quiz – تعلم الشبكات

1. Refer to the exhibit. Which privilege level is assigned to VTY users?

R1# sh run | begin line con 
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stoppbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stoppbits 1
line vty 0 4
 password 7 03384737389E938
 login
line vty 5 15
 password 7 03384737389E938
 login
!
end

R1#sh run | include aaa | enable
no aaa new-model
R1#

Question 1 of 11

2. Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?

IPsec

MACsec

Cisco Trustsec

SSL

Question 2 of 11

3. Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

security group tag ACL assigned to each router on a network

security group tag number assigned to each user on a switch

security group tag number assigned to each port on a network

security group tag ACL assigned to each port on a switch

Question 3 of 11

4. How does Cisco Trustsec enable more access controls for dynamic networking environments and data centers?

uses flexible NetFlow

classifies traffic based on advanced application recognition

classifies traffic based on the contextual identity of the endpoint rather than its IP address

assigns a VLAN to the endpoint

Question 4 of 11

5. What is the difference between the enable password and the enable secret password when password encryption is enable on an IOS device?

The enable secret password is protected via stronger cryptography mechanisms

The enable password is encrypted with a stronger encryption method

There is no difference and both passwords are encrypted identically

The enable password cannot be decrypted

Question 5 of 11

6. Which NGFW mode block flows crossing the firewall?

Inline tap

Tap

Inline

Passive

Question 6 of 11

7. Which method does the enable secret password option use to encrypt device passwords?

AES

CHAP

PAP

MD5

Question 7 of 11

8. An engineer must protect their company against ransom ware attacks. Which solution allows the engineer to block the execution stage and prevent file encryption?

Use Cisco AMP deployment with the Malicious Activity Protection engineer enabled

Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation

Use Cisco Firepower and block traffic to TOR networks

Use Cisco AMP deployment with the Exploit Prevention engine enabled

Question 8 of 11

9. Which deployment option of Cisco NGFW provides scalability?

clustering

inline tap

high availability

tap

Question 9 of 11

10. Refer to the exhibit.

Router#sh run | b vty
line vty 0 4
 session-timeout 30
 exec-timeout 20 0
 session-limit 30
 login local
line vty 5 15
 session-timeout 30
 exec-timeout 20 0
 session-limit 30
 login local

Security policy requires all idle-exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?

 line vty 0 4
exec-timeout 600

line vty 0 15
exec-timeout 10 0

 line vty 0 15
absolute-timeout 600

line vty 0 15
exec-timeout

Question 10 of 11

11. Refer to the exhibit.

An engineer is designing a guest portal on Cisco ISE using the default configuration. During the testing phase, the engineer receives a warning when displaying the guest portal. Which issue is occurring?

The server that is providing the portal has a self-signed certificate

The connection is using an unsupported protocol

The connection is using an unsupported browser

The server that is providing the portal has an expired certificate

Question 11 of 11