CCIE 2012 Renew
1. Which four of these areas can be characterized for network risk assessment testing methodology?
(Choose four)
A. Router hostname and IP addressing scheme
B. Router filtering rules
C. Route optimization
D. Database connectivity and RTT
E. Weak authentication mecharisms
F. Improperly configured email servers
G. Potential web server exploits
2. What does the “authoritative” flag in the show ip nhrp command output indicate?
A. It indicates that information was learned from the source mapping information of an NHRP resolution
request received by the local router or from an NHRP resolution packet being forwarded through the
local router.
B. It indicates an NHRP mapping entry for networks local to this router for which this router has
answered an NHRP resolution request
C. It indicates that the NHRP information was obtained from the next-hop server or router that
maintains the NBMA-to-IP address mapping for a particular destination
D. It indicates that this NHRP mapping entry must be unique; it cannot be overwritten with a mapping
entry that has the same IP address but a different NBMA address.
++Note:To display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command in user EXEC or privileged EXEC mode.
++Cisco: LINK
Flags
•authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination.
NHRP:下一跳解析协议
(NHRP:Next Hop Resolution Protocol)
下一跳解析协议(NHRP)用于连接到非广播、多路访问(NBMA)式子网络的源站(主机或路由器)决定到达目标站间的 “ NBMA 下一跳 ”的互联网络层地址和 NBMA 子网地址。如果目的地与 NBMA 子网连接, NBMA 下一跳就是目标站;否则, NBMA 下一跳是从 NBMA 子网到目标站最近的出口路由器。 NHRP 被设计用于 NBMA 子网下的多重协议互联网络层环境中
思想类似以太网的ARP,ARP是在一个网段中广播请求/单播应答进行,但NHRP协议穿越非广播NBMA网。
3, Refer to the exhibit From the ASDM NAT Rules table, inside host 10.1.0.4 is translated to which IP address on the outside?
A. 203.0.113.254
B. 192.168.3.3
C. 192.168.3.4
D. 203.0.113.113
E. 203.0.113.114
4. Unicast Reverse Path Forwarding(Uncast RPF) is a protection mechanism that can be used against which of these?
A. TCP session hijacking attacks
B. Brute-force attacks
C. Teardrop attacks
D. Password attacks
E. Birthday attacks
F. Spoofing attacks
5. You run the show ipv6 port-map telnet command and you see that the port 23 (system-defined) message and the port 223 (user-defined) message are displayed. Which command is in the router configuration?
A. Ipv6 port-map port telnet 223
B. Ipv6 port-map port 23 port 23223
C. Ipv6 port-map telnet port 23 223
D. Ipv6 port-map telnet port 223
6. Which three of these are among the implicit IPv6 ACL rules in Cisco IOS allowing ICMPv6 neighbor discovery? (Choose three)
A. permit icmp any any nd-na
B. deny icmp any any nd-na
C. permit icmp any any nd-ns
D. deny icmp any any nd-nn
E. permit ipv6 any any
F. deny ipv6 any any
LINK
7. Hypertext Transfer Protocol (HTTP) version 1.1 introduced several improvements over HTTP 1.0, which resulted in improved performance (faster page displays) for end users. Which three of these of these enhancements were added to the HTTP 1.1 protocol over the HTTP 1.0 protocol? (Choose three)
A. GET requests
B. Persistent connections (reduce CPS load)
C. Selective acknowledgements
D. Chunked encoding
E. HTTP pipelining (reducing network load, get index, eicar in one TCP packet)
++Note from wiki: HTTP pipelining is a technique in which multiple HTTP requests are sent on a single TCP connection without waiting for the corresponding responses.[1] Since it is usually possible to fit several HTTP requests in the same TCP packet, HTTP pipelining allows fewer TCP packets to be sent over the network, reducing network load.
chunked encoding: 如果一个HTTP消息(请求消息或应答消息)的Transfer-Encoding消息头的值为chunked,那么,消息体由数量未定的块组成,并以最后一个大小为0的块为结束。
每一个非空的块都以该块包含数据的字节数(字节数以十六进制表示)开始,跟随一个CRLF (回车及換行),然后是数据本身,最后块CRLF结束。在一些实现中,块大小和CRLF之间填充有白空格(0x20)。最后一块是单行,由块大小(0),一些可选的填充白空格,以及CRLF。最后一块不再包含任何数据,但是可以发送可选的尾部,包括消息头字段。消息最后以CRLF结尾。
example:
HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked
25
This is the data in the first chunk
1C
and this is the second one
3
con
8
sequence
0
-----------------------
anatomy:
"This is the data in the first chunk\r\n" (37 chars => hex: 0x25)
"and this is the second one\r\n" (28 chars => hex: 0x1C)
"con" (3 chars => hex: 0x03)
"sequence" (8 chars => hex: 0x08)
decoded:
This is the data in the first chunk
and this is the second one
consequence
================================
8. What is the default TCP port used to remotely manage a Cisco Secure ACS v4.x software application
server?
A. 2000
B. 2001
C. 2002
D. 2005
E. 2020
=================================
9. Before you can configuration Professional, you must do what?
A. Create a default password, and then attach it to the router list in the community map
B. Create a community, and then add devices to that community
C. Create a discovery map, and then bind this map to the community
D. Create a hostname-to-IP-address mapping, and then add this map reference in the community
==================================
10. Which two of these correctly describe the following command?(Choose two)
Aaa authentication ppp user-radius if-needed group radius
A. RADIUS authentication will be used for lines using PPP with CHAP only
B. RADIUS authentication will be used for lines using PPP with CHAP or PAP
C. RADIUS authentication is not performed if the user has been authenticated/authorized
D. If the action returns an error, the user will be allowed access without authentication
E. The user radius keyword specifies that all RADIUS servers are to be used
===============================
11. Which three of these are security properties that TLS v1 .2 provides?(Choose three)
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
E. Authorization
==================================
12. Which three of these are performed by both RADIUS and TACACS+ servers?(choose three)
A. Login authentication
B. EXEC authorization
C. Command authorization
D. EXEC accounting
E. Command accounting
=================================
13. In the context of Cisco Configuration Professional, to discover a router means to establish a session to the router using either secure or nonsecure means, do which of the following, and populate a screen with the information obtained?
A. read the configuration present in the router
B. read the IOS version in the router
C. read the interface(s) information in the router
D. read the CPU information in the router
E. check if the router is UP or Down
====================================
14. When a failover takes place on an adaptive security appliance configured for failover, all active connections are dropped and clients must reestablish their connections, unless the adaptive security appliance is configured in which two of the following ways?(Choose two)
A. active/standby failover
B. active/active failover
C. active/active failover and a state failover link has been configured
D. active/standby failover and a state failover link has been configured
E. to use a serial cable as the failover link
F LAN-based failover
=======================================
15. What is the main purpose of FlexConfig in Cisco Security Manager?
A. to share configuration between multiple devices
B. to configure device commands that are not supported by Cisco Security Manager
C. to duplicate/clone basic configuration of a device
D. to merge multiple policies into a simplified view
E. to configure complex commands for a device
========================================
16. The communication between Cisco Configuration Professional and a Cisco router is secured using which of these?
A. IPsec
B. ESP
C. SSL
D. GDOI
E. Cisco proprietary encryption
==========================================
17. Which of these is a core function of the risk assessment process?
A. performing regular network upgrades
B. performing network optimization
C. performing network posture validation
D. establishing network baselines
E. performing network roll-outs
========================================
18.ASDM on the Cisco ASA adaptive security appliance platform is executed as which of the following? Select the best response.
A. an ActiveX application or a JavaScript application
B. a JavaScript application and a PHP application
C. a fully compiled .Net Framework application
D. a fully operational Visual Basic application
E. a Java applet or a standalone application using the Java Runtime Environment
Table 1-1 lists the supported and recommended client operating systems and Java for ASDM.
LINK
=============================================
19.Which two of these are the components of a Certificate Signing Request (CSR)?(Choose two)
A. private key
B. information identifying the applicant
C. public key
D. pre-shared key
E. host key
====================================
20. Which two of these statements about SMTP and ESMTP are the most correct?(Choose two)
A. Open mail relays are often used for spamming
B. ESMTP does not provide more security features than SMTP
C. SMTP provides authenticated e-mail sending
D. Worms often spread via SMTP
++NOTE: 什么是ESMTP?所谓ESMTP,即认证的邮件传输方式,是邮件服务器系统为了限制非本系统的正式用户利用本系统散发垃圾邮件或其他不当行为而开设的一项安全认证服务。在ESMTP服务器上,发送邮件需要对用户的身份进行验证。它与传统的SMTP方式相比,只是多了一道用户身份的验证手续,验证之后的邮件发送过程与传统的SMTP方式一致。
===================================
21. Which two of these are valid TACACS+ Accounting packets?(Choose two)
A. REQUEST
B. REPLY
C. RESPONSE
D. CONTINUE
E. START
===================================
22.Which of these Cisco IOS features implements a simple packet filter?
A. Cisco IPS
B. IPsec
C. IP routing
D. NBAR
E. access control list
====================================
23. Using FTP passive mode, after the client opens the command channel (port 21) to the FTP server
and requests passive mode, what will be the next step?
A. The FTP server sends back an acknowledgment (ACK) to the client
B. The FTP server allocates a port to use for the data channel and transmit that port number to the client
C. The FTP server opens the data channel to the client using the port number indicated by the client
D. The FTP client opens the data channel to the FTP server on Port 20
E. The FTP client opens the data channel to the FTP server on Port 21
======================================
24. Refer to the exhibit which command is required to fix the issue identified by Cisco ASDM packet tracer
in the image?
A. nat (inside) 1 10.0.0.4
B. global (outside) 1 203.0.113.100
C. global (outside) 10 203.0.113.110
D. access-list outside permit tcp host 10.0.0.4 host 198.133.219.25 eq www
E. nat (outside) 10 198.133.219.25
=======================================
25.All of these correctly describe SNMPv3 except which one?
A does not provide any protection against denial of service attacks
B provides a mechanism for verification that messages have not been altered in transit
C requires the use of NTP to correctly synchronize timestamps and generate public/private key pairsused for encryption of messages
D provides a mechanism for verivication of the identily of the device that generated the message
E includes timeliness indicators in each message so the receiving SNMP engine can determine if it was sent recently
==================================
26.A DNS open resolver is vulnerable to which three of these malicious activities?(choose three)
A. cache poisoning attack
B. amplification attack
C. ping of death attack
D. resource utilization attack
E. Blue screen of death
F. nachi worm attack
++ Note from cisco:
DNS Open Resolvers
A DNS open resolver is a DNS server that allows DNS clients that are not part of its administrative domain to use that server for performing recursive name resolution. Essentially, a DNS open resolver provides responses (answers) to queries (questions) from anyone asking a question. DNS open resolvers are vulnerable to multiple malicious activities, including the following:
* DNS cache poisoning attacks
* DNS cache poisoning attacks‡
* Resource utilization attacks
‡Denial of Service (DoS) or Distributed DoS (DDoS)
DNS Cache Poisoning Attacks
DNS cache poisoning occurs when an attacker sends falsified and usually spoofed RR information to a DNS resolver. Once the DNS resolver receives the falsified RR information, it is stored in the DNS cache for the lifetime (Time To Live [TTL]) set in the RR. To exploit this flaw in the DNS resolver implementation so it will store the falsified information, an attacker must be able to correctly predict the DNS transaction identifier (TXID) and the UDP source port for the DNS query (request) message. Attackers use this exploitation technique to redirect users from legitimate sites to malicious sites or to inform the DNS resolver to use a malicious name server (NS) that is providing RR information used for malicious activities.
DNS Amplification and Reflection Attacks
DNS amplification and reflection attacks use DNS open resolvers to increase the volume of attacks and to hide the true source of an attack, actions that typically result in a DoS or DDoS attack. These attacks are possible because the open resolver will respond to queries from anyone asking a question. Attackers use these DNS open resolvers for malicious activities by sending DNS messages to the open resolvers using a forged source IP address that is the target for the attack. When the open resolvers receive the spoofed DNS query messages, they respond by sending DNS response messages to the target address. Attacks of these types use multiple DNS open resolvers so the effects on the target devices are magnified.
Resource Utilization Attacks
Resource utilization attacks on DNS open resolvers consume resources on the device. Examples of such resources include CPU, memory, and socket buffers. These types of attacks try to consume all available resources to negatively impact operations of the open resolver. The impact of these attacks may require the device to be rebooted or a service to be stopped and restarted.
==================================
27. Which of these statements best describes the advantage of using cisco secure desktop which is part of the cisco ASA VPN solution?
A. Secure desktop will create a completely separate computing environment that will be deleted when you are done. This ensures that no confidential data has been left on the shared/public computer.
B. Secure desktop is used to protect access to your registry and system files when browsing to SSL/VPN protected pages.
C. Secure Desktop ensures that an SSL protected password cannot be exploited by a main in the middle attack using a spoofed certificate.
D. Secure desktop hardens the operating system of the machines you are using at the time secure desktop is launched.
======================================
28. For a router to obtain a certificate from a CA , what is the first step of the certificate enrollment process
A. the router generates a certificate request and forwards it to the CA
B. the router generates an RSA key pair
C. the router sends its public key to the CA
D. the CA sends its public key to the router
E. the CA verifies the identity of the router
F. the CA generates a certificate request and forwards it to the router
=====================================
29. What is the default username and password set for cisco security deyice manager(SDM)?
A. sdm/sdm
B. sdm/cisco
C. cisco/sdm
D. cisco/cisco
E. cisco/cisco123
======================================
30. The BPDU guard feature disables which kind of port when the port receives a BPDU packet?
A. any port
B. nonegotiate port
C. access port
D. portfast port
E. root port
NOTE: At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console. This message is an example:
2000 May 12 15:13:32 %SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.
Disabling 2/1
2000 May 12 15:13:32 %PAGP-5-PORTFROMSTP:Port 2/1 left bridge port 2/1
=====================================
31. Refer to the exhibit the exhibit illustrates which type of attack?
A. virus infection
B. worm propagation
C. port scanning
D. denial of service (Dos)
E. distributed Dos (DDos)
=======================================
32. All of these phases of the Security Incident Response methodology except which one?
A. planning
B. preparation
C. identification
D. classification
E. reaction
F. restructuring
G. post-mortem
======================================
33. Which four routing protocols are supported when using Cisco Configuration Professional? (Choose four.)
A. RIPv1
B. RIPv2
C. IGRP
D. EIGRP
E. OSPF
F. BGP
=======================================
34. Refer to the exhibit. Switch SW2 has just been added to Fa0/23 on SW1. After a few seconds, interface Fa0/23 on SW1 is placed in the error-disabled state. SW2 is removed from port Fa0/23 and inserted into SW1 port Fa0/22 with the same result. What is the most likely cause of this problem?
A. The Spanning-tree PortFast feature has been conigured on SW1.
B. BPDU filtering has been enable either globally or on the interfaces of SW1.
C. The BPDU guard feature has been enabled on the FastEthernet interfaces of
SW1.
D. The FastEthernet interfaces of SW1 are unable to autonegotiate speed and duplex with SW2.
E. PAgP is unable to correctly negotiate VLAN trunk characteristics on the link between SW1 and SW2
========================================
35. Application layer protocol inspection is available for the Cisco ASA 5500 Series Adaptive SecurityAppliance. This feature performs which type of action on traffic traversing the firewall?
A. classification and policing (for QoS)
B. deep packet inspection
C. flexible packet matching
D. reverse path forwarding
E. remote triggering of a black hole
================================================
36. Which two of these are true about TFTP? (Choose two.)
A. TFTP includes a basic username/password authentication mechasim.
B. While "putting" files via TFTP is possible. It is good practice to disallow it, because TFTP lacks access control mechanisms.
C. TFTP uses a very basic "stop and wait" mechanism for flow control, for which each packet needs tobe acknowledged before the next one is sent.
D. TFTP root directories need to be world-readable and -writable due to the lack of security controls in the protocol.
E. TFTP can list remote directory contents, but only if advanced options (as defined in RFC 2347) are negotiated between client and server at initial connection time.
======================================================
37. Routing loops can occurs in distance vector routing protocols if the network has inconsistent routingentries. Which three of these methods can be used to avoid them? (Choose three.)
