[Free] Download New Latest (June 2016) Cisco 400-201 Practice Test 301-310

Ensurepass

QUESTION 301

What is the port number of the IPsec Encapsulating Security Payload packet?

 

A.

UDP port 50

B.

IP protocol 51

C.

TCP port 51

D.

TCP port 50

E.

IP protocol 50

F.

UDP port51

 

Correct Answer: E

Explanation:

6.2. Managed Security services traversing the core

AH operates directly on top of IP, using IP protocol number 51.

ESP operates directly on top of IP, using IP protocol number 50.

 

 

QUESTION 302

Which of the following comparison of Control Plane Policing (CoPP) with Receive ACL (RACL) is correct? (Choose two.)

 

A.

CoPP protects against IP spoofing, RACL protects against DoS attacks.

B.

CoPP can not use named access lists, RACL can use named access lists.

C.

CoPP applies to a dedicated control plane interface, RACL applies to all interfaces.

D.

CoPP needs a AAA server, RACL does not need a AAA server.

E.

CoPP supports rate limits, RACL does not support rate limits.

 

Correct Answer: CE

 

 

QUESTION 303

Which statement about SNMP is true?

 

A.

SNMP version 2 uses a proxy agent to forward GetNext message to SNMP version 3.

B.

SNMP version 2 supports message integrity to ensure that a packet has not been tampered with in transit.

C.

Proxy agents were used only in SNMP version 1.

D.

SNMP version 3 supports encryption and SNMP version 2 support authentication.

E.

GetBulk messages are converted to GetNext messages by the proxy agent and are then forwarded to the SNMP version 1 agent.

 

Correct Answer: E

Explanation:

Proxy agents:

A SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as follows:

A SNMPv2 NMS issues a command intended for a SNMPv1 agent.

The NMS sends the SNMP message to the SNMPv2 proxy agent.

The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1 agent unchanged.

GetBulk messages are converted by the proxy agent to GetNext messages and then are forwarded to the SNMPv1 agent.

The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then forwards them to the NMS.

SNMPv3 provides important security features:[11]

Confidentiality – Encryption of packets to prevent snooping by an unauthorized source.

Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism.

Authentication – to verify that the message is from a valid source.

 

 

QUESTION 304

BCP (Best Common Practices) 38/RFC 2827 Ingress and Egress Packet Filtering would help mitigate what classification of attack?

 

A.

Denial of service attack

B.

Sniffing attack

C.

Spoofing attack

D.

Reconnaisance attack

E.

Port Scan attack

 

Correct Answer: C

Explanation:

6. Summary

Ingress traffic filtering at the periphery of Internet connected networks will reduce the effectiveness of source address spoofing denial of service attacks. Network service providers and administrators have already begun implementing this type of filtering on periphery routers, and it is recommended that all service providers do so as soon as possible. In addition to aiding the Internet community as a whole to defeat this attack method, it can also assist service providers in locating the source of the attack if service providers can categorically demonstrate that their network already has ingress filtering in place on customer links. Corporate network administrators should implement filtering to ensure their corporate networks are not the source of such problems. Indeed, filtering could be used within an organization to ensure users do not cause problems by improperly attaching systems to the wrong networks.

The filtering could also, in practice, block a disgruntled employee from anonymous attacks. It is the responsibility of all network administrators to ensure they do not become the unwitting source of an attack of this nature.

 

 

QUESTION 305

What is used to provide read access to QoS configuration and statistics information on Cisco platforms that support Modular QoS CLI (MQC)?

 

A.

Cisco SDM QoS Wizard

B.

Cisco AutoQoS

C.

CDP

D.

Cisco Class-Based QoS MIB.

E.

Cisco NBAR Discovery

 

Correct Answer: D

QUESTION 306

Refer to the exhibit. Inbound infrastructure ACLs are configured to protect the SP network. Which two types of traffic should be permitted in the infrastructure ACL? (Choose two.)

 

clip_image002

 

A.

traffic destined for network of 172.30.0.0/16

B.

traffic source from network of 172.30.0.0/16

C.

traffic destined for network of 162.238.0.0/16

D.

traffic source from network of 162.238.0.0/16

E.

traffic destined for network of 232.16.0.0/16

 

Correct Answer: CE

 

 

QUESTION 307

What are BCP 38 (Best Common Practices 38) / RFC 2827 Ingress Packet Filtering Principles? (Choose three.)

 

A.

Filter Smurf ICMP packets.

B.

Filter as close to the core as possible

C.

Filter as close to the edge as possible

D.

Filter as precisely as possible

E.

Filter both source and destination where possible.

 

Correct Answer: CDE

Explanation:

1.13. Security in core

 

 

QUESTION 308

A customer requests a MPLS VPN service with dual-home connection to the service provider. Which BGP attribute can prevent routes originated from the customer from being readvertised back to them?

 

A.

site-of-origin

B.

local-AS

C.

AS-path

D.

next-hop

 

Correct Answer: A

 

 

QUESTION 309

Refer to the exhibit. All routers are running IS-IS. Which three routers can be Level 1 Only routers? (Choose three.)

 

clip_image004

 

A.

A

B.

B

C.

C

D.

D

E.

E

F.

F

G.

G

H.

H

 

Correct Answer: ADH

 

 

QUESTION 310

Refer to the exhibit. Which command group does a network administrator use to filter out R3 (3.3.3.3 subnet) from the R4 routing table?

 

clip_image006

 

A.

R4(config)# router ospf 1

distribute-list prefix-list filter in

B.

R2(config)# router ospf 1

distribute-list prefix-list filter out Fa0/1

C.

R4(config)# router ospf1

distribute-list prefix-list filter in Fa 0/0

D.

R3(config)# router ospf 1

distribute-list prefix-list filter out Fa 0/0

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 400-201 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …