Cisco CCIE Security Written Set 1

1.

Which four of these attacks or wireless tools can the standard IDS signatures on a wireless LAN controller detect? (Choose four.)

AirSnort SYN flood Deauthorization flood NetStumbler Wellenreiter

2.

What Cisco IOS feature prevents an attacker from filling up the MTU cache for locally generated traffic when using path MTU discovery?

Use NetFlow information to export data to a workstation. Force all traffic to send 1280-byte Packets by hard coding the MSS. Enable flow-label marking to track packet destination. Enable flow-label switching to track IPv6 packets in the MPLS cloud. Always use packets of 1500-byte size or larger.

3.

What technology can you implement on your network to allow Independent applications to work with IPv6-capable applications?

DS-Lite NAT-PT ISATAP NAT 6to4 NAT64

4.

If an ASA device is configured as a remote access IPsec server with RADIUS authentication and password management enabled, which type of authentication will it use?

MS-CHAFV2 MS-CHAPv1 RSA NTLM PAP

5.

What SNMPv3 command disables descriptive error messages?

snmp-server usm Cisco snmp-server ifindex persist snmp-server trap link switchover snmp-server inform

6.

Which statement about SNMP control plane policing is true?

The SNMP management plane always has a source IP address SNMP traffic is processed via CEF in the data plane. The CoPP SNMP feature can forward and manage traffic during heavy traffic load. SNMP traps are processed by the data plane.

7.

What IPS form factor is best suited to handling heavy traffic between virtualized servers in a data center?

FirePOWER NGIPSv FirePOWER Appliance IOS with FirePOWER seivices ASA with FirePOWER services

8.

When you configure an ASA with RADIUS authentication and authorization, which attribute is used to differentiate user roles?

cisco-priv-level service-type termination-action tunnel-type login-ip-host

9.

Which statement is true about SYN cookies?

The state is kept on the server machine TCP stack. A system has to check every incoming ACK against state tables. SYN cookies do not help to protect against SYN flood attacks. No state is kept on the server machine state but is embedded in the initial sequence number.

10.

Which protocol is an extension to SSH 2.0 that provides security for data traffic?

AES SFTP Kerberos TKIP

Cisco CCIE Security Written Set 1

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

Cisco CCIE Security Written Set 1

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner