Q61. At which layer does MACsec provide encryption? 

A. Layer 1 

B. Layer 2 

C. Layer 3 

D. Layer 4 

Answer:


Q62. When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication? 

A. router(config-ssh-pubkey-user)#key 

B. router(conf-ssh-pubkey-user)#key-string 

C. router(config-ssh-pubkey)#key-string 

D. router(conf-ssh-pubkey-user)#key-string enable ssh 

Answer:


Q63. Which two SNMPv3 features ensure that SNMP packets have been sent securely?" Choose two. 

A. host authorization 

B. authentication 

C. encryption 

D. compression 

Answer: B,C 


Q64. What is the best description of a unified ACL on a Cisco firewall? 

A. An ACL with both IPv4 and IPv6 functionality. 

B. An IPv6 ACL with IPv4 backwards compatibility. 

C. An IPv4 ACL with IPv6 support. 

D. An ACL that supports EtherType in addition to IPv6. 

Answer:

Explanation: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html 


Q65. For which management session types does ASDM allow a maximum simultaneous connection limit to be set? 

A. ASDM, Telnet, SSH 

B. ASDM, Telnet, SSH, console 

C. ASDM, Telnet, SSH, VTY 

D. ASDM, Telnet, SSH, other 

Answer:


Q66. Which cloud characteristic is used to describes the sharing of physical resource between various 

entities ? 

A. Elasticity 

B. Ubiquitous access 

C. Multitenancy 

D. Resiliency 

Answer:

Explanation: 

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_cloud1.html 


Q67. Which feature can suppress packet flooding in a network? 

A. PortFast 

B. BPDU guard 

C. Dynamic ARP Inspection 

D. storm control 

Answer:


Q68. Refer to the exhibit. 

Which two statements about the SNMP configuration are true? (Choose two.) 

A. The router's IP address is 192.168.1.1. 

B. The SNMP server's IP address is 192.168.1.1. 

C. Only the local SNMP engine is configured. 

D. Both the local and remote SNMP engines are configured. 

E. The router is connected to the SNMP server via port 162. 

Answer: B,D 


Q69. What can an administrator do to simultaneously capture and trace packets in a Cisco ASA? 

A. Install a Cisco ASA virtual appliance. 

B. Use the trace option of the capture command. 

C. Use the trace option of the packet-tracer command. 

D. Install a switch with a code that supports capturing, and configure a trunk to the Cisco ASA. 

Answer:


Q70. Which command enables the HTTP server daemon for Cisco ASDM access? 

A. http server enable 

B. http server enable 443 

C. crypto key generate rsa modulus 1024 

D. no http server enable 

Answer: