Over Low-Power Lossy Networks that use link-state LSAs to
determine the best route between leaves and the root border router
D. RPL stands for Routing Over Low-Power Lossy Networks that use distance vector
DOGAG to determine the best route between leaves and the root border router
Answer: D
16.Which two statements about the SeND protocol are true? (choose two)
A. it counters neighbor discovery threats
B. it must be enabled before you can configure IPv6 addresses
C. it supports numerous custom neighbor discovery messages
D. it logs IPv6-related threats to an external log server
E. it supports an autoconfiguration mechanism
F. it uses IPSec as a baseline mechanism
Answer: AE
17.In OpenStack, which two statements about the NOVA component are true? (choose
two) A. it provides the authentication and authorization services
B. it launches virtual machine instances
C. it is considered the cloud computing fabric controller
D. it provides persistent block storage to running instances of virtual machines
E. it tracks cloud usage statistics for billing purposes.
Answer: BC
18.Which two statements about Botnet Traffic Filter snooping are true? (choose two)
A. it can log and block suspicious connections from previously unknown bad domains
and IP addresses
B. it requires the Cisco ASA DNS server to perform DNS lookup
C. it requires DNS packet inspection to be enabled to filter domain names in the dynamic
database
D. it checks inbound traffic only
E. it can inspect both IPv4 and IPv6 traffic
F. it checks inbound and outbound traffic
Answer: CF
19.Which two statements about ping flood attacks are true? (choose two)
A. they attack by sending ping requests to the broadcast address of the network
B. they use SYN packets
C. the attack is intended to overwhelm the CPU of the target victim
D. they use UDP packet
E. they use ICMP packet
F. they attack by sending ping requests to the return address of the network
Answer: CE
20.Which two design options are best to reduce security concerns when adopting IoT into
an organization? (Choose two)
A. Segment the Field Area Network from the Data Center Network
B. Encrypt sensor data in transit
C. Ensure that application can gather and analyze data at the edge
D. Implement video analytics on IP cameras
E. Encrypt data at rest on all devices in the Lot network
Answer: AB
21.Which three messages are part of the SSL protocol? (Choose Three)
A. Message Authentication
B. Cipher Spec
C. Record
D. Alert
E. Change Cipher Spec
F. Handshake
Answer: DEF
22.Within Platform as a Service, which two components are managed by the customer?
(Choose two)
A. Data
B. Networking
C. Middleware
D. Application
E. Operating System
Answer: AD
23.Which three statements about the keying methods used by MACSec are true?
(Choose three)
A. SAP is not supported on switch SVIs
B. SAP is supported on SPAN destination ports
C. MKA is implemented as an EAPoL packet exchange
D. Key management for host-to-switch and switch-to-switch MACSec session is provided
by MKA.
E. SAP is enabled by default for Cisco TrustSec in manual configuration mode
F. A valid mode for SAP is NULL
Answer: ACF
24.Which four task items need to be performed for an effective risk assessment and to
evaluate network posture? (Choose four)
A. discovery
B. baselining
C. scanning
D. notification
E. validation
F. escalation
G. mitigation
H. profiling
Answer: ACEH
25.Which best practice can limit inbound TTL expiry attacks?
A. Setting the TTL value to zero
B. Setting the TTL value to more than longest path in the network
C. Setting the TTL value equal to the longest path in the network
D. Setting the TTL value to less than the longest path in the network
Answer: B
26.Which two statements about the MACSec security protocol are true? (Choose two)
A. When switch-to-switch link security is configured in manual mode, the SAP operation
mode must be set to GCM
B. MACSec is not supported in MDA mode
C. Stations broadcast an MKA heartbeat that contains the key server priority
D. MKA heartbeats are sent at a default interval of 3 second
E. The SAK is secured by 128 bit AES-GCM by default
Answer: CE
27.Which three transports have been defined for SNMPv3? (Choose three)
A. DTLS
B. SSH
C. TLS
D. SSL
E. IPSec secured tunnel
F. GET
Answer: ABC
It-Dumps Exam Features
Real Exam Dumps
PDF & Software
Passing Guarantee
One Year Free Update
Full Refund Promise
Subscribe It-Dumps Youtube Channel
Contact Us
Mail: [email protected]
Live Online Support
Hot Certification
Cisco
Microsoft
CompTIA
Adobe
HP
Juniper
Lpi
IBM
Oracle
Citrix
Avaya
SAP
ACI
EMC
Huawei
NetApp
VMware