Monday 29 July 2013

Sample Questions

QUESTION NO: 1
You are the network administrator. Two remote LANs connected via a serial connection are exchanging routing updates via RIP. An alternate path exists with a higher hop count. When the serial link fails, you receive complaints of users regarding the time it takes to transfer to the alternate path. How will you ameliorate this situation?
A. You could change the hop count on an alternate path to be the same cost.
B. You could reduce or disable the holdown timer by making use of the timers basic command.
C. You could increase the bandwidth of the alternate serial connection.
D. You could configure a static route with the appropriate administratice cost via the alternate route.
Answer: B

QUESTION NO: 2
Which three statements are correct concerning AES? (Choose three.)
A. AES is faster to compute than 3DES.
B. AES is not subject to known-plaintext attacks, while DES is subject to them.
C. AES is a block cipher, while 3DES and DES are stream ciphers.
D. AES can be used with longer keys than 3DES.
Answer: A,B,D

QUESTION NO: 3
The ARP functionality in IPv4 is accomplished using which type of messages, as defined in ICMPv6?
A. router solicitation and advertisement
B. neighbor solicitation and advertisement
C. redirect
D. neighbor solicitation and router advertisement
E. router solicitation and neighbor advertisement
Answer: B

QUESTION NO: 4
Which of the following statements are true? (Choose two.)
A. RC4 is a stream cipher.
B. DES and 3DES are stream ciphers.
C. AES is a block cipher
D. Stream ciphers require padding
Answer: A,C

QUESTION NO: 5
Which two statements are true concerning NAT? (Choose two.)
A. NAT is only useful for TCP/UDP and ICMP traffic.
B. NAT provides one-to-one address mapping.
C. NAT provides one-to-many address mapping.
D. NAT can be used for all IP traffic.
Answer: B,D

QUESTION NO: 6
Two routers running Cisco IOS Software are failing to negotiate the IPsec tunnel. Crypto debugs reveal the following messages:1d00h: IPSec(validate_transform_proposal): proxy identities not supported 1d00h: ISAKMP: IPSec policy invalidated proposal 1d00h: ISAKMP (0:2): SA not acceptable!What is the most likely cause of the error message? Select the best response.
A. Crypto access lists are not mirrored on each side.
B. The crypto-map is incomplete.
C. ISAKMP policies have attributes that do not match.
D. This is not an error message, but an indication that proxy IDs are not supported.
Answer: A

QUESTION NO: 7
What traffic is allowed through the following  access-list (select the best answer) ? Access-list 2000 permit ip host 10.1.1.1 host 10.2.2.2 Access-list 2000 deny ip any any Access-list 2000 permit ip any any log
A. All traffic is allowed through.
B. All traffic from host 10.1.1.1 to host 10.2.2.2 is allowed through.
C. All traffic from host 10.2.2.2 to host 10.1.1.1 is allowed through.
D. No traffic is allowed through.
Answer: B

QUESTION NO: 8
Which of the following aptly describes the Unix file /etc/shadow?
A. The Unix file/etc/shadow is referenced by login when the /etc/passwd file contains an asterisk in the third field.
B. The Unix file/etc/shadow is referenced by NIS when the /etc/passwd file contains a line with the first character of '+'.
C. The Unix file/etc/shadow is a place to store encrypted passwords without referencing the /etc/passwd file.
D. The Unix file/etc/shadow is a read-protected file referenced by login when the /etc/passwd file contains a special character in the second field.
Answer: D