Managing Cisco Network Security (MCNS)

If a Security Association (SA) was previously established with Internet Key Exchange (IKE), whatwill the following command do on the router?A. It clears the SA symmetric key.B. It clears the SA authentication key.C. It deletes SA from the SA database.D. It re-initializes every peer’s secret key.
Nội dung trích xuất từ tài liệu:
Managing Cisco Network Security (MCNS) 640-442 1 CISCO:Managing Cisco Network Security (MCNS) 640-442 Version 6.0 Jun. 17th, 2003 21certify.com 640-442 2Study TipsThis product will provide you questions and answers along with detailed explanationscarefully compiled and written by our experts. Try to understand the concepts behindthe questions instead of cramming the questions. Go through the entire document atleast twice so that you make sure that you are not missing anything.Latest VersionWe are constantly reviewing our products. New material is added and old material isrevised. Free updates are available for 365 days after the purchase. You should checkthe products page on the www.21certify.com web site for an update 3-4 days before thescheduled exam date. Important Note: Please Read CarefullyThis 21certify Exam has been carefully written and compiled by 21certify Exams experts. It isdesigned to help you learn the concepts behind the questions rather than be a strict memorizationtool. Repeated readings will increase your comprehension.We continually add to and update our 21certify Exams with new questions, so check that you havethe latest version of this 21certify Exam right before you take your exam.For security purposes, each PDF file is encrypted with a unique serial number associated with your21certify Exams account information. In accordance with International Copyright Law, 21certifyExams reserves the right to take legal action against you should we find copies of this PDF file hasbeen distributed to other parties.Please tell us what you think of this 21certify Exam. We appreciate both positive and criticalcomments as your feedback helps us improve future versions.We thank you for buying our 21certify Exams and look forward to supplying you with all yourCertification training needs.Good studying!21certify Exams Technical and Support Team 21certify.com 640-442 3Q.1 What are three commands that can be used in enabling NAT? (Choose three) A. nat B. static C. global D. conduit E. xlate enableAnswer: A, B, CQ.2 Which three databases are supported by the Cisco Secure ACS for UNIX? (Choose three) A. Oracle B. Sybase C. NDS (Novell) D. SQL Anywhere E. Windows NT user databaseAnswer: A, B, DQ.3 Given the following debug output:1d16h: %UPLINK-3-UPDOWN: Interface Serial3/0, changed state to up*Mar 2 16:52:297: Se3/0PPP: Treating connection as a dedicated line *Mar 2 16:52:441: Se3/0 PPP: Phase isAUTHENTICATING, by this end *Mar 2 16:52:445: Se3/0 CHAP: O CHALLENGE id 7 len 29 fromNASxWhich two statements are true? (Choose two) A. The user ID is NASx. B. This is a connection attempt to an async port. C. The connection is established on serial interface 3/0. D. The user is authenticating using Challenge Handshake Authentication Protocol (CHAP). E. The client is attempting to setup a Serial Internet Protocol (SLIP) connection.Answer: C, DQ.4 To ensure compatibility with IPSec when using Internet Key Exchange (IKE), what must be allowedthrough an access list (ACL)? A. IP protocol 50 and TCP port 500 B. IP protocol 50 and UDP port 51 C. IP protocol 51, TCP port 500 and UDP port 50 D. IP protocol 50, IP Protocol 51 and UDP port 500Answer: DQ.5 Java inspection was properly configured with Context based Access Control (CBAC) to allow onlyapplets from a trusted Web server. What happens when a user attempts to download an applet from anuntrusted server using FTP (assuming that FTP is allowed between the two by CBAC)? A. CBAC requests user authentication. 21certify.com 640-442 4 B. The applet is downloaded successfully. C. The FTP session is terminated by CBAC. D. The packets containing the applet are dropped by CBAC.Answer: BQ.6 Which Cisco IOS feature should be used when hiding multiple hosts behind a single IP address? A. PAT B. ACL C. DHCP D. CBACAnswer: AQ.7 Which encryption algorithms are supported by the Cisco Secure VPN Client? A. Null, CAST-128 and DES B. DES, Triple-DES and Null C. DES, CAST-128 and Blowfish D. DES, Blowfish and Diffie-HellmanAnswer: BQ.8 Given the following output:Crypto Map: s1first idb: Serial0 local address: 172.16.254.201 Crypto Map s1first 20ipsec-isakmp Peer = 172.16.254.212 Extended IP access list 101 access-list 101 permit ipsource: addr = 172.16.152.0/0.0.0.255 dest: addr 0.0.0.0/255.255.255.255 Current peer:172.16.254.212 Security association lifetime: 4608000 kilobytes/3600 seconds PP3 (Y/N): NTransform sets=(secure1, )Which command was used to generate this display? A. show crypto ip map B. show crypto ipsec sa C. show crypto map D. show crypto ipsec transform setAnswer: CQ.9 The PIX firewall operates with three rules that govern how to use the security level field.What are these three rules? (Choose three) A. Security level 0 is the least secure. B. Security level 100 is the most secure. C. The lowest security level is for the inside interface. D. The highest security level is for the outside interface. 21certify.com 640-442 5 E. Conduit and static commands are required to enable traffic that ori ...