CCIE Security Exam (v4.1)
Question No: 151 – (Topic 2)
Which statement is true about the Cisco ASA interface monitoring?
ASA does not clear the received packets count on the monitored interface before running the tests.
Interfaces of the same context cannot be monitored.
It is possible to configure a context to monitor a shared interface.
If the monitored interface has both IPv4 and IPv6 addresses then it cannot be monitored.
Answer: C Explanation:
You can monitor up to 250 interfaces (in multiple mode, divided between all contexts). You should monitor important interfaces. For example in multiple mode, you might configure one context to monitor a shared interface. (Because the interface is shared, all contexts benefit from the monitoring.)
Question No: 152 – (Topic 2)
Refer to the exhibit.
Which three descriptions of the configuration are true? (Choose three.)
The configuration is on the NHS.
The tunnel IP address represents the NBMA address.
This tunnel is a point-to-point GRE tunnel.
The tunnel is not providing peer authentication.
The configuration is on the NHC.
The tunnel encapsulates multicast traffic.
The tunnel provides data confidentiality.
Question No: 153 – (Topic 2)
What are two features that can stop man-in-the-middle attacks? (Choose two.)
dynamic MAC ACLs
destination MAC ACLs
ARP sniffing on specific ports
Question No: 154 – (Topic 2)
Refer to the exhibit.
Which two statements correctly describe the debug output?
The remote VPN address is 126.96.36.199
The message is observed on the NHS
The message is observed on the NHC.
The remote routable address 188.8.131.52.
The local non-routable address is 184.108.40.206.
The NHRP hold time is 3 hours.
Question No: 155 – (Topic 2)
What is an example of a stream cipher?
Question No: 156 – (Topic 2)
Which three statements about SSHv1 and SSHv2 are true? (Choose three.)
Both SSHv1 and SSHv2 support multiple session channels on a single connection.
Both SSHv1 and SSHv2 require a server key to protect the session key.
SSHv2 supports a wider variety of user-authentication methods than SSHv1.
Unlike SSHv1, SSHv2 uses separate protocols for authentication, connection, and transport.
Unlike SSHv1, SSHv2 supports multiple forms of user authentication in a single session.
Both SSHv1 and SSHv2 negotiate the bulk cipher.
Answer: D,E,F Explanation:
SSH-1 and SSH-2 Differences SSH-2
Separate transport, authentication, and connection protocols. One monolithic protocol.
Strong cryptographic integrity check. Weak CRC-32 integrity check.
Supports password changing. N/A
Any number of session channels per connection (including none).
Exactly one session channel per connection (requires issuing a remote command even when you don#39;t want one).
Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key.
Negotiates only the bulk cipher; all others are fixed.
Encryption, MAC, and compression are negotiated separately for each direction, with independent keys.
The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm#39;s design demands that keys not be reused).
Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability.
Fixed encoding precludes interoperable additions.
User authentication methods:
->public-key (DSA, RSA, OpenPGP)
->(Rhosts dropped due to insecurity)
Supports a wider variety:
->public-key (RSA only)
Use of Diffie-Hellman key agreement removes the need for a server key. Server key used for forward secrecy on the session key.
Supports public-key certificates. N/A
User authentication exchange is more flexible and allows requiring multiple forms of authentication for access.
Allows exactly one form of authentication per session.
Hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc.
RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness.
Periodic replacement of session keys. N/A
Question No: 157 – (Topic 2)
Refer to the exhibit.
What sequence of command would generate the given output?
Question No: 158 – (Topic 2)
Of which IPS application is Event Store a component?
Answer: E Explanation:
Cisco IPS software includes the following applications:
MainApp-Initializes the system, starts and stops the other applications, configures the OS, and performs upgrades. It contains the following components:
ctlTransSource (Control Transaction server)-Allows sensors to send control transactions. This is used to enable the master blocking sensor capability of Attack Response Controller (formerly known as Network Access Controller).
Event Store-An indexed store used to store IPS events (error, status, and alert system messages) that is accessible through the CLI, IDM, IME, ASDM, or SDEE.
Question No: 159 – (Topic 2)
What two statements about the PCoIP protocol are true? (Choose two.)
It uses a variety of codecs to support different operating systems.
It supports both lossy and lossless compression.
It is a TCP-based protocol
It is available in both software and hardware.
It is a client-rendered, multi-codec protocol.
Question No: 160 – (Topic 2)
Which two statements about the RC4 algorithm are true? (Choose two.)
The RC4 algorithm is an asymmetric key algorithm.
In the RC4 algorithm, the 40-bit key represents four characters of ASCII code.
The RC4 algorithm is faster in computation than DES.
The RC4 algorithm uses variable-length keys.
The RC4 algorithm cannot be used with wireless encryption protocols.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|