考题
Which two statements are true about AH?() (Choose two.)
A. AH provides data integrity.B. AH is identified by IP protocol 50.C. AH is identified by IP protocol 51.D. AH cannot work in conjunction with ESP
考题
Which two statements are true about precedence values in policy?() (Choose two.)
A. 1 is the default precedence.B. A lower number is preferred.C. A higher number is preferred.D. 100 is the default precedence.
考题
Which two statements about the use of VLANs to segment a network are true?()
A. VLANs increase the size of collision domains.B. VLANs allow logical grouping of users by function.C. VLANs simplify switch administration.D. VLANs enhance network security.
考题
Which two statements about NTP version 4 are true?()A、It supports fast synchronization at starting and before network failuresB、It supports automatic server discoveryC、It uses a fixed-point arithmetionD、It supports the "nanokernel" kernel implementationE、It does not support Public-Key Cryptography
考题
Which two statements about an IDS are true?()A、The IDS is in the traffic path.B、The IDS can send TCP resets to the source device.C、The IDS can send TCP resets to the destination device.D、The IDS listens promiscuously to all traffic on the network.E、Default operation is for the IDS to discard malicious traffic.
考题
A hacker on the Company network is attempting to hop onto a different VLAN. Which two statements about VLAN hopping are true? ()A、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.B、 Configuring an interface with the "switchport mode dynamic" command will prevent VLAN hopping.C、 Attacks are prevented by utilizing the port-security feature.D、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.E、 An end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.
考题
Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)()A、It establishes a static route to the 172.16.3.0 network.B、It establishes a static route to the 192.168.2.0 network.C、It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.D、It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.E、It uses the default administrative distance.F、It is a route that would be used last if other routes to the same destination exist.
考题
Which two statements are true about L2TP tunnels?() (Choose two.)A、Traffic is clear textB、Traffic is encryptedC、They are initiated by the LNSD、They are initiated by the LAC
考题
Which two statements are true about optical networks?()A、SONET and SDH both use time-division multiplexing.B、An optical transport network system uses time-division multiplexing.C、SONET and SDH both use wavelength-division multiplexing.D、An optical transport network system uses wavelength-division multiplexing.
考题
You need to determine the correct wireless LAN topology for use in the Company network. Which three statements are true about the various WLAN topologies?()A、 In ad hoc mode, the Independent Basic Service Set (IBSS) is a framework in which mobile clients connect directly without an intermediate access point.B、 In Infrastructure mode, the Basic Service Set (BSS) is a framework in which mobile clients use a single access point for connecting to each other or to wired network resources.C、 In Infrastructure mode, the Extended Services Set (ESS) is a framework in which two or more Basic Service Sets are connected by a common distribution system (DS).D、 In Infrastructure mode, the Independent Basic Service Setet (IBSS) is a framework in which mobile clients connect directly without an intermediate access point.E、 In ad hoc mode, the Basic Service Set (BSS) is a framework in which mobile clients use a single AP for connecting to each other or to wired network resources.F、 In ad hoc mode, the Extended Services Set (ESS) is a framework in which two or more Basic Service Sets are connected by a common distribution system (DS)
考题
Which two statements are true about the application of QoS in a converged network?()A、end-to-end network delay times that exceed 50 ms for real-time traffic are considered unacceptableB、end-to-end network delay times that exceed 250 ms for real-time traffic are considered unacceptableC、end-to-end network delay is not a factor as long as the delay is consistentD、some packet loss can be corrected by codec algorithmsE、RSVP handles voice packet retransmissionF、fragmentation is a result of packet loss
考题
Which two statements about the Cisco Nexus 1000V VSM are true?()A、It performs switching decisions and forwarding for the VEMB、It can be run on a virtual machineC、It can be used for remote VEM switching Iine cards
考题
Which two statements about common network attacks are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.C、Access attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.D、Reconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.E、Reconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.F、Reconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
考题
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
考题
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
考题
Which two statements are true about trust boundaries?()A、Classifying and marking traffic should be done as close to the traffic source as possible. B、Classifying and marking traffic should be done at the distribution layer.C、Traffic is classified and marked as it travels through the network.D、If untrusted traffic enters a switch, it can be marked with a new QoS value appropriate for the policy in place.E、The trust boundary moves depending on the type of traffic entering the network.
考题
Which two statements are true about network voice traffic? (Choose two.)()A、 Voice traffic is affected more by link speed than FTP traffic is.B、 Voice traffic is affected more by packet delays than FTP traffic is.C、 Voice streams involve larger packet sizes than most TCP network traffic involves.D、 Voice traffic is more sensitive to packet loss than TCP network traffic is.E、 Voice traffic requires QOS mechanisms only in heavily loaded network segments.
考题
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
考题
Which two statements about the use of VLANs to segment a network are true? ()A、VLANs increase the size of collision domains.B、VLANs allow logical grouping of users by function.C、VLANs simplify switch administration.D、VLANs enhance network security.
考题
Which two statements are true about the implementation of QoS? ()A、 Implementing DiffServ involves the configuration of RSVP.B、 Implementing IntServ allows QoS to be performed by configuring only the ingress and egress devices.C、 Implementing IntServ involves the utilization of RSVP.D、 Traffic should be classified and marked by the core network devices.E、 Traffic should be classified and marked as close to the edge of the network as possible.
考题
Which two statements are true about precedence values in policy?() (Choose two.)A、1 is the default precedence.B、A lower number is preferred.C、A higher number is preferred.D、100 is the default precedence.
考题
多选题Which two statements are true about L2TP tunnels?() (Choose two.)ATraffic is clear textBTraffic is encryptedCThey are initiated by the LNSDThey are initiated by the LAC
考题
多选题Which two statements are true about the application of QoS in a converged network?()Aend-to-end network delay times that exceed 50 ms for real-time traffic are considered unacceptableBend-to-end network delay times that exceed 250 ms for real-time traffic are considered unacceptableCend-to-end network delay is not a factor as long as the delay is consistentDsome packet loss can be corrected by codec algorithmsERSVP handles voice packet retransmissionFfragmentation is a result of packet loss
考题
多选题You need to determine the correct wireless LAN topology for use in the Company network. Which three statements are true about the various WLAN topologies?()AIn ad hoc mode, the Independent Basic Service Set (IBSS) is a framework in which mobile clients connect directly without an intermediate access point.BIn Infrastructure mode, the Basic Service Set (BSS) is a framework in which mobile clients use a single access point for connecting to each other or to wired network resources.CIn Infrastructure mode, the Extended Services Set (ESS) is a framework in which two or more Basic Service Sets are connected by a common distribution system (DS).DIn Infrastructure mode, the Independent Basic Service Setet (IBSS) is a framework in which mobile clients connect directly without an intermediate access point.EIn ad hoc mode, the Basic Service Set (BSS) is a framework in which mobile clients use a single AP for connecting to each other or to wired network resources.FIn ad hoc mode, the Extended Services Set (ESS) is a framework in which two or more Basic Service Sets are connected by a common distribution system (DS)
考题
多选题Which two statements are true about AH?() (Choose two.)AAH provides data integrity.BAH is identified by IP protocol 50.CAH is identified by IP protocol 51.DAH cannot work in conjunction with ESP
考题
多选题Which two statements about NTP version 4 are true?()AIt supports fast synchronization at starting and before network failuresBIt supports automatic server discoveryCIt uses a fixed-point arithmetionDIt supports the nanokernel kernel implementationEIt does not support Public-Key Cryptography
考题
多选题Which two network attack statements are true?()AAccess attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.BAccess attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.CDoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.DDoS attacks can consist of IP spoofing and DDoS attacks.EIP spoofing can be reduced through the use of policy-based routing.FIP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
考题
多选题Which two statements about an IDS are true?()AThe IDS is in the traffic path.BThe IDS can send TCP resets to the source device.CThe IDS can send TCP resets to the destination device.DThe IDS listens promiscuously to all traffic on the network.EDefault operation is for the IDS to discard malicious traffic.