1. Which security implementation will provide control plane protection for a network device? encryption for remote access connections AAA for authenticating management access routing protocol authentication NTP for consistent timestamps on logging messages 2. What is the one major difference between local AAA authentication and using the login local command when configuring device access authentication? ...

1. During the AAA process, when will authorization be implemented? immediately after an AAA client sends authentication information to a centralized server immediately after the determination of which resources a user can access immediately after successful authentication against an AAA data source* immediately after AAA accounting and auditing receives detailed reports AAA authorization is implemented ...

1. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) physical security* flash security remote access security operating system security* zone isolation router hardening* There are three areas of router security to maintain: 1) physical security 2) router hardening 3) operating system security 2. ...

1. Which security test is appropriate for detecting system weaknesses such as misconfiguration, default passwords, and potential DoS targets? vulnerability scanning* network scanning integrity checkers penetration testing 2. How does network scanning help assess operations security? It can simulate attacks from malicious sources. It can log abnormal activity. It can detect open TCP ports on ...

1. Which ASDM configuration option is used to configure the ASA enable secret password? Device Setup* Monitoring Interfaces Device Management The two main ASDM options used to configure an ASA are Device Setup and Device Management. Within Device Setup are the Startup Wizard, Interfaces, Routing, Device Name/Password, and System Time options.​ 2. Refer to the ...

1. Refer to the exhibit. A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces? Outside 40, Inside 100, DMZ 0 Outside 0, Inside 35, DMZ 90 Outside 100, Inside 10, DMZ 40 Outside 0, Inside 100, DMZ 50* The ...

1. When is a security association (SA) created if an IPsec VPN tunnel is used to connect between two sites? after the tunnel is created, but before traffic is sent only during Phase 2 only during Phase 1 during both Phase 1 and 2* As seen in the 8.4.1.1 Figure, an IPsec VPN connection creates ...

1. What is the purpose of a nonrepudiation service in secure communications? to ensure that encrypted secure communications cannot be decoded to confirm the identity of the recipient of the communications to provide the highest encryption level possible to ensure that the source of the communications is confirmed* Nonrepudiation uses the unique characteristics of the ...

1. Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN? DTP spoofing DHCP spoofing VLAN double-tagging* DHCP starvation 2. What component of Cisco NAC is responsible for performing deep inspection of device security profiles? Cisco NAC Profiler Cisco NAC Agent* Cisco NAC Manager Cisco NAC Server The ...

1. In configuring a Cisco router to prepare for IPS and VPN features, a network administrator opens the file realm-cisco.pub.key.txt, and copies and pastes the contents to the router at the global configuration prompt. What is the result after this configuration step? The router is authenticated with the Cisco secure IPS resource web server. A ...