Aggregate global IPv6 addresses begin with which
bit pattern in the first 16-bit group?
Which layer of the OSI reference model typically
deals with the physical addressing of interface cards?
A. physical layer
B. data-link layer
D. host layer
Which statement best describes a key difference
in IPv6 fragmentation support compared to IPv4?
A. In IPv6, IP fragmentation is no longer needed because all
Internet links must have an IP MTU of 1280 bytes or greater.
B. In IPv6,
PMTUD is no longer performed by the source node of an IP packet.
IPv6, IP fragmentation is no longer needed since all nodes must perform PMTUD
and send packets equal to or smaller than the minimum discovered path
D. In IPv6, PMTUD is no longer performed by any node since the don’t
fragment flag is removed from the IPv6 header.
E. In IPv6, IP
fragmentation is performed only by the source node of a large packet, and not by
any other devices in the data path.
If a host receives a TCP packet with an SEQ
number of 1234, an ACK number of 5678, and a length of 1000 bytes, what will it
send in reply?
A. a TCP packet with SEQ number: 6678, and ACK number:
B. a TCP packet with SEQ number: 2234, and ACK number: 5678
C. a TCP packet with SEQ number: 1234, and ACK number: 2234
D. a TCP packet
with SEQ number: 5678, and ACK number 2234
A network administrator uses a LAN analyzer to
troubleshoot OSPF router exchange messages sent to all OSPF routers. To which
one of these MAC addresses are these messages sent?
Comparing and contrasting IKEv1 and IKEv2, which
three statements are true? (Choose three.)
A. IKEv2 adds EAP as a method of authentication for clients;
IKEv1 does not use EAP.
B. IKEv1 and IKEv2 endpoints indicate support for
NAT-T via the vendor_ID payload.
C. IKEv2 and IKEv1 always ensure
protection of the identities of the peers during the negotiation
D. IKEv2 provides user authentication via the IKE_AUTH exchange;
IKEv1 uses the XAUTH exchange.
E. IKEv1 and IKEv2 both use INITIAL_CONTACT
to synchronize SAs.
F. IKEv1 supports config mode via the SET/ACK and
REQUEST/RESPONSE methods; IKEv2 supports only REQUEST/RESPONSE.
Which three statements about GDOI are true?
A. GDOI uses TCP port 848.
B. The GROUPKEY_PULL
exchange is protected by an IKE phase 1 exchange.
C. The KEK protects the
D. The TEK is used to encrypt and decrypt data
E. GDOI does not support PFS.
Which three nonproprietary EAP methods do not
require the use of a client-side certificate for mutual authentication? (Choose
When you compare WEP to WPA (not WPA2), which
three protections are gained? (Choose three.)
A. a message integrity check
C. avoidance of weak Initialization vectors
D. longer RC4
E. a rekeying mechanism
Which option shows the correct sequence of the
DHCP packets that are involved in IP address assignment between the DHCP client
and the server?
A. REQUEST, OFFER, ACK
B. DISCOVER, OFFER, REQUEST,
C. REQUEST, ASSIGN, ACK
D. DISCOVER, ASSIGN, ACK
E. REQUEST, DISCOVER, OFFER, ACK
Which common FTP client command transmits a
direct, byte-for-byte copy of a file?
Which option is a desktop sharing application,
used across a variety of platforms, with default TCP ports 5800/5801 and
A. X Windows
B. remote desktop protocol
D. desktop proxy
Which two of the following provide protect
against man-in-the-middle attacks? (Choose two.)
A. TCP initial sequence number randomization?
C. Network Address Translation
E. Secure Sockets Layer
An exploit that involves connecting to a
specific TCP port and gaining access to an administrative command prompt is an
example of which type of attack?
B. Trojan horse
When configuring an Infrastructure ACL (iACL) to
protect the IPv6 infrastructure of an enterprise network, where should the iACL
A. all infrastructure devices in both the inbound and
B. all infrastructure devices in the inbound
C. all infrastructure devices in the outbound direction
D. all parameter devices in both the inbound and outbound direction
parameter devices in the inbound direction
F. all parameter devices in the
What feature on the Cisco ASA is used to check
for the presence of an up-to-date antivirus vendor on an AnyConnect client?
A. Dynamic Access Policies with no additional
B. Dynamic Access Policies with Host Scan enabled
C. advanced endpoint assessment
D. LDAP attribute maps obtained from
What type of attack consists of injecting
traffic that is marked with the DSCP value of EF into the network?
A. brute-force attack
B. QoS marking attack
C. DHCP starvation attack
D. SYN flood attack
Which statement is true regarding Cisco ASA
operations using software versions 8.3 and later?
A. The global access list is matched first before the
interface access lists.
B. Both the interface and global access lists can
be applied in the input or output direction.
C. When creating an access
list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the
interface will apply the access list entry globally.
D. NAT control is
enabled by default.
E. The static CLI command is used to configure static
NAT translation rules.
Which three multicast features are supported on
the Cisco ASA? (Choose three.)
A. PIM sparse mode?
B. IGMP forwarding?
D. NAT of multicast traffic?
Which three configuration tasks are required for
VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco
ASA?? (Choose three.)
A. The redirect-fqdn command must be entered under the vpn
B. Each ASA in the VPN cluster must be
able to resolve the IP of all DNS hostnames that are used in the
C. The identification and CA certificates for the master FQDN
hostname must be imported into each VPN cluster-member device?.
remote-access IP pools must be configured the same on each VPN cluster-member