- 积分
- 106
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2014-4-9
- 最后登录
- 1970-1-1
- 阅读权限
- 20
- 听众
- 收听
助理工程师
|
海外,88X 分过的,考试时故意错了几个题。参考了坛子里多个版本 (alomar,lining7, romantictriv等),在这里一并感谢。 感觉Alomar的124Q是最好的,因为有截图。Romantictriv的125Q VCE适合考前练习,没有截图,不便于记忆。
0 E* W! w6 M) D针对124Q的一些答案,我有自己的看法,在这里列出来,供后来者参考。记得是参考!!
2 j2 Z: K& k3 B3 L6 t4 YQ2,Which criteria does ASA use for packet classificaton if multiple contexts share an ingrss interface MAC address?
7 Q8 T0 B7 A. L% ]F, ASA NAT configuration: l; |( v/ z) z; r: |) m7 F- c+ h0 \
$ n) G2 s9 [, N& Y) O) Z2 ~ BQ18, SenderBase reputation scoring?
! [! W& c% O/ B, u/ S( c% N4 wD, You can configure a custom score threshold for whitelisting messages: k4 r( a( c/ l8 P% O4 I; \9 s
5 R$ k7 F' K1 u9 O2 L* f, @ wQ19. Router(config)# cts sxp reconsiliation period 180
9 H! D$ w: w" @, m$ KB, If a peer reconects to the device within 120 seconds of terminating..! M% S$ o. }: c3 _" Y% w4 y H9 k
C. If a peer re-establiehes a conneciton to the device before hold-down timer expires..../ e8 ^- s2 J b5 C
1 @- a% `. P K5 YQ27. which statement about securing conneciton using MACsee is true?( `0 f9 P2 {+ `" r& C
这个比较纠结,答案F it provides network layer encryption on a wired network 显然是错的,应该是MAC layer的加密
3 t7 W5 m2 q. F8 J0 h& @) [" T貌似可能的答案:
' d: f( }1 e: v1 PC. a switch use session keys to calculate encrypted packet ICV value..问题是,交换机是先decrypt packet之后再计算的ICV value
, p, P