[Free] 2018(Aug) Dumps4cert VMware VCAN610 Dumps with VCE and PDF Download 311-320

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug VMware Official New Released VCAN610
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 311 – (Topic 4)

When you are configuring the COOP feature for GETVPN redundancy, which two steps are required to ensure the proper COOP operations between the key servers? (Choose two.)

  1. Generate an exportable RSA key pair on the primary key server and export it to the secondary key server.

  2. Enable dead peer detection between the primary and secondary key servers.

  3. Configure HSRP between the primary and secondary key servers.

  4. Enable IPC between the primary and secondary key servers.

  5. Enable NTP on both the primary and secondary key servers to ensure that they are synchronized to the same clock source.

Answer: A,B

Question No: 312 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which option describes the behavior of this configuration?

  1. Devices that perform IEEE 802.1X should be in the MAC address database for successful authentication.

  2. IEEE 802.1x devices must fail MAB to perform IEEE 802.1X authentication.

  3. If 802.1X fails, the device will be assigned to the default guest VLAN.

  4. The device will perform subsequent IEEE 802.1X authentication if it passed MAB authentication.

  5. If the device fails IEEE 802.1X, it will start MAB again.

Answer: B

Question No: 313 – (Topic 4)

Which two statements about SHA are correct? (Choose two.)

  1. Five 32-bit variables are applied to the message to produce the 160-bit hash.

  2. The message is split into 64-bit blocks for processing.

  3. The message is split into 512-bit blocks for processing.

  4. SHA-2 and MD5 both consist of four rounds of processing.

Answer: A,C

Question No: 314 – (Topic 4)

Refer to the exhibit,

Ensurepass 2018 PDF and VCE

which shows a partial configuration for the EzVPN server. Which three missing ISAKMP profile options are required to support EzVPN using DVTI? (Choose three.)

  1. match identity group

  2. trustpoint

  3. virtual-interface

  4. keyring

  5. enable udp-encapsulation

  6. isakmp authorization list

  7. virtual-template

Answer: A,F,G

Question No: 315 – (Topic 4)

Which statement about DHCP is true?

  1. DHCP uses TCP port 68 and 67

  2. The DHCPDiscover packet is a broadcast message

  3. The DHCPRequest is a unicast message.

  4. The DHCPOffer packet is sent from the DHCP client

Answer: B

Question No: 316 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

A customer has an IPsec tunnel that is configured between two remote offices. The customer is seeing these syslog messages on Router B:

%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=x, sequence number=y

What is the most likely cause of this error?

  1. The customer has an LLQ QoS policy that is configured on the WAN interface of Router A.

  2. A hacker on the Internet is launching a spoofing attack.

  3. Router B has an incorrectly configured IP MTU value on the WAN interface.

  4. There is packet corruption in the network between Router A and Router B.

  5. Router A and Router B are not synchronized to the same timer source.

Answer: A

Question No: 317 – (Topic 4)

Which two statements are true when comparing ESMTP and SMTP? (Choose two.)

  1. Only SMTP inspection is provided on the Cisco ASA firewall.

  2. A mail sender identifies itself as only able to support SMTP by issuing an EHLO command to the mail server.

  3. ESMTP mail servers will respond to an EHLO with a list of the additional extensions they support.

  4. SMTP commands must be in upper case, whereas ESMTP can be either lower or upper case.

  5. ESMTP servers can identify the maximum email size they can receive by using the SIZE command.

Answer: C,E

Question No: 318 – (Topic 4)

When is a connection entry created on ASA for a packet that is received on the ingress interface?

  1. When the packet is checked by the access-list.

  2. When the packet reaches the ingress interface internal buffer.

  3. When the packet is a SYN packet or UDP packet.

  4. When a translation rule exists for the packet.

  5. When the packet is subjected to inspection.

Answer: D

Question No: 319 – (Topic 4)

Which statement about SMTP is true?

  1. SMTP uses UDP port 25.

  2. The POP protocol is used by the SMTP client to manage stored mail.

  3. The IMAP protocol is used by the SMTP client to retrieve and manage stored email.

  4. The mail delivery agent in the SMTP architecture is responsible for DNS lookup.

  5. SMTP uses TCP port 20.

Answer: C

Question No: 320 – (Topic 4)

You have been asked to configure a Cisco ASA appliance in multiple mode with these settings:

  1. You need two customer contexts, named contextA and contextB.

  2. Allocate interfaces G0/0 and G0/1 to contextA.

  3. Allocate interfaces G0/0 and G0/2 to contextB.

  4. The physical interface name for G0/1 within contextA should be quot;insidequot;.

  5. All other context interfaces must be viewable via their physical interface names.

If the admin context is already defined and all interfaces are enabled, which command set will complete this configuration?

  1. context contextA

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

  2. context contexta

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextb

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/2 visible

  3. context contextA

    config-url disk0:/contextA.cfg

    allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg

    allocate-interface GigabitEthernet0/0 invisible allocate-interface GigabitEthernet0/2 invisible

  4. context contextA

    config-url disk0:/contextA.cfg allocate-interface GigabitEthernet0/0

    allocate-interface GigabitEthernet0/1 inside context contextB

    config-url disk0:/contextB.cfg allocate-interface GigabitEthernet0/0 allocate-interface GigabitEthernet0/2

  5. context contextA

config-url disk0:/contextA.cfg

allocate-interface GigabitEthernet0/0 visible allocate-interface GigabitEthernet0/1 inside context contextB

config-url disk0:/contextB.cfg

allocate-interface GigabitEthernet0/1 visible allocate-interface GigabitEthernet0/2 visible

Answer: A

100% Dumps4cert Free Download!
Download Free Demo:VCAN610 Demo PDF
100% Dumps4cert Pass Guaranteed!
VCAN610 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.