Refer to the exhibit. Security policy requires all idle exec sessions to be terminated in 600 seconds. Which configuration achieves this goal?
A. line vty 0 15 absolute-timeout 600
B. line vty 0 15 no exec-timeout
C. line vty 0 15 exec-timeout 10 0
D. line vty 0 4 exec-timeout 600
Question 292
An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet. What explains this behavior?
A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.
B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.
C. Only standard access control lists can block traffic from a source IP address.
D. The access control list must contain an explicit deny to block traffic from the router.
Question 293
What is a characteristic of a next-generation firewall?
A. only required at the network perimeter
B. required in each layer of the network
C. filters traffic using Layer 3 and Layer 4 information only
D. provides intrusion prevention
Question 294
Refer to the exhibit. An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guestWLAN. What action resolves this issue?
A. implement P2P blocking
B. implement MFP client protection
C. implement Wi-Fi direct policy
D. implement split tunneling
Question 295
Refer to the exhibit. An engineer has configured Cisco ISE to assign VLANs to clients based on their method of authentication, but this is not working as expected. Which action will resolve this issue?
A. enable AAA override
B. set a NAC state
C. utilize RADIUS profiling
D. require a DHCP address assignment
Question 296
Refer to the exhibit Which single security feature is recommended to provide Network Access Control in the enterprise?
A. MAB
B. 802.1X
C. WebAuth
D. port security sticky MAC
Question 297
Refer to the exhibit. After configuring an IPsec VPN, an engineer enters the show command to verify the ISAKMP SA status. What does the status show?
A. VPN peers agreed on parameters for the ISAKMP SA.
B. Peers have exchanged keys, but ISAKMP SA remains unauthenticated.
C. ISAKMP SA is authenticated and can be used for Quick Mode.
D. ISAKMP SA has been created, but it has not continued to form.
Question 298
Which two threats does AMP4E have the ability to block? (Choose two.)
A. email phishing
B. DDoS
C. Microsoft Word macro attack
D. SQL injection
E. ransomware
Question 299
Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Drag and drop the commands into the configuration to achieve these results. Some commands may be used more than once. Not all commands are used. Select and Place:
Question 300
An engineer must configure the strongest password authentication to locally authenticate on a router Which configuration must be used?
A. username netadmin secret 5 $1$b1Ju$kZbBS1Pyh4QzwXyZ1kSZ2
B. username netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDAx1uV
C. username netadmin secret $1$b1Ju$k406689705QzwXyZ1kSZ2
