Question 1
Refer to the exhibit.
| DOT1X-SP-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet4/8, New MAC address 0080.ad00.c2e4 is seen on the interface in Single host mode %PM-SP-4-ERR_DISABLE: security-violation error detected on Gi4/8, putting Gi4/8 in err-disable state |
Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?
A. Configure dot1x-port control auto on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface
Answer: D
Question 2
Which three conditions can cause excessive unicast flooding? (Choose three)
A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding
Answer: A B E
Question 3
Which three statements are true about PPP CHAP authentication? (Choose three)
A. PPP encapsulation must be enabled globally.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.
Answer: D E F
Question 4
Refer to the exhibit.
| interface GigabitEthernet0/0/0 ip address 192.168.1.1 255.255.255.0 ! ip ssh version 2 ! ip access-list extended protect-ssh permit ip any any eq 22 ! line vty 0 4 access-class protect-ssh in transport input ssh |
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?
A. int Gig0/0/0
management-interface
management-interface
B. class-map ssh-class
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
control-plane
service-policy input control-plane-in
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
control-plane
service-policy input control-plane-in
C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
management-interface GigabitEthernet0/0/0 allow ssh
D. interface Gig0/0/0
ip access-group protect-ssh in
ip access-group protect-ssh in
Answer: C
Question 5
Which type of port would have root guard enabled on it?
A. A root port
B. An alternate port
C. A blocked port
D. A designated port
B. An alternate port
C. A blocked port
D. A designated port
Answer: D
Question 6
Which three features are considered part of the IPv6 first-hop security suite? (Choose three)
A. DNS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard
F. DoS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard
F. DoS guard
Answer: B C E
Question 7
Which three steps are necessary to enable SSH? (Choose three)
A. generating an RSA or DSA cryptographic key
B. configuring the version of SSH
C. configuring a domain name
D. configuring VTY lines for use with SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key
B. configuring the version of SSH
C. configuring a domain name
D. configuring VTY lines for use with SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key
Answer: A C D
Question 8
Refer to the exhibit.
| aaa new-model aaa authentication login default local username cisco privilege 15 password cisco
User Access Verification
Username: cisco
Password:
Router>en
% Error in authentication. Router> |
While configuring AAA with a local database, users can log in via Telnet, but receive the message “error in authentication” when they try to go into enable mode. Which action can solve this problem?
A. Configure authorization to allow the enable command.
B. Use aaa authentication login default enable to allow authentication when using the enable command.
C. Verify whether an enable password has been configured.
D. Use aaa authentication enable default enable to allow authentication when using the enable command.
B. Use aaa authentication login default enable to allow authentication when using the enable command.
C. Verify whether an enable password has been configured.
D. Use aaa authentication enable default enable to allow authentication when using the enable command.
Answer: C
Sign up here with your email
ConversionConversion EmoticonEmoticon