CCIE Security Practice Test 1 Which three action can be applied to a traffic class when Cisco IOS zone based firewall is configured? (Choose that applies) Pass Shape Police Queue Inspect Which of the following two protocols will enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? SDEE SSH FTP Syslog HTTPs The main benefit of using Cisco IOS IPS is, It uses the underlying routing infrastructure to provide an additional layer of security. True False What type of layer 2 attack causes a switch to flood all incoming traffic to all ports? VLAN hopping attack CAM overflow attack MAC spoofing attack STP Looping Which of the following is the best way to prevent Vlan hopping attack? Disable DTP negotiations Physically secure data closets Encapsulate trunk ports with IEEE 802.1Q Enable BDPU guard Which of the following are the advantages of application layer firewall? (Choose two) authenticates individuals supports a large number of applications makes DoS attacks difficult provides high-performance filtering Which of the following statement describes the Diffie-Hellman? used for asymmetric public key encryption used to establish a symmetric shared key via a public key exchange process used to verify the identity of the peer None Which of the following two main function are required for IPSec operation? using AH protocols for encryption and authentication using SHA for encryption using PKI for pre-shared key authentication None Which additional configuration parameters should be added to the trunking configuration when you are implementing trunking configuration? #no switchport mode access #switchport nonnegotiate #switchport mode DTP #no switchport trunk native VLAN 1 Which of the following router management provides for the ability to configure multiple administrative views? Role based CLI secure config privilege LEVEL parser view view name None Loading … Question 1 of 10
