[Free] 2018(July) Dumps4cert VMware 2V0-642 Dumps with VCE and PDF Download 221-230 | Cisco Certifications Dumps Free Real Practice Q&A

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July VMware Official New Released 2V0-642
100% Free Download! 100% Pass Guaranteed!

CCIE Security Exam (v4.1)

Question No: 221 – (Topic 4)

Which SSL protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit in a TCP segment?

SSL Handshake Protocol
SSL Alert Protocol
SSL Record Protocol
SSL Change CipherSpec Protocol

Answer: C

Question No: 222 – (Topic 4)

Which three statements about IKEv2 are correct? (Choose three.)

INITIAL_CONTACT is used to synchronize state between peers.
The IKEv2 standard defines a method for fragmenting large messages.
The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.
Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.
NAT-T is not supported.
Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.

Answer: A,C,D

Question No: 223 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

To configure the Cisco ASA, what should you enter in the Name field, under the Group Authentication option for the IPSec VPN client?

group policy name
crypto map name
isakmp policy name
crypto ipsec transform-set name
tunnel group name

Answer: E

Question No: 224 – (Topic 4)

Which three authentication types does OSPF support? (Choose three.)

Null
Plaintext
MD5
PAP
PEAP
MS-CHAP

Answer: A,B,C

Question No: 225 – (Topic 4)

When routing is configured on ASA, which statement is true?

If the default route is not present, then the routing table is checked.
If the routing table has two matching entries, the packet is dropped.
If routing table has two matching entries with same prefix length, the first entry is used.
If routing table has two matching entries with different prefix lengths, the entry with the longer prefix length is used.

Answer: D

Question No: 226 – (Topic 4)

An internal DNS server requires a NAT on a Cisco IOS router that is dual-homed to separate ISPs using distinct CIDR blocks. Which NAT capability is required to allow hosts in each CIDR block to contact the DNS server via one translated address?

NAT overload
NAT extendable
NAT TCP load balancing
NAT service-type DNS
NAT port-to-application mapping

Answer: B

Question No: 227 – (Topic 4)

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which three statements correctly describe the configuration? (Choose three).

The tunnel is not providing peer authentication
The tunnel encapsulates multicast traffic.
This is a point-to-point GRE tunnel.
The configuration is on the NHS.
The configuration is on the NHC.
The tunnel provides data confidentiality.
The tunnel IP address represents the NBMA address.

Answer: B,D,F

Question No: 228 – (Topic 4)

IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)

Send
Mobile IPv6
site-to-site virtual interfaces
OSPFv3
CAPWAP
LWAPP

Answer: B,C,D

Question No: 229 – (Topic 4)

Which three statements about OCSP are correct? (Choose three.)

OCSP is defined in RFC2560.
OCSP uses only http as a transport.
OCSP responders can use RSA and DSA signatures to validate that responses are from trusted entities.
A response indicator may be good, revoked, or unknown.
OCSP is an updated version SCEP.