Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July VMware Official New Released 2V0-642
100% Free Download! 100% Pass Guaranteed!
CCIE Security Exam (v4.1)
Question No: 391 – (Topic 4)
A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true?
-
The first three packets will have a packet payload size of 1400.
-
The last packet will have a payload size of 560.
-
The first three packets will have a packet payload size of 1480.
-
The last packet will have a payload size of 20.
Answer: C
Question No: 392 – (Topic 4)
Which encryption mechanism is used in WEP?
-
RC4
-
RC5
-
DES
-
AES
Answer: A
Question No: 393 – (Topic 4)
Which statement about the PVLAN is true?
-
Promiscuous ports can only communicate with other promiscuous ports.
-
Isolated ports cannot communicate with the other promiscuous ports.
-
Community ports can communicate with the other promiscuous ports but not with the other community ports.
-
Isolated ports can communicate with the other isolated ports only.
-
Promiscuous ports can communicate with all the other type of ports.
-
Community ports can communicate with the other community ports but not with promiscuous ports.
Answer: E
Question No: 394 – (Topic 4)
Which statement about DH group is true?
-
The DH group does not provide data authentication.
-
The DH group is used to provide data confidentiality.
-
The DH group is used to establish a shared key over a secured medium.
-
The DH group is negotiated in IPsec phase-2.
Answer: A
Question No: 395 – (Topic 4)
Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network?
-
SNMP
-
TACACS
-
RADIUS
-
EAP over LAN
-
PPPoE
Answer: D
Question No: 396 – (Topic 4)
Which two options represent definitions that are found in the syslog protocol (RFC 5426)? (Choose two.)
-
Syslog message transport is reliable.
-
Each syslog datagram must contain only one message.
-
IPv6 syslog receivers must be able to receive datagrams of up to 1180 bytes.
-
Syslog messages must be prioritized with an IP precedence of 7.
-
Syslog servers must use NTP for the accurate time stamping of message arrival.
Answer: B,C
Question No: 397 – (Topic 4)
Which item is not encrypted by ESP?
-
ESP header
-
ESP trailer
-
IP header
-
Data
-
TCP-UDP header
Answer: A
Question No: 398 – (Topic 4)
DNSSEC was designed to overcome which security limitation of DNS?
-
DNS man-in-the-middle attacks
-
DNS flood attacks
-
DNS fragmentation attacks
-
DNS hash attacks
-
DNS replay attacks
-
DNS violation attacks
Answer: A
Question No: 399 – (Topic 4)
Which four configuration steps are required to implement a zone-based policy firewall configuration on a Cisco IOS router? (Choose four.)
-
Create the security zones and security zone pairs.
-
Create the self zone.
-
Create the default global inspection policy.
-
Create the type inspect class maps and policy maps.
-
Assign a security level to each security zone.
-
Assign each router interface to a security zone.
-
Apply a type inspect policy map to each zone pair.
Answer: A,D,F,G
Question No: 400 – (Topic 4)
Which additional configuration component is required to implement a MACSec Key
Agreement policy on user-facing Cisco Catalyst switch ports?
-
PKI
-
TACACS
-
multi-auth host mode
-
port security
E. 802.1x
Answer: E