CCNP Security Implementing Cisco Edge Network Security Solutions (SENSS) v1.0

Page:    1 / 24   
Total 356 questions Expand All

Which three logging methods are supported by Cisco routers? (Choose three.)

  • A. console logging
  • B. TACACS+ logging
  • C. terminal logging
  • D. syslog logging
  • E. ACL logging
  • F. RADIUS logging


Answer : ACD

Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)

  • A. NTP authentication is enabled.
  • B. NTP authentication is disabled.
  • C. NTP logging is enabled.
  • D. NTP logging is disabled.
  • E. NTP access is enabled.
  • F. NTP access is disabled.


Answer : BDE

Which two parameters must be configured before you enable SCP on a router? (Choose two.)

  • A. SSH
  • B. authorization
  • C. ACLs
  • D. NTP
  • E. TACACS+


Answer : AB

A network engineer is troubleshooting and configures the ASA logging level to debugging. The logging-buffer is dominated by %ASA-6-305009 log messages.
Which command suppresses those syslog messages while maintaining ability to troubleshoot?

  • A. no logging buffered 305009
  • B. message 305009 disable
  • C. no message 305009 logging
  • D. no logging message 305009


Answer : D

Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?

  • A. to provide detailed packet-trace information
  • B. to specify the source interface for the packet trace
  • C. to display the trace capture in XML format
  • D. to specify the protocol type for the packet trace


Answer : B

Which two options are two purposes of the packet-tracer command? (Choose two.)

  • A. to filter and monitor ingress traffic to a switch
  • B. to configure an interface-specific packet trace
  • C. to inject virtual packets into the data path
  • D. to debug packet drops in a production network
  • E. to correct dropped packets in a production network


Answer : CD

Which set of commands enables logging and displays the log buffer on a Cisco ASA?

  • A. enable logging show logging
  • B. logging enable show logging
  • C. enable logging int e0/1 view logging
  • D. logging enable logging view config


Answer : B

Which command displays syslog messages on the Cisco ASA console as they occur?

  • A. Console logging <level>
  • B. Logging console <level>
  • C. Logging trap <level>
  • D. Terminal monitor
  • E. Logging monitor <level>


Answer : B

Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?

  • A. logging list critical_messages level 2 console logging critical_messages
  • B. logging list critical_messages level 2 logging console critical_messages
  • C. logging list critical_messages level 2 logging console enable critical_messages
  • D. logging list enable critical_messages level 2 console logging critical_messages


Answer : B

An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)

  • A. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.
  • B. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM.
  • C. Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be learned.
  • D. If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans.
  • E. If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan.


Answer : BE

A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode?

  • A. When the Cisco Unified Communications Manager cluster is in non-secure mode
  • B. When the Cisco Unified Communications Manager cluster is in secure mode only
  • C. When the Cisco Unified Communications Manager is not part of a cluster
  • D. When the Cisco ASA is configured for IPSec VPN


Answer : A

Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)

  • A. NAT
  • B. dynamic routing
  • C. SSL remote access VPN
  • D. IPSec remote access VPN


Answer : AB

When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

  • A. By enabling ARP inspection; however, it cannot be controlled by an ACL
  • B. By enabling ARP inspection or by configuring ACLs
  • C. By configuring ACLs; however, ARP inspection is not supported
  • D. By configuring NAT and ARP inspection


Answer : A

What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.)

  • A. identifying Layer 2 ARP attacks
  • B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association
  • C. detecting and preventing MAC address spoofing in switched environments
  • D. mitigating man-in-the-middle attacks


Answer : AD

What is the primary purpose of stateful pattern recognition in Cisco IPS networks?

  • A. mitigating man-in-the-middle attacks
  • B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
  • C. detecting and preventing MAC address spoofing in switched environments
  • D. identifying Layer 2 ARP attacks


Answer : B

Page:    1 / 24   
Total 356 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us