Part 14 Flashcards

1
Q

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444

B. permit tcp any any range 22 443 deny tcp any any eq 80

C. permit tcp any any ne 80

D. deny tcp any any ne 80 permit tcp any any range 22 443

A

A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+
What is the process of password checks when a login attempt is made to the device?

A. A TACACS+ server is checked first. If that check fails, a local database is checked.

B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.

C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.

D. A local database is checked first. If that check fails, a TACACS+ server is checked.

A

D. A local database is checked first. If that check fails, a TACACS+ server is checked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?

A. Cisco Firepower and FireSIGHT

B. Cisco Stealthwatch system

C. Advanced Malware Protection

D. Cisco Web Security Appliance

A

B. Cisco Stealthwatch system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An engineer must protect their company against ransomware attacks.
Which solution allows the engineer to block the execution stage and prevent file encryption?

A. Use Cisco Firepower and block traffic to TOR networks.

B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.

D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.

A

B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the result of applying this access control list?
ip access-list extended STATEFUL
10 permit tcp any any established
20 deny ip any any

A. TCP traffic with the URG bit set is allowed.

B. TCP traffic with the SYN bit set is allowed.

C. TCP traffic with the ACK bit set is allowed.

D. TCP traffic with the DF bit set is allowed.

A

C. TCP traffic with the ACK bit set is allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address
10.10.10.1?

A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any

B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any

C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80

D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

A

D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which deployment option of Cisco NGFW provides scalability?

A. inline tap

B. high availability

C. clustering

D. tap

A

C. clustering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a Cisco SD-Access solution, what is the role of the Identity Services Engine?

A. It is leveraged for dynamic endpoint to group mapping and policy definition.

B. It provides GUI management and abstraction via apps that share context.

C. It is used to analyze endpoint to app flows and monitor fabric status.

D. It manages the LISP EID database.

A

A. It is leveraged for dynamic endpoint to group mapping and policy definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is provided by the Stealthwatch component of the Cisco Cyber Threat Defense solution?

A. real-time threat management to stop DDoS attacks to the core and access networks

B. real-time awareness of users, devices, and traffic on the network

C. malware control

D. dynamic threat control for web traffic

A

B. real-time awareness of users, devices, and traffic on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL?

A. access-list 110 permit tcp any any eq 21 tcp-ack

B. access-list 10 permit tcp any any eq 21 established

C. access-list 110 permit tcp any any eq 21 established

D. access-list 10 permit ip any any eq 21 tcp-ack

A

C. access-list 110 permit tcp any any eq 21 established

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web server.
Which statement allows this traffic?

A. permit tcp host 209.165.200.225 lt 80 host 209.165.201.25

B. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80

C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25

D. permit tcp host 209.165.200.225 host 209.165.201.25 eq 80

A

D. permit tcp host 209.165.200.225 host 209.165.201.25 eq 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which standard access control entry permits traffic from odd-numbered hosts in the 10.0.0.0/24 subnet?

A. permit 10.0.0.0 0.0.0.1

B. permit 10.0.0.1 0.0.0.254

C. permit 10.0.0.1 0.0.0.0

D. permit 10.0.0.0 255.255.255.254

A

B. permit 10.0.0.1 0.0.0.254

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do agent-based versus agentless configuration management tools compare?

A. Agentless tools use proxy nodes to interface with slave nodes.

B. Agentless tools require no messaging systems between master and slaves.

C. Agent-based tools do not require a high-level language interpreter such as Python or Ruby on slave nodes.

D. Agent-based tools do not require installation of additional software packages on the slave nodes.

A

B. Agentless tools require no messaging systems between master and slaves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly