Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CCIE Theory Security

CCIE Theory Implement Security

QuestionAnswer
What is a requirement to enable Cisco IOS IPS with 5.X signature? Import the public RSA key from the Cisco IPS team that allows the router to verify that a signature update (which was signed by this key) comes from cisco
Class-map match-all telnet-allowed match input-interface fa0/0 match access-list telnet Class-map telnet-deny match access-list telnet Policy-map telnet class tenet-allowed bandwidth 64 class telnet-deny drop control-plane service-policy input The user can use Telnet to any interface on the device as long a the input interface for telnet is fastethernet 0/0
What needs to be enabled for Unicast RPF? CEF
Which protocol and port have been assigned by IANA for RADIUS authentication? UDP/1812
Which two of these elements need to be configured prior to enabling SSH ? 1 hostname 2 domain name
Show control-plane host open-ports Which statement is correct? NTP is not configured on the router
Refer to the exhibit: Jun 5 12 :55:44.359: %sec-6-IPACCESSLOGP: list MYACL permitted tcp 192.168.16.1 (38402) - 192.168.16.2 (23), 1 packet [0x723E6E12] Which two statements are correct? 1 The access list has logging enabled 2 The command ip access-list logging hash-generation is enabled
Unicast Reverse Path Forwarding can perform all of these actions except which one? inspect IP packets encapsulated in tunnels, such as GRE
Which IOS feature is configured by the IP inspect inspection-name {in|out} command? Cisco IOS firewall
What is the minimum key size to enable SSHv2? 768 bits
What is true about IP Source Guard with port security? The DHCP server must support option 82, or the client is not assigned an IP address
Why would a rogue host that is running DHCP server on a campus LAN network present a security risk? A potential man-in-the-middle attack can be used againt the clients
Which three statements are true about TACACS+? 1 It is a Cisco proprietary protocol 2 Authentication and authorization are done at different stages 3 TACACS+ encrypts the entire body of the packet, but leaves a standard TACACS+ header
You are the network administrator of a small layer2 network with 50 users. Lately, users have been complaining that the network is very slow. While troubleshooting, you notice that the CAM table of your switch is full, Solve and prevent in the future? Configure port security
If you have overlapping IP address between two different networks or routing domains, which two commands are needed to globally configure NAT to get this to work? ip nat outside static x.x.x.x y.y.y.y and ip nat inside static x.x.x.x y.y.y.y
Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP source addresses? It is applied only on the input interface of a router
Which two statements are true about the inside Global address in NAT? 1 an IP address of an inside host as it appears to the outside network 2 If the enterprise is connected to the global Internet, this address can be allocated from a globally unique address space.
Which two statements are true about Unicast Reverse Path Forwarding Loose Mode? 1 It is used in multihome network scenarios 2 It can be used with BGP to mitigate DoS and DDoS
After applying a new ACL on a device. it's CPU utilization rose significantly and many messages starting with "%SEC-6-IPACCESSLOG" appeared on the syslog server. What can be done to resolve this situation? Remove the log keyword from each ACL entry
Refer to the exhibit: class-map type inspect match-all c1 match access-group 101 match protocol http policy-map type inspect p1 class type inspect c1 drop What is true about the configuration in this exhibit? it will create a class map that matches the content of ACL101 and the HTTP protocol, and will then create an inspection policy that will drop packets at the class map.
Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer? port security with statically configured MAC addresses
What is also called Type o authentication in OSPF on Cisco routers? Null
For a router connected to two ISPs for redundancy, using IPSLA and static routing, how would you configure uRPF on the uplink interface ? ip verify unicast source reachable-via any
Which feature is used to translate several internal addresses to only on or a few external addresses(also referred as "overload")? Port Address Translation
What does Cisco recommend when you are enabling Cisc IOS ips? Do not enable all the signatures at the same time.
Ia a certificate authority trustpoint is not configured when enabling HTTPS and the remote HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation? ip http client secure-trustpoint-name
Which is the result of enabled IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled? The DHCL server reply will be dropped and the client will not be able to otain an IP address
Which of these mandatory when configuring CISCO IOS firewall? an inbound extended ACL applied to the untrusted interface.
Which three protocols should be explicitly managed by using Control Plane Policing on an Internet Border router? 1 ICMP 2 BGP 3 SSH
Which three configuration items are required to enable SSH on a router? 1 a domain name 2 an RSA key 3 a hostname
What is true about Unicast RPF in srict mode? uRPF is performed with the CEF switching
Refer to the exhibit show run aaa authentication login default group tacacs+ none What would be the security risk when you are using the above configuration? if the tacacs+ server failed, no authentication would be required
What is the purpose of an explicit "deny any" statement at the end of an ACL? to allow the log option to be used to log any matches
Which three protocols should be explicitly managed by using CoPP policy on a Internet border router? 1 ICMP 2 BGP 3 SSH
Created by: 100000429226399