CH 9

1.

1 point

Refer to the exhibit. Based on the debug aaa authentication and debug tacacs outputs, which statement is true?

The user with the IP address 172.31.60.15 has been authorized to use privileged EXEC mode.

The authentication process verifies the user credentials to the local database

The attempt of a remote user with the IP address 172.31.60.15 to log in to the router is unsuccessful.

The first method defined by the default authentication method list is TACACS+.

2.

1 point

What is the first step in troubleshooting connectivity issues in a secured network environment?

Determine if disabling all security features on the network re-establishes connectivity.

Determine if any access lists were added or modified immediately prior to the reporting of the connectivity problems.

Determine if the user should have connectivity based on the security policy of the organization and the type of traffic being generated.

Determine when the connectivity problem first appeared

Determine if the connectivity problem is affecting all users.

3.

1 point

Refer to the exhibit. The network administrator has decided to create an IPsec tunnel between the HQ and BRANCH routers. What two changes must be made to the existing ACL in order to allow the formation of the tunnel? (Choose two.)

TCP ports 50 and 51 must be permitted

The ESP and AH protocols must be permitted.

The established keyword must be removed from statement 10.

IP must be permitted between the two ends of the tunnel.

ICMP must be denied.

UDP port 500 must be permitted.

4.

1 point

Refer to the exhibit. Router R1 no longer receives routing updates from other EIGRP neighbors. Based on the output in the exhibit, what could be the cause of this problem?

There are no valid EIGRP neighbors connected to interface FastEthernet 0/0.

The EIGRP peer has not been configured to support authentication.

Interface FastEthernet 0/0 has not been configured to support authentication.

Interface FastEthernet 0/0 is administratively shut down.

Interface FastEthernet 0/0 has been configured as a passive interface.

5.

1 point

Which technology prevents CPU overloading of infrastructure devices?

Simple Network Management Protocol

Control Plane Policing

Access Control Lists

Cisco Express Forwarding

6.

1 point

Refer to the exhibit. Which statement about the debug radius authentication
output is correct?

The RADIUS server is unreachable.

The IP address of the RADIUS server is 10.1.50.252.

The user raduser has been authenticated.

The user raduser is on a device with the IP address of 10.1.50.1.

7.

1 point

Refer to the exhibit. Based on the provided debug aaa authorization and debug tacacs command output, which statement is true?

The authorization method used for user Admin was TACACS+.

The AAA security server authorized the user Admin to perform the requested command.

The user Admin attempted to gain Telnet access to the device.

The AAA security server has authorized the user Admin to use privilege level 15 EXEC commands.

8.

1 point

Refer to the exhibit. A network administrator issued the show ip inspect sessions command on R1 to investigate the status of the firewall. What two facts can be determined from the output? (Choose two.)

The session will be blocked because of the NAT configuration on R1.

The firewall has been configured to monitor SIS traffic.

Return traffic from the untrusted Internet host on port 80 will be permitted.

The firewall is tracking an HTTP session that was initiated by an internal trusted host.

The limit of one HTTP session has been reached.

9.

1 point

Which three control plane protocols influence the data structures used by the data plane to forward unicast packets in the core network? (Choose three.)

Spanning Tree Protocol (STP)

Dynamic Host Configuration Protocol (DHCP)

First Hop Redundancy Protocols (FHRP)

Address Resolution Protocol (ARP)

unicast routing protocols

multicast routing protocols

10.

1 point

Refer to the exhibit. A network administrator is attempting to connect a branch office to headquarters through a VPN tunnel. The tunnel is reported as being active at both ends, but the 10.2.2.0/24 network is not appearing in the routing table at the branch end. The administrator has determined that the problem is with the branch office configuration. Based on the output as shown, why is the 10.2.2.0/24 network not appearing in the routing table?

The tunnel key has been improperly configured.

The tunnel destination end point has been improperly configured.

The tunnel encapsulation is improperly configured.

The tunnel bandwidth is insufficient for EIGRP updates.

The tunnel protocol is improperly set.

11.

1 point

When audit trails are enabled with the ip inspect audit-trail command, which messages will appear in the syslog? (di ko sure 'to walang sagot hehe)

all packets that enter the specified interface

all packets that match an ACL

all TCP packets

all stateful inspection sessions

12.

1 point

What would be the outcome of the no service password-recovery command enabled on the router?

The original configuration and passwords of the device cannot be recovered using the password recovery procedure.

The secret password can be recovered but not the original configuration.

The original configuration of the device can be recovered but not the secret password.

The original configuration and passwords of the device can be recovered using the password recovery procedure.

13.

1 point

Refer to the exhibit. A legitimate user experienced a problem while attempting to gain access to the router EXEC shell. To investigate the situation, a network administrator issued debug tacacs and debug aaa authentication commands on the router. Based on the provided output, what could be the problem?

The user fails the authentication because the TACAS+ server does not have a profile set up to authorize CHAP.

The user fails the authentication because router R1 cannot connect to the TACACS+ server.

The user credentials are rejected by the TACACS+ server.

The user credentials stored in the local database do not match the credentials on the TACACS+server.

14.

1 point

What is considered a control plane issue?

SSH is not enabled on the VTY lines of a switch.

The network administrator account is disabled on the RADIUS server.

A wrong key is used by OSPF.

An ACL is blocking TCP traffic to a server.

15.

1 point

Which two security features could be implemented in the network control plane? (Choose two.)

who can access network device operational logs and interface statistics

which locations can alter the configuration of network devices

who can alter the configuration of a network device

which devices will exchange routing updates

which device will become the root device in an STP selection process

16.

1 point

Which two features should be enabled to secure DHCP and ARP? (Choose two.)

IP Source Guard

BPDU Filtering

Private VLANs

Dynamic ARP Inspection

DHCP Snooping

BPDU Guard

17.

1 point

A network administrator has received a report from a user about being unable to access the server that houses employee records. The server is on a restricted VLAN and the user workstation is not assigned to this VLAN. What step should the administrator take next?

Move the server to a trunk link so that multiple VLANs can access the records.

Move the workstation to a port that is configured for the VLAN.

Review the security policy to determine if the user should have access to the VLAN.

Add the port connected to the workstation to the VLAN and test connectivity.

18.

1 point

Refer to the exhibit. An administrator has implemented a stateful IOS firewall configuration that allows internal users access to Internet websites. However, users have reported that they cannot do so. Based on the configuration in the exhibit, what change should be made to allow the firewall to function as planned?

R1(config)# no ip inspect name FWALL http R1(config)# ip inspect name DENY http

R1(config)# interface Fa0/1 R1(config-if)# no ip access-group DENY out R1(config-if)# ip access-group DENY in

R1(config)# no ip access-list extended DENY R1(config)# ip access-list extended DENY R1(config-ext-nacl)# permit ip any any

R1(config)# interface Fa0/1 R1(config-if)# no ip inspect FWALL out R1(config-if)# ip inspect FWALL in

19.

1 point

Refer to the exhibit. A network technician has just configured router East to establish a tunnel to router West. After the configuration is applied, tunnel 1 is flapping. What needs to be done to stop this flapping?

Change the configuration on router East such that the destination of tunnel 1 is 192.168.0.2.

Make tunnel 1 on router East an EIGRP passive interface.

Add a static route on router East out S0/0/0 to 198.133.219.25.

Set the default gateway of Computer1 to 128.107.229.50.

20.

1 point

Refer to the exhibit. What is the expected behavior of the configured firewall when internal hosts attempt to access web sites on the Internet?

Hosts from the Internet will be allowed to initiate sessions with internal hosts that are using HTTP.

The rule FWALL will inspect all HTTP traffic for viruses before allowing the traffic through.

Because all IP traffic is blocked by the access-list DENY, internal hosts cannot reach Internet hosts

HTTP sessions that are initiated from internal hosts to Internet hosts will be tracked and allowed,until closed or when the idle timer expires.