Question 941
A network engineer must configure an access list on a new Cisco IOS router. The access list must deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which configuration must the engineer apply?
A. ip access-list extended deny_outbound
10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip any any
B. ip access-list extended deny_outbound
10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
30 deny ip any any log
C. ip access-list extended deny_outbound
10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0 255.255.240.0 eq 443
20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
D. ip access-list extended deny_outbound
10 deny tcp 192.168.240.0 0.0.15.255 any eq 80
20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
Question 942
What is the definition of backdoor malware?
A. malicious code that is installed onto a computer to allow access by an unauthorized user
B. malicious program that is used to launch other malicious programs
C. malicious code that infects a user machine and then uses that machine to send spam
D. malicious code with the main purpose of downloading other malicious code
Question 943
What does WPA3 provide in wireless networking?
A. backward compatibility with WPA and WPA2
B. safeguards against brute force attacks with SAE
C. increased security and requirement of a complex configuration
D. optional Protected Management Frame negotiation
Question 944
Which global command encrypts all passwords in the running configuration?
A. service password-encryption
B. enable password-encryption
C. enable secret
D. password-encrypt
Question 945
Refer to the exhibit. A network administrator is configuring a router for user access via SSH. The service-password encryption command has been issued. The configuration must meet these requirements:
* Create the username as CCUser.
* Create the password as NA!2$cc.
* Encrypt the user password.
What must be configured to meet the requirements?
A. username CCUser privilege 10 password NA!2$cc
B. username CCUser privilege 15 password NA!2$cc
enable secret 0 NA!2$cc
C. username CCUser secret NA!2Sce
D. username CCUser password NA!2$cc
enable password level 5 NA!2$cc
Question 946
Refer to the exhibit. A network engineer started to configure port security on a new switch. These requirements must be met:
* MAC addresses must be learned dynamically.
* Log messages must be generated without disabling the interface when unwanted traffic is seen.
Which two commands must be configured to complete this task? (Choose two.)
A. SW(config-if)#switchport port-security violation restrict
B. SW(config-if)#switchport port-security mac-address 0010.7B84.45E6
C. SW(config-if)#switchport port-security maximum 2
D. SW(config-if)#switchport port-security violation shutdown
E. SW(config-if)#switchport port-security mac-address sticky
Question 947
What are two protocols within the IPsec suite? (Choose two.)
A. 3DES
B. AES
C. ESP
D. TLS
E. AH
Question 948
What is a characteristic of RSA?
A. It uses preshared keys for encryption.
B. It is an asymmetric encryption algorithm.
C. It is a symmetric decryption algorithm.
D. It requires both sides to have identical keys for encryption.
Question 949
What are two differences between WPA2 and WPA3 wireless security? (Choose two.)
A. WPA2 uses 192-bit key encryption, and WPA3 requires 256-bit key encryption.
B. WPA3 uses AES for stronger protection than WPA2, which uses SAE.
C. WPA2 uses 128-bit key encryption, and WPA3 supports 128-bit and 192-bit key encryption.
D. WPA3 uses SAE for stronger protection than WPA2, which uses AES.
E. WPA3 uses AES for stronger protection than WPA2, which uses TKIP.
Question 950
What is an enhancement implemented in WPA3?
A. applies 802.1x authentication and AES-128 encryption
B. employs PKI and RADIUS to identify access points
C. uses TKIP and per-packet keying
D. defends against deauthentication and disassociation attacks
