FREE ENGINEERING AND STUDY GAMES ABOUT CCNA

PDF Download

FREE ENGINEERING AND STUDY GAMES ABOUT CCNA

SEC V2 MID2 EXAM QUESTIONS

Actual Qs and Ans Expert-Verified Explanation

This Exam contains:

-Guarantee passing score -121 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation Question 1: At which layer of the OSI model does Spanning Tree Protocol operate?

Answer:

Layer 2 Question 2: In addition to the criteria used by extended ACLs, what conditions are used by a classic firewall to filter traffic?

Answer:

Application layer protocol session information Question 3: Refer to the exhibit. A network administrator is configuring an IOS IPS. Which statement describes the IPS signatures that are enabled?

Answer:

These signatures detect attacks within a single packet Question 4: Refer to the exhibit. Which statement is true about the effect of this Cisco IOS zone-based policy firewall configuration?

Answer:

The firewall will automatically allow HTTP, HTTPS, and FTP traffic from fa0/0 to s0/0 and will track the connections. Tracking the connection allows only return traffic to be permitted through the firewall in the opposite direction.

Question 5: What are the three components of an STP bridge ID? (Choose three.)

Answer:

the bridge priority value the extended system ID the MAC address of the switch

Question 6: What is the best way to prevent a VLAN hopping attack?

Answer:

Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

Question 7: What is a disadvantage of a pattern-based detection mechanism?

Answer:

It cannot detect unknown attacks.Question 8: Which two parameters are tracked by CBAC for TCP traffic but not for UDP traffic?(Choose two.)

Answer:

sequence number SYN and ACK flags Question 9: Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model?

Answer:

A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer.Question 10: Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate?

Answer:

The public crypto key is invalid or entered incorrectly.Question 11: The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee?

Answer:

nonrepudiation

Question 12: Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase Network database?

Answer:

global correlation Question 13: Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category?

Answer:

Only signatures in the ios_ips basic category will be compiled into memory for scanning.Question 14: Consider the access list command applied outbound on a router serial interface.What is the effect of applying this access list command?

Answer:

No traffic will be allowed outbound on the serial interface.Question 15: What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.)

Answer:

allow the activity drop or prevent the activity

Question 16: What are two characteristics of ACLs? (Choose two.)

Answer:

Extended ACLs can filter on destination TCP and UDP ports.Extended ACLs can filter on source and destination IP addresses.Question 17: Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?a

Answer:

integrity Question 18: What is one benefit of using a next-generation firewall rather than a stateful firewall?

Answer:

integrated use of an intrusion prevention system (IPS)

Question 19: What is defined by an ISAKMP policy?

Answer:

the security associations that IPsec peers are willing to use Question 20: Which statement describes a typical security policy for a DMZ firewall configuration?

Answer:

Traffic that originates from the DMZ interface is selectively permitted to the outside interface. OR Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.Question 21: What is a recommended best practice when dealing with the native VLAN?

Answer:

Assign it to an unused VLAN.Question 22: The STP Guard feature provides protection against Layer 2 loops by recognizing unidirectional links and moving them to the blocking state.

Answer:

loop guard Question 23: What two components of traditional web security appliances are examples of functions integrated into a Cisco Web Security Appliance? (Choose two.)

Answer:

web reporting URL filtering Question 24: Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS?

Answer:

all traffic entering the s0/0/1 interface and all traffic entering and leaving the fa0/1 interface Question 25: Which method is used to identify interesting traffic needed to create an IKE phase

• tunnel?

Answer:

a permit access list entry