Which three statements about LDAP are true? (Choose three.)
A. LDAP uses UDP port 389 by default.
B. LDAP is defined in terms of ASN.1 and transmitted using BER.
C. LDAP is used for accessing X.500 directory services.
D. An LDAP directory entry is uniquely identified by its DN.
E. A secure connection via TLS is established via the UseTLS operation.
Correct Answer: BCD
Which two EAP methods may be susceptible to offline dictionary attacks? (Choose two.)
C. PEAP with MS-CHAPv2
Correct Answer: AB
Which PKCS is invoked during IKE MM5 and MM6 when digital certificates are used as the authentication method?
Correct Answer: A
Which three features describe DTLS protocol? (Choose three.)
A. DTLS handshake does not support reordering or manage loss packets.
B. DTLS provides enhanced security, as compared to TLS.
C. DTLS provides block cipher encryption and decryption services.
D. DTLS is designed to prevent man-in-the-middle attacks, message tampering, and message forgery.
E. DTLS is used by application layer protocols that use UDP as a transport mechanism.
F. DTLS does not support replay detection.
Correct Answer: CDE
Which statement regarding TFTP is not true?
A. Communication is initiated over UDP port 69.
B. Files are transferred using a secondary data channel.
C. Data is transferred using fixed-size blocks.
D. TFTP authentication information is sent in clear text.
E. TFTP is often utilized by operating system boot loader procedures.
F. The TFTP protocol is implemented by a wide variety of operating systems and network devices.
Correct Answer: D
User A at Company A is trying to transfer files to Company B, using FTP. User A can connect to the FTP server at Company B correctly, but User A cannot get a directory listing or upload files. The session hangs. What are two possible causes for this problem? (Choose two.)
A. Active FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
B. Passive FTP is being used, and the firewall at Company A is not allowing the returning data connection to be initiated from the FTP server at Company B.
C. At Company A, active FTP is being used with a non-application aware firewall applying NAT to the source address of User A only.
D. The FTP server administrator at Company B has disallowed User A from accessing files on that server.
E. Passive FTP is being used, and the firewall at Company B is not allowing connections through to port 20 on the FTP server.
Correct Answer: AC
Which three new capabilities were added to HTTP v1.1 over HTTP v1.0? (Choose three.)
A. chunked transfer encoding
B. HTTP pipelining
C. POST method
D. HTTP cookies
E. keepalive mechanism
Correct Answer: ABE
Which three Cisco security product features assist in preventing TCP-based man-in-the-middle attacks? (Choose three.)
A. Cisco ASA TCP initial sequence number randomization?
B. Cisco ASA TCP sliding-window conformance validation?
C. Cisco IPS TCP stream reassembly?
D. Cisco IOS TCP maximum segment size adjustment?
Correct Answer: ABC
Which would be the best method to deploy on a Cisco ASA to detect and prevent viruses and worms?
A. deep packet inspection
B. content security via the Control Security Services Module
C. Unicast Reverse Path Forwarding
D. IP audit signatures
Correct Answer: B
Which four IPv6 messages should be allowed to transit a transparent firewall? (Choose four.)
A. router solicitation with hop limit = 1
B. router advertisement with hop limit = 1
C. neighbor solicitation with hop limit = 255
D. neighbor advertisement with hop limit = 255
E. listener query with link-local source address
F. listener report with link-local source address
Correct Answer: CDEF