Review Flashcards
Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
A. DTLS
B. IPsec
C. PGP
D. HTTPS
A. DTLSDatagram Transport Layer Security.
A connection with the vSmart controller and forms an OMP neighbor ship over the tunnel to exchange routing information. As well as established standard IPsec sessions with other SD-WAN routers in the fabric.
Which network devices secure API platform?A. Next Generation Intrusion Detection Systems
B. Layer 3 transit network devices
C. Content Switches
D. Web Application Firewalls
D. Web Application FirewallsCisco Secure Web Application Firewall (WAF) and bot protection defends your online presence and ensuresthat website, mobile applications, and APIs are secure, protected, and “always on.”Reference: https://www.cisco.com/c/en/us/products/collateral/security/advanced-waf-bot-aag.pdf
An engineer must configure the strongest password authentication to locally authenticate on a router. Whichconfiguration must be used?
A. username netadmin secret 5 $1$bfjk$kdiSiDKKdkXksufZ2
B. username netadmin secret $1$bfjk$kdiSiDKKdkXksufZ2
C. line console 0 password $1$bfjk$k
D. username netadmin secret 9 $9$vFpMf83kdDJ9kdjDdjdu/dkfhZiz
D. username netadmin secret 9 $9$vFpMf83kdDJ9kdjDdjdu/dkfhZiz
A network engineer must configure NETCONF. After creating the configuration, the engineer gets output fromthe command show line, but not from show running-config. Which command completes the configuration?
A. Device(config)# no netconf ssh acl 1
B. Device(config)# netconf max-sessions 100
C. Device(config)# netconf lock-time 500
D. Device(config)# netconf max-message 1000
A. Device(config)# no netconf ssh acl 1Explanation/Reference:
ExplanationIn this question, maybe the access-list blocked the output from “show running-config” so we should disable itwith the “no netconf ssh acl 1” command.Note: The valid range for the netconf lock-time seconds is 1 to 300 so 500 is not a valid value
An engineer is configuring a new SSID to present users with a splash page for authentication. Which WLANLayer 3 setting must be configured to provide this functionally?
A. CCKM
B. WPA2 Policy
C. Local Policy
D. Web Policy
D. Web Policy
An engineer is working with the Cisco DNA Center API. Drag and drop the methods from the left onto the actions that they are used for on the right.
An engineer must create an EEM script to enable OSPF debugging in the event the OSPF neighborship goes
down. Which script must the engineer apply?
A. event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN”
action 1.0 cli command “enable”
action 2.0 cli command “debug ip ospf event”
action 3.0 cli command “debug ip ospf adj”
action 4.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG”
B. event manager applet ENABLE OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL”
action 1.0 cli command “debug ip ospf event”
action 2.0 cli command “debug ip ospf adj”
action 3.0 syslog priority informational msg “ENABLE_OSPF_DEBUG”
C. event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-1-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN”
action 1.0 cli command “debug ip ospf event”
action 2.0 cli command “debug ip ospf adj”
action 3.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG
D. event manager applet ENABLE_OSPF_DEBUG
event syslog pattern “%OSPF-5-ADJCHG: Process 5, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL”
action 1.0 cli command “enable”
action 2.0 cli command “debug ip ospf event”
action 3.0 cli command “debug ip ospf adj”
action 4.0 syslog priority informational msg “ENABLE_OSPF_DEBUG”
A. event manager applet ENABLE_OSPF_DEBUG event syslog pattern “%OSPF-5-ADJCHG: Process 6, Nbr 1.1.1.1 on Serial0/0 from FULL to DOWN” action 1.0 cli command “enable” action 2.0 cli command “debug ip ospf event” action 3.0 cli command “debug ip ospf adj” action 4.0 syslog pnonty informational msg “ENABLE_OSPF_DEBUG”
An engineer is implementing a route map to support redistribution within BGP. The route map must be configured to permit all unmatched routes. Which action must the engineer perform to complete this task?
A. Include a permit statement as the first entry.
B. Include at least one explicit deny statement.
C. Remove the implicit deny entry.
D. Include a permit statement as the last entry.
D. Include a permit statement as the last entry.
A network engineer is adding an additional 10Gbps link to an exiting 2x10Gbps LACP-based LAG to augment its capacity. Network standards require a bundle interface to be taken out of service if one of its member links goes down, and the new link must be added with minimal impact to the production network. Drag and drop the tasks that the engineer must perform from the left into the sequence on the right. Not all options are used.
A company requires that all wireless users authenticate using dynamic key generation. Which configuration must be applied?
A. AP(config-if-ssid)# authentication open wep wep_methods
B. AP(config-if-ssid)# authentication dynamic wep wep_methods
C. AP(config-if-ssid)# authentication dynamic open wep_dynamic
D. AP(config-if-ssid)# authentication open eap eap_methods
D. AP(config-if-ssid)# authentication open eap eap_methods
Which threat defense mechanism, when deployed at the network perimeter, protects against zero-day attacks?
A. intrusion prevention
B. stateful inspection
C. sandbox
D. SSL decryption
A. intrusion prevention
A zero-day (or 0-day) vulnerability is a software vulnerability that is discovered by attackers before the vendor has become aware of it. By definition, no patch exists for zero-day vulnerabilities and user systems have no defenses in place, making attacks highly likely to succeed. The name “zero-day” is designed to imply how long since the vulnerability was discovered. The term also indicates that system developers have had zero days to fix it. Intrusion Protection While the precise methods of a zero-day exploit can’t be known in advance, a network intrusion protection system (NIPS) can monitor the firms’ network for unusual activity. The advantage of NIPS over a traditional antivirus only system is it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by monitoring the day-to-day patterns of network activity across the network. When traffic or events far out of the ordinary are detected action can be taken to alert system administrators and lock down the firewall. Devices such as USB drives and mobile devices can all introduce threats to the network. They can often make it past the firewall because they are physically introduced to the system. NIPS protects against threats introduced to the network from both external and internal sources. Reference: https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps/
What is a Type 2 hypervisor?
A. Also referred to as a “bare metal hypervisor” because it sits directly on the physical server.
B. Runs directly on a physical server and includes its own operating system.
C. Supports over-allocation of physical resources.
D. Installed as an application on an already installed operating system
D. Installed as an application on an already installed operating system
AP(config)# aaa group server radius rad_auth
AP(config-sg-radius)# server 10.0.0.3 auth-port 1645 acct-port 1646
AP(config)# aaa new-model
AP(config)# aaa authentication login eap_methods group rad_auth
AP(config)# radius-server host 10.0.0.3 auth-port 1645 acct-port 1646 key labapl200
AP(config)# interface dot11radio 0
AP(config-if)# ssid labap1200
AP(config-if-ssid)# encryption mode wep mandatory
A company requires that all wireless users authenticate using dynamic key generation. Which configuration
must be applied?
A. AP(config-if-ssid)# authentication open wep wep_methods
B. AP(config-if-ssid)# authentication dynamic wep wep_methods
C. AP(config-if-ssid)# authentication dynamic open wep_dynamic
D. AP(config-if-ssid)# authentication open eap eap_methods
D. AP(config-if-ssid)# authentication open eap eap_methods
What is a Type 2 hypervisor?
A. Also referred to as a “bare-metal hypervisor” because it sits directly on the physical server.
B. Runs directly on a physical server and includes its own operating system.
C. Supports over-allocation of physical resources.
D. Installed as an application on an already installed operating system.
D. Installed as an application on an already installed operating system.
Which two items are found in YANG data models? (Choose two)
A. HTTP return codes
B. RPC statements
C. JSON schema
D. container statements
E. XML schema
B. RPC statements
D. container statements