A. split horizon
B. route poisoning
C. route suppression
D. route splitting
E. hold-down timers
======================================================
38. CustomerA has set up a central syslog server to receive all syslog messages from its routers. The IP address of this central server is 1.1.1.1, and the customer wants all messages of level "error" and above to be sent there. In addition, it wants all messages of level "warning" and above to be stored locally on the router. Assuming logging is already enabled, which three commands on the router would
accomplish these goals? ( Choose three.)
A. logging host 1.1.1.1 level errors
B. logging buffered warnings
C. logging device 1.1.1.1
D. logging buffer enable
E. logging host 1.1.1.1
F. logging facility local-buffer
G. logging trap errors
====================================================
39. When using Cisco Easy VPN Remote (hardware client deployment) in the client-mode setup, all of the following statements are correct except which one?
A. Perform split tunneling on the Cisco Easy VPN Remote device.
B. Initiate a connection from a network behind the Cisco Easy VPN Server to the network behind the Cisco Easy VPN Remote client.
C. Set the Cisco Easy VPN Remote to allow an administrator or user to manually
initiate a connection.
D. Set the Cisco Easy VPN Remote to automatically connect to the Cisco Easy VPN Serer
=====================================================
40. Which three of these are properties of the Authentication Header (AH) protocol?(choose three)
A. Provides data integrity
B. Provides data confidentiality
C. Provides data authentication
D. Use IP protocol number 50
E. Optionally provides replay protection
====================================================
41. Which two of these statements regarding Authentication Header (AH) are true?(choose two)
A. AH requires the use of Encapsulation Security Payload (ESP) to work correctly
B. AH provides authentication for most of the “outer” IP header, as well as the upper layer protocols
C. AH can be deployed in tunnel mode only
D. AH is not commonly used, because it can only encrypt the original packet using a DES encryption algorithm.
E. AH will work through a NAT (one-to-one) device, but not through a PAT(one-to-many) device
F. AH use an IP protocol number of 51
==========================================================
42. DNS Security Extension (DNSSEC) adds security functionality to the Domain Name System for which three purposes? (Choose three)
A. Origin authentication of DNS data
B. Protection against denial of service (DoS) attacks
C. Integrated data encryption using ESP
D. Inclusion of the authorization flag in the DNS lookup
E. Providing of confidentiality of data
F. Data integrity
============================================================
43. What is the net effect of using ICMP type 4 messages to attack RFC 1122-compliant hosts?
A. Hosts will perform a ã€soft〠TCP reset and restart the connection.
B. Hosts will perform a ã€oehard〠TCP reset and tear down the connection
C. Hosts will reduce the rate at which they inject traffic into the network
D. Hosts will redirect packets to the IP address indicated in the ICMP type 4 message
E. Hosts will retransmit the last frame sent prior to receiving the ICMP type 4 message
--note: ICMP type 4, Source quench
The ICMP type 4 packet is a message to the sending host to slow down the sending of data because it cannot keep up.
===========================================================
44. All of these are available from Cisco IPS Device Manager (Cisco IDM) except which one?
A. Interface Status
B. Global Correlation Reports
C. Sensor Information
D. CPU, Memory, and Load
E. Top Signatures
F. Top Applications
==========================================================
45. Which three of these protocols are supported when using TACACS+?(choose three)
A. Apple Talk
B. CHAP
C. NASI
D. NetBIOS
E. Kerberos
==========================================================
46. Which are the three benefits of Cisco IPS Manager Express (Cisco IME) compared to Cisco IPS Device Manager (Cisco IDM) ? (Choose three)
A. Advanced Cisco IPS signatures can be configured with Cisco IME, while only base Cisco IPS signatures can be configured with Cisco IDM.
B. Cisco IME can manage up to 10 Cisco IPS device while Cisco IDM can only manage a single Cisco IPS device.
C. A live RSS feed for cisco security alert can be set up on Cisco IME, but not on Cisco IDM.
D. The sensor health dashboard can only be viewed on Cisco IME, not on Cisco IDM
E. Email notification can be set from Cisco IME if an event is being triggered by Cisco IPS, but cannot be sent from Cisco IDM
F. Automatic signature updating can can only be provisioned from Cisco IME, not from Cisco IDM.
==============================================
47. Identity NAT translates which of these?
A. The source IP address to the interface IP address
B. The local IP address to a global IP address
C. An IP address to itself
D. The destination IP address to an RFC 1918 address
E. The local IP address to a DNS-resolved IP address
F. The global IP address to a local IP address
======================================
48. Which two of these commands are required to implement a Cisco Catalyst 6500 Series Firewall Services Module (FWSM) in a Catalyst 6500 running Cisco IOS?(Choose two).
A. firewall multiple-vlan-interfaces
B. firewall module xvlan-groupy
C. Module xsecure-traffic
D. Firewall vlan-groupy
E. Firewall module xsecure-traffic
===============================
49. Which of these statements is true about EIGRP?
A. It conserves network bandwidth by using periodic, incremental updates to propagate network changes to its neighbors
B. It can install up to eight equal-cost paths to a given destination in its routing table
C. It is possible for two EIGRP routers to become neighbors even if the hello and hold timers do not match.
D. EIGRP updates can be sent between two discontinuous autonomous systems via a virtual link.
E. EIGRP packets can be both authenticated and encrypted to ensure that the information exchange is reliable and confidential
===================================
50. In ISO 27001 ISMS, which three of these certification process phases are required to collect information for ISO 27001? (Choose three.)
A. discover
B. certification audit
C. post-audit
D. observation
E. pre-audit
F. major compliance
======================================
51. The Internet Engineering Task Force (IETF) is a collaborative effort by the international community of Internet professionals to improve the design.use,and management of the Internet.
Which international organization charters the activity of IETF?
A. IANA
B. ISO
C. ISOC ===>internet society
D. RIR
E. IEC
====================================
52. When configuring a Cisco adaptive security appliance in multiple context mode, which one of these capabilities is supported?
A. multicast
B. dynamic routing protocols
C. VPN configurations
D. static routes
===================================
53. What is the main purpose of a denial of service attack?
A. unauthorized data manipulation
B. the gaining of system access
C. privilege escalation on a victim or compromised host
D. impeding (阻碍) of the availability of a resource to authorized users
E. unauthorized discovery and mapping of systems, services, or vulnerabilities
====================================
54. When sending an e-mail message using Simple Mail Transfer(SMTP),the client must signal to the mail server that the message is complete by terminating the message with which of these?
A. END
B. SEND
C.
D. .
E. CTRL+C
=====================================
55. Which of these best represents a typical attack that takes advantage of RFC 792, ICMP type 3 messages?
A. blind connection-reset
B. large packet echo request
C. packet fragmentation offset
D. broadcast-based echo request
E. excessive bandwidth consumption
=======================================
56. ALL of these Cisco security products provide event correlation capabilities except which one?
A. Cisco ASA adaptive security appliance
B. Cisco IPS
C. Cisco Security MARS
D. Cisco Guard/Detector
E. Cisco Security Agent
=======================================
57. Which two U.S. government entities are authorized to execute and enforce the penalties for the Sarbanes-Oxley (SOX) act?(Choose two)
A. Federal Trade Commission (FTC)
B. Federal Reserve Board
C. Securities and Exchange Commission (SEC)
D. Office of Civil Rights (OCR)
E. United States Citizenship and Immigration Services (USCIS)
F. Internal Revenue Service (IRS)
========================================
58. Which five of these are criteria for rule-based rogue classification of access points by the Cisco Wireless LAN Controller?(select five)
A. minimum RSSI
B. open authentication
C. MAC address range
D. whether it matches a managed AP SSID
E. whether it matches a user-configured SSID
F. whether it operates on an authorized channel
G. time of day the rogue operates
H. number of clients it has
=========================================
59.Which four of these hash functions are part of the SHA-2 family named after their digest lengths? (choose four)
A SHA-168
B SHA-224
C SHA-256
D SHA-384
E SHA-448
F SHA-512
=========================================
60. The ARP functionality in IPv4 is accomplished using which type of messages as defined in ICMPv6?
A router solicitation and advertisement
B neighbor solicitation and advertisement
C redirect
D neighbor solicitation and router advertisement
E router solicitation and neighbor advertisement
===========================================
, and then, in
the Search box, type 
If
you are prompted for an administrator password or confirmation, type the
password or provide confirmation.
