Jump to content

vettipaiyan

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

38 Excellent

About vettipaiyan

  • Rank
    Junior Member

Recent Profile Visitors

48 profile views
  1. Hi All, Please share the dumps for VCP-NV 2020 NSX-T 3.0 Exam 2V0-41.20 Exam, if anyone have it. Tahnks
  2. Hi, Could you please share the document if you have it Thanks
  3. Any one passed VCP-NV 2020 NSX-T 3.0 Exam 2V0-41.20 Exam?
  4. Team, Anyone take VCP-NV 2020 NSX-T 3.0 Exam 2V0-41.20 Exam ?
  5. Hi Guys, Anyone has ICM NSX-T 3.0 presentation? It would be appreciated greatly if you provide the material Thanks in advance
  6. Is it license also included in above DCNM 11.4.1 link?
  7. Please re share both ACI Basic & Advanced Videos
  8. google drive is not working. Can you please re upload
  9. Hi, I would like to appear for the exam. Is it enough to pass the exam if i go through 90 question in the link.
  10. Hi All, Please review below questions and confirm whether the answers are correct QUESTION NO. 2 Which criteria does ASA use for packet classification if multiple contexts share an ingress interface MAC address? A. ASA ingress interface IP address B. policy-based routing on ASA C. destination IP address D. destination MAC address E. ASA ingress interface MAC address F. ASA NAT configuration G. ASA egress interface IP address Correct Answer : F Original Answer: E should be F, if the question says that they share an interface then E is correct, since they share the MAC, F is correct QUESTION NO. 18 Which statement about SenderBase reputation scoring on an ESA device is true? A. Application traffic from known bad sites can be throttled or blocked B. By defaults all messages with a score below zero are dropped or throttled C. Mail with scores in the medium range can be automatically routed for antimalware scanning D. You can configure a custom score threshold for whitelisting messages E. A high score indicates that a message is very likely to be spam F. Sender reputation scores can be assigned to domains, IP addresses, and MAC addresses Correct Answer : D Original Answer: A QUESTION NO. 19 Router (config) # cts sxp reconciliation period 180 Refer to the exhibit, Which two statements about a device with this configuration are true? (Choose two) A. When a peer re-establishes a previous connection to the device. CTS retains all existing SGT mapping entries for 3 minutes B. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts C. If a peer re-establishes a connection to the device before the hold-down timer expires, the device retains the SGT mapping entries it learned during the previous connection for an additional 3 minutes D. It sets the internal hold-down timer of the device to 3 minutes E. When a peer establishes a new connection to the device, CTS retains all existing SGT mapping entries for 3 minutes F. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts Correct Answer. B,C Original Answer. C,F [Hidden Content] After a peer terminates an SXP connection, an internal hold-down timer starts (120 sec) default statement.If the peer reconnects before the internal hold-down timer expires, the SXP reconciliation period timer starts. (180sec) 3 min which is configured QUESTION NO. 27 Which statement about securing connection using MACsec is true? A. The ISAKMP protocol is used to manage MACSec encryption keys B. It is implemented after a successful MAB authentication of supplicant C. The Switch uses session keys to calculate encrypted packet ICV value for the frame integrity check D. A Switch configured for MACSec can accept MACSec frames from the MACSec client E. It secures connection between two supplicant clients F. It provides network layer encryption on a wired network Correct Answer. C Original Answer. F When the switch receives frames from the client, it decrypts them and calculates the correct ICV by using session keys provided by MKA. [Hidden Content] MACsec is the IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices. The Catalyst 4500 series switch supports 802.1AE encryption with MACsec Key Agreement (MKA) on downlink ports for encryption between the switch and host devices. [Hidden Content] QUESTION NO. 41 Which statement about Remote Triggered Black Hole Filtering feature is true? A. It works in conjunction with QoS to drop the traffic that has a lower priority B. The Null0 interface used for filtering able to receive the traffic but never forwards it C. IN RTBH filtering, the trigger device redistributes dynamic routes of the eBGP peers D. It helps mitigate DDOS attack based only on destination address E. It drops malicious traffic at the customer edge router by forwarding it to a Null0 interface F. In RTBH filtering, the trigger device is always an ISP edge router Correct Answer. E Original Answer. D RTBH filtering provides a method for quickly dropping undesirable traffic at the edge of the network, based on either source addresses or destination addresses by forwarding it to a null0 interface. Null0 is a pseudointerface that is always up and can never forward or receive traffic. Forwarding packets to null0 is a common way to filter packets to a specific destination. [Hidden Content] QUESTION NO. 58 In order to enable the Certificate Authority (CA) server feature using Simple Certificate Enrolment Protocol (SCEP) on an IOS devices which three of the following configuration steps are required? (Choose three.) A. Enable auto-rollover for the pki Server B. Set an authoritative clock source on the device C. Set the hostname of the device D. Generate a self-signed certificate E. Enable ip http server on the device F. Issue no shut under the crypto pki server command Correct Answer. A, E, F Original Answer. A,B,E Simple Certificate Enrollment Protocol (SCEP), which is a protocol used for enrollment and other Public Key Infrastructure (PKI) operations. QUESTION NO. 60 Which of the following IOS IPsec transform-set configuration provides both encryption and integrity protection? A. esp-sha512-hmac B. esp-sha256-hmac C. esp-gcm 128 D. esp-gmac 128 E. esp-aes 256 Correct Answer. C Original Answer. E [Hidden Content] Suite-B-GCM-128-Provides ESP integrity protection, confidentiality, and IPsec encryption algorithms that use the 128-bit AES using Galois and Counter Mode (AES-GCM) described in RFC 4106. This suite should be used when ESP integrity protection and encryption are both needed. QUESTION No. 62 A customer has configured a single Policy Set to authenticate and authorize MAB and 802.1x requests on Cisco ISE. The 802.1x authorization rules are on the top of the list and check Active Directory group membership for a match. The MAB results are at the bottom of the list and check local Identity Groups for a match. When a MAB request comes to ISE A. ISE will drop the request because 802.1x and MAB rules are not allowed in the same Policy Set B. ISE will not try to find Active Directory group membership based on the 802.1x request C. ISE will ignore the 802.1x authorization rules on the top D. ISE will never match the MAB authorization rules at the bottom E. ISE will try to find the Active Directory group membership based on the MAB request Correct Answer. C Original Answer. E QUESTION NO. 63 What one policy element is mandatory to create a Posture Requirement in ISE? A. Posture Condition B. Posture Remediation Action C. Posture Policy D. Authorization Profile Correct Answer. A Original Answer. C QUESTION NO. 74 Which security capability can best prevent zero-day malware and attacks? A. Intrusion Prevention System B. Threat Intelligence C. Identity and Access Management D. Anti Virus E. stateful firewall Correct Answer. B Original Answer. A Many persons support B. But threat intelligence can’t prevent Zero day attach, as IPS has this feature to prevent Zero-day attack QUESTION NO. 84 Which two of the following statements about GETVPN are correct? (Choose two) A. GETVPN Key Servers uses the stateful HSRP protocol to provide redundancy B. A GETVPN Key Server can use either IKEv1 or IKEv2 protocol to authenticate Group Members C. GETVPN uses transport mode IPsec encapsulation D. GETVPN does not provide a tunnel overlay E. GETVPN requires multicast enabled Group Members for group SA rekey Correct Answer. B,D Original Answer. D,E QUESTION NO. 93 ISE is configured to use MsCHAPv2 inner method for PEAP authentication of users. What set of credentials needs to be exchanged between ISE and the client for successful establishment of the PEAP tunnel and subsequent authentication? A. Username and Password from ISE and the client B. Identify certificate from ISE, Machine Identify certificate from the client and username and Password of the user C. Identify Certificate from ISE and user Identity certificate from the client D. Identify certificate from ISE and Username and password of the user from the client Correct Answer. D Original Answer. B QUESTION NO. 109 Which of the following statements correctly describe how DMVPN can be used to provide network segmentation over public transport networks? A. The DMVPN hub and spokes must use the same VRF for a given DMVPN cloud B. DMVPN can be used to transport MPLS packets inside of an mGRE tunnel C. The front door VRF for DMVPN is defined under the isakmp profile D. The tunnel vrf command under the tunnel interface is used to associate clear text data packets with a VRF E. The vrf forwarding command under the tunnel interface is used to associate encrypted packets with a VRF Correct Answer. A Original Answer. C
  11. Guys, Anyone has latest dump for CCIE Security 400-251 Exam?
  12. Hi All, I have an exam this Saturday. Please share latest dumps
×
×
  • Create New...