Jump to content

naresh84

Members
  • Content Count

    29
  • Joined

  • Last visited

Community Reputation

9 Neutral

About naresh84

  • Rank
    Member

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. passed exam today. got 86X marks. i used only crazyfox only and used following answers QUESTION NO. 2 Which criteria does ASA use for packet classification if multiple contexts share an ingress interface MAC address? A. ASA ingress interface IP address B. policy-based routing on ASA C. destination IP address D. destination MAC address E. ASA ingress interface MAC address F. ASA NAT configuration G. ASA egress interface IP address Correct Answer : F Original Answer: E should be F, if the question says that they share an interface then E is correct, since they share the MAC, F is correct QUESTION NO. 18 Which statement about SenderBase reputation scoring on an ESA device is true? A. Application traffic from known bad sites can be throttled or blocked B. By defaults all messages with a score below zero are dropped or throttled C. Mail with scores in the medium range can be automatically routed for antimalware scanning D. You can configure a custom score threshold for whitelisting messages E. A high score indicates that a message is very likely to be spam F. Sender reputation scores can be assigned to domains, IP addresses, and MAC addresses Correct Answer : D Original Answer: A QUESTION NO. 19 Router (config) # cts sxp reconciliation period 180 Refer to the exhibit, Which two statements about a device with this configuration are true? (Choose two) A. When a peer re-establishes a previous connection to the device. CTS retains all existing SGT mapping entries for 3 minutes B. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts C. If a peer re-establishes a connection to the device before the hold-down timer expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes D. It sets the internal hold-down timer of the device to 3 minutes E. When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes F. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts Correct Answer. B,C Original Answer. C,F [Hidden Content] After a peer terminates an SXP connection, an internal hold-down timer starts (120 sec) default statement.If the peer reconnects before the internal hold-down timer expires, the SXP reconciliation period timer starts. (180sec) 3 min which is configured QUESTION NO. 27 Which statement about securing connection using MACsec is true? A. The ISAKMP protocol is used to manage MACSec encryption keys B. It is implemented after a successful MAB authentication of supplicant C. The Switch uses session keys to calculate encrypted packet ICV value for the frame integrity check D. A Switch configured for MACSec can accept MACSec frames from the MACSec client E. It secures connection between two supplicant clients F. It provides network layer encryption on a wired network Correct Answer. C Original Answer. F When the switch receives frames from the client, it decrypts them and calculates the correct ICV by using session keys provided by MKA. [Hidden Content] MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices. The Catalyst 4500 series switch supports 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the switch and host devices. [Hidden Content] QUESTION NO. 41 Which statement about Remote Triggered Black Hole Filtering feature is true? A. It works in conjunction with QoS to drop the traffic that has a lower priority B. The Null0 interface used for filtering able to receive the traffic but never forwards it C. IN RTBH filtering, the trigger device redistributes dynamic routes of the eBGP peers D. It helps mitigate DDOS attack based only on destination address E. It drops malicious traffic at the customer edge router by forwarding it to a Null0 interface F. In RTBH filtering, the trigger device is always an ISP edge router Correct Answer. E Original Answer. D RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. Null0 is a pseudointerface that is always up and can never forward or receive traffic. Forwarding packets to null0 is a common way to filter packets to a specific destination. [Hidden Content] QUESTION NO. 58 In order to enable the Certificate Authority (CA) server feature using Simple Certificate Enrolment Protocol (SCEP) on an IOS devices which three of the following configuration steps are required? (Choose three.) A. Enable auto-rollover for the pki Server B. Set an authoritative clock source on the device C. Set the hostname of the device D. Generate a self-signed certificate E. Enable ip http server on the device F. Issue no shut under the crypto pki server command Correct Answer. A, E, F Original Answer. A,B,E Simple Certificate Enrollment Protocol (SCEP), which is a protocol used for enrollment and other Public Key Infrastructure (PKI) operations. QUESTION NO. 60 Which of the following IOS IPsec transform-set configuration provides both encryption and integrity protection? A. esp-sha512-hmac B. esp-sha256-hmac C. esp-gcm 128 D. esp-gmac 128 E. esp-aes 256 Correct Answer. C Original Answer. E [Hidden Content] Suite-B-GCM-128-Provides ESP integrity protection, confidentiality, and IPsec encryption algorithms that use the 128-bit AES using Galois and Counter Mode (AES-GCM) described in RFC 4106. This suite should be used when ESP integrity protection and encryption are both needed. QUESTION No. 62 A customer has configured a single Policy Set to authenticate and authorize MAB and 802.1x requests on Cisco ISE. The 802.1x authorization rules are on the top of the list and check Active Directory group membership for a match. The MAB results are at the bottom of the list and check local Identity Groups for a match. When a MAB request comes to ISE A. ISE will drop the request because 802.1x and MAB rules are not allowed in the same Policy Set B. ISE will not try to find Active Directory group membership based on the 802.1x request C. ISE will ignore the 802.1x authorization rules on the top D. ISE will never match the MAB authorization rules at the bottom E. ISE will try to find the Active Directory group membership based on the MAB request Correct Answer. C Original Answer. E QUESTION NO. 63 What one policy element is mandatory to create a Posture Requirement in ISE? A. Posture Condition B. Posture Remediation Action C. Posture Policy D. Authorization Profile Correct Answer. A Original Answer. C QUESTION NO. 74 Which security capability can best prevent zero-day malware and attacks? A. Intrusion Prevention System B. Threat Intelligence C. Identity and Access Management D. Anti Virus E. stateful firewall Correct Answer. B Original Answer. A Many persons support B. But threat intelligence can’t prevent Zero day attach, as IPS has this feature to prevent Zero-day attack QUESTION NO. 84 Which two of the following statements about GETVPN are correct? (Choose two) A. GETVPN Key Servers uses the stateful HSRP protocol to provide redundancy B. A GETVPN Key Server can use either IKEv1 or IKEv2 protocol to authenticate Group Members C. GETVPN uses transport mode IPsec encapsulation D. GETVPN does not provide a tunnel overlay E. GETVPN requires multicast enabled Group Members for group SA rekey Correct Answer. B,D Original Answer. D,E QUESTION NO. 93 ISE is configured to use MsCHAPv2 inner method for PEAP authentication of users. What set of credentials needs to be exchanged between ISE and the client for successful establishment of the PEAP tunnel and subsequent authentication? A. Username and Password from ISE and the client B. Identify certificate from ISE, Machine Identify certificate from the client and username and Password of the user C. Identify Certificate from ISE and user Identity certificate from the client D. Identify certificate from ISE and Username and password of the user from the client Correct Answer. D Original Answer. B QUESTION NO. 109 Which of the following statements correctly describe how DMVPN can be used to provide network segmentation over public transport networks? A. The DMVPN hub and spokes must use the same VRF for a given DMVPN cloud B. DMVPN can be used to transport MPLS packets inside of an mGRE tunnel C. The front door VRF for DMVPN is defined under the isakmp profile D. The tunnel vrf command under the tunnel interface is used to associate clear text data packets with a VRF E. The vrf forwarding command under the tunnel interface is used to associate encrypted packets with a VRF Correct Answer. A Original Answer.
  2. anyone with following videos DC0003 – ACI Introduction to APIC Web Interface40:09 DC0004 – ACI Out-of-Band Management31:10 DC0009 – ACI Tenant Design and Configuration59:56 DC0010 – ACI Packet Forwarding and EPG40:37 DC0019 – ACI AAA with RADIUS and TACACS69:25 DC0021 – ACI Monitoring and Troubleshooting75:00 Please share this video if anyone
  3. naresh84

    Cisco 500-490

    hi Gmexam have u used the answers mentioned by you in previous post to pass the exam?
  4. hi could somebody share 500-325 exam and also inform whether they recently passed this exam?
  5. Anyone? Cisco ACI cookbook Implementing Cisco UCS Solutions - 2nd Edition
  6. could somebody share the remaining 6 lessons
  7. hi, Could some body share skype for business unleashed or Mastering skype for business 2015 books or Lync books and cbt nuggets?
  8. hi Could somebody provide dumps for 700-038 exam. Thanks
  9. i appeared exam today. studied 138q only without checking wrong answers and i was able to pass. all questions from 138q
  10. hi, is there cracked version of vce player available??
  11. hi all I am juniper newbie. i want to start from JNCIA and go till JNIE-ENT (end 2017). PM me your skype id if you have the same goal. Regards
  12. hi Can somebody provide the actual pdf (not converted from html/epub format) of the following book NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures, 2nd Edition Regards
  13. hi i am looking for cbt jncia torrent link. pls share Regards
×
×
  • Create New...