Question 261
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
A. SSL
B. Cisco TrustSec
C. MACsec
D. IPsec
Question 262
An engineer is configuring local web authentication on a WLAN. The engineer chooses the Authentication radio button under the Layer 3 Security options for WebPolicy.Which device presents the web authentication for the WLAN?
A. ISE server
B. RADIUS server
C. anchor WLC
D. local WLC
Question 263
Which method does the enable secret password option use to encrypt device passwords?
A. MD5
B. PAP
C. CHAP
D. AES
Question 264
On which protocol or technology is the fabric data plane based in Cisco SD-Access fabric?
A. VXLAN
B. LISP
C. Cisco TrustSec
D. IS-IS
Question 265
What is the difference between the enable password and the enable secret password when service password encryption is enabled on an IOS device?
A. The enable secret password is protected via stronger cryptography mechanisms.
B. The enable password cannot be decrypted.
C. The enable password is encrypted with a stronger encryption method.
D. There is no difference and both passwords are encrypted identically.
Question 266
Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?
A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444
B. permit tcp any any range 22 443 deny tcp any any eq 80
C. permit tcp any any eq 80 Most Voted
D. deny tcp any any eq 80 permit tcp any any range 22 443 Most Voted
Question 267
A network administrator applies the following configuration to an IOS device: aaa new-model aaa authentication login default local group tacacs+What is the process of password checks when a login attempt is made to the device?
A. A TACACS+ server is checked first. If that check fails, a local database is checked.
B. A TACACS+ server is checked first. If that check fails, a RADIUS server is checked. If that check fails, a local database is checked.
C. A local database is checked first. If that check fails, a TACACS+ server is checked. If that check fails, a RADIUS server is checked.
D. A local database is checked first. If that check fails, a TACACS+ server is checked.
Question 268
Refer to the exhibit.Assuming the WLC's interfaces are not in the same subnet as the RADIUS server, which interface would the WLC use as the source for all RADIUS-related traffic?
A. the controller management interface
B. the controller virtual interface
C. the interface specified on the WLAN configuration Most Voted
D. any interface configured on the WLC
Question 269
Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT
B. Cisco Stealthwatch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
Question 270
An engineer must protect their company against ransomware attacks.Which solution allows the engineer to block the execution stage and prevent file encryption?
A. Use Cisco Firepower and block traffic to TOR networks.
B. Use Cisco AMP deployment with the Malicious Activity Protection engine enabled.
C. Use Cisco Firepower with Intrusion Policy and snort rules blocking SMB exploitation.
D. Use Cisco AMP deployment with the Exploit Prevention engine enabled.
