CCIE Security Written Exam (v5.0) 1.What are the most common methods that security auditors use to access an organization's security processes? (choose two) A. physical observation B. social engineering attempts C. penetration testing D. policy assessment E. document review F. interviews Answer: AF 2.Which three statements about WCCP are true? (choose three) A. if a specific capability is missing from the capabilities Info Component, the router is assumed to support the default capability. B. the web cache transmits its capabilities as soon as it receives a Receive ID from a router C. the minimum WCCP-Fast Timers message interval is 500 ms. D. the assignment method supports GRE encapsulation for sending traffic E. if the packet return method is missing from a packet return method advertisement, the web cache uses the layer 2 rewrite method F. the router must receive a valid receive ID before it negotiates capabilities. Answer: ACF 3.Refer to the exhibit, Which two effects of this configuration are true? (Choose two) A. the switch periodically sends an EAP-Identity-Request to the endpoint supplicant B. the device allows multiple authenticated sessions for a single MAC address in the voice domain C. if the TACACS+ server is unreachable, the switch places hosts on critical ports in VLAN50 D. if the authentication priority is changed, the order is Which authentications is performed also changes E. if multiple hosts have authenticated to the same port, each can be in their own assigned VLAN F. the port attempts 802.1x authentication first, and then falls back to MAC authentication bypass. Answer: CF 4.Which 2 statements about 6to4 tunneling are true? (choose two) A. it provides a /128 address book. B. it supports static and BGPv4 routing C. it provides a /48 address block D. it supports managed NAT along the path of the tunnel E. the prefix address of the tunnel is determined by the IPv6 configuration of the interface F. it supports multihoming Answer: BC 5.Which 2 statements about a wireless access point configured with the guest-mode command are true? (Choose two) A. it can support more than one guest mode SSID B. it supports associations by client that perform passive scans C. it allows client configured without SSID to associate D. it allows associated client to transmit packet using its SSID E. if one device on a network is configure in guest-mode, client can use the guest-mode SSID to connect to any device in the same network. Answer: BC 6.Refer to the exhibit. Which two statement about a device with this configuration are true? (choose two) A. when a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes. B. if a peer reconnects to device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timers starts C. when a peer re-establishes a previous connection to the device, CTS retains all existing SGT mapping entries for 3 minutes D. if a peer reconnects to device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts E. if a peer re-establishes a connection to the device before the hold-down timer expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes F. it sets the internal hold down timer of the device to 3 minutes Answer: BE 7.Which option is a data modeling language used to model configuration and state data of network elements? A. RESTCONF B. SNMPv4 C. NETCONF D. YANG Answer: D 8.Refer to the exhibit Which data format is used in this script? A. JSON B. YANG C. API D. XML E. JavaScript Answer: D 9.Which three statements about VRF-Aware Cisco Firewall are true? (choose three) A. it supports both global and per-VRF commands and DoS parameters B. it enables services providers to deploy firewalls on customer devices C. it can generate syslog messages that are visible only to individual VPNs D. it can support VPN networks with overlapping address ranges without NAT. E. it enables service providers to implement firewalls on PE devices F. it can run as more than on instance. Answer: CEF 10.Which OpenStack project has orchestration capabilities? A. Cinder B. Horizon C. Sahara D. Heat Answer: D 11.Which two statements about Role-Based Access Control are true? (Choose two) A. the user profile on an AAA server is configured with the roles that grant user privileges B. if the same user name is used for a local user account and a remote user account, the roles defined in the remote user account override the local user account. C. server profile administrators have read and write access to all system logs by default. D. A view is created on the Cisco IOS device to leverage RBAC E. Network administrators have read and write access to all system logs by default Answer: AD 12.Refer to the exhibit Which two statements about the given IPv6 ZBF configuration are true? (choose two) A. it inspects TCP, UDP, ICMP, and FTP traffic from Z1 to Z2 B. it provides backward compatibility with legacy IPv4 inspection C. it inspects TCP, UDP, ICMP, and FTP traffic from Z2 to Z1 D. it passes TCP, UDP, ICMP, and FTP traffic in both directions between Z1 to Z2 E. it provides backward compatibility with legacy IPv6 inspection F. it passes TCP, UDP, ICMP, and FTP traffic from Z1 TO Z2. Answer: AE 13.Which three options are fields in a CoA Request Response code packet? (choose three) A. calling-station-ID B. identifier C. state D. length E. acc-session-ID F. authenticator Answer: BDF 14.Refer to the exhibit. What are two effects of the given configuration? (choose two) A. it enables the ASA to download the static botnet filter database B. it enables the ASA to download the dynamic botnet filter database C. it enables botnet filtering in single context mode D. it enables multiple context mode E. it enables single context mode Answer: BD 15.Which option best describes RPL? A. RPL stands for Routing Over Low priority links that use link-state LSAs to determine the best route between two root border routers B. RPL stands for Routing Over Low priority links that use distance vector DOGAG to determine the best route between two root border routers C. RPL stands for Routing Over Low-Power Lossy Networks that use link-state LSAs to determine the best route between leaves and the root border router D. RPL stands for Routing Over Low-Power Lossy Networks that use distance vector DOGAG to determine the best route between leaves and the root border router Answer: D 16.Which two statements about the SeND protocol are true? (choose two) A. it counters neighbor discovery threats B. it must be enabled before you can configure IPv6 addresses C. it supports numerous custom neighbor discovery messages D. it logs IPv6-related threats to an external log server E. it supports an autoconfiguration mechanism F. it uses IPSec as a baseline mechanism Answer: AE 17.In OpenStack, which two statements about the NOVA component are true? (choose two) A. it provides the authentication and authorization services B. it launches virtual machine instances C. it is considered the cloud computing fabric controller D. it provides persistent block storage to running instances of virtual machines E. it tracks cloud usage statistics for billing purposes. Answer: BC 18.Which two statements about Botnet Traffic Filter snooping are true? (choose two) A. it can log and block suspicious connections from previously unknown bad domains and IP addresses B. it requires the Cisco ASA DNS server to perform DNS lookup C. it requires DNS packet inspection to be enabled to filter domain names in the dynamic database D. it checks inbound traffic only E. it can inspect both IPv4 and IPv6 traffic F. it checks inbound and outbound traffic Answer: CF 19.Which two statements about ping flood attacks are true? (choose two) A. they attack by sending ping requests to the broadcast address of the network B. they use SYN packets C. the attack is intended to overwhelm the CPU of the target victim D. they use UDP packet E. they use ICMP packet F. they attack by sending ping requests to the return address of the network Answer: CE 20.Which two design options are best to reduce security concerns when adopting IoT into an organization? (Choose two) A. Segment the Field Area Network from the Data Center Network B. Encrypt sensor data in transit C. Ensure that application can gather and analyze data at the edge D. Implement video analytics on IP cameras E. Encrypt data at rest on all devices in the Lot network Answer: AB 21.Which three messages are part of the SSL protocol? (Choose Three) A. Message Authentication B. Cipher Spec C. Record D. Alert E. Change Cipher Spec F. Handshake Answer: DEF 22.Within Platform as a Service, which two components are managed by the customer? (Choose two) A. Data B. Networking C. Middleware D. Application E. Operating System Answer: AD 23.Which three statements about the keying methods used by MACSec are true? (Choose three) A. SAP is not supported on switch SVIs B. SAP is supported on SPAN destination ports C. MKA is implemented as an EAPoL packet exchange D. Key management for host-to-switch and switch-to-switch MACSec session is provided by MKA. E. SAP is enabled by default for Cisco TrustSec in manual configuration mode F. A valid mode for SAP is NULL Answer: ACF 24.Which four task items need to be performed for an effective risk assessment and to evaluate network posture? (Choose four) A. discovery B. baselining C. scanning D. notification E. validation F. escalation G. mitigation H. profiling Answer: ACEH 25.Which best practice can limit inbound TTL expiry attacks? A. Setting the TTL value to zero B. Setting the TTL value to more than longest path in the network C. Setting the TTL value equal to the longest path in the network D. Setting the TTL value to less than the longest path in the network Answer: B 26.Which two statements about the MACSec security protocol are true? (Choose two) A. When switch-to-switch link security is configured in manual mode, the SAP operation mode must be set to GCM B. MACSec is not supported in MDA mode C. Stations broadcast an MKA heartbeat that contains the key server priority D. MKA heartbeats are sent at a default interval of 3 second E. The SAK is secured by 128 bit AES-GCM by default Answer: CE 27.Which three transports have been defined for SNMPv3? (Choose three) A. DTLS B. SSH C. TLS D. SSL E. IPSec secured tunnel F. GET Answer: ABC It-Dumps Exam Features Real Exam Dumps PDF & Software Passing Guarantee One Year Free Update Full Refund Promise Subscribe It-Dumps Youtube Channel Contact Us Mail: [email protected] Live Online Support Hot Certification Cisco Microsoft CompTIA Adobe HP Juniper Lpi IBM Oracle Citrix Avaya SAP ACI EMC Huawei NetApp VMware
© Copyright 2024