Which two options best describe the authorization process as it relates to network access? (Choose two.)
A. the process of identifying the validity of a certificate, and validating specific fields in the certificate against an identity store
B. the process of providing network access to the end user
C. applying enforcement controls, such as downloadable ACLs and VLAN assignment, to the network access session of a user
D. the process of validating the provided credentials
Correct Answer: BC
If ISE is not Layer 2 adjacent to the Wireless LAN Controller, which two options should be configured on the Wireless LAN Controller to profile wireless endpoints accurately? (Choose two.)
A. Configure the Call Station ID Type to be: “IP Address”.
B. Configure the Call Station ID Type to be: “System MAC Address”.
C. Configure the Call Station ID Type to be: “MAC and IP Address”.
D. Enable DHCP Proxy.
E. Disable DHCP Proxy.
Correct Answer: BE
Refer to the exhibit. To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?
A. span>group policy name
B. crypto map name
C. isakmp policy name
D. crypto ipsec transform-set name
E. tunnel group name
Correct Answer: E
Which two methods are used for forwarding traffic to the Cisco ScanSafe Web Security service? (Choose two.)
A. Cisco AnyConnect VPN Client with Web Security and ScanSafe subscription
B. Cisco ISR G2 Router with SECK9 and ScanSafe subscription
C. Cisco ASA adaptive security appliance using DNAT policies to forward traffic to ScanSafe subscription servers
D. Cisco Web Security Appliance with ScanSafe subscription
Correct Answer: BC
Refer to the exhibit. On R1, encrypt counters are incrementing. On R2, packets are decrypted, but the encrypt counter is not being incremented. What is the most likely cause of this issue?
A. a routing problem on R1
B. a routing problem on R2
C. incomplete IPsec SA establishment
D. crypto engine failure on R2
E. IPsec rekeying is occurring
Correct Answer: B
Which four statements about SeND for IPv6 are correct? (Choose four.)
A. It protects against rogue RAs.
B. NDP exchanges are protected by IPsec SAs and provide for anti-replay.
C. It defines secure extensions for NDP.
D. It authorizes routers to advertise certain prefixes.
E. It provides a method for secure default router election on hosts.
F. Neighbor identity protection is provided by Cryptographically Generated Addresses that are derived from a Diffie-Hellman key exchange.
G. It is facilitated by the Certification Path Request and Certification Path Response ND messages.
Correct Answer: ACDE
What is the recommended network MACSec policy mode for high security deployments?
Correct Answer: A
Which three statements about NetFlow version 9 are correct? (Choose three.)
A. It is backward-compatible with versions 8 and 5.
B. Version 9 is dependent on the underlying transport; only UDP is supported.
C. A version 9 export packet consists of a packet header and flow sets.
D. Generating and maintaining valid template flow sets requires additional processing.
E. NetFlow version 9 does not access the NetFlow cache entry directly.
Correct Answer: CDE
Which three statements about VXLANs are true? (Choose three.)
A. It requires that IP protocol 8472 be opened to allow traffic through a firewall.
B. Layer 2 frames are encapsulated in IP, using a VXLAN ID to identify the source VM.
C. A VXLAN gateway maps VXLAN IDs to VLAN IDs.
D. span>IGMP join messages are sent by new VMs to determine the VXLAN multicast IP.
E. A VXLAN ID is a 32-bit value.
Correct Answer: BCD
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)
A. IKE ID_KEY_ID
B. OU field in a certificate that is presented by a client
C. XAUTH username
D. hash of the OTP that is sent during XAUTH challenge/response
E. IKE ID_IPV4_ADDR
Correct Answer: AB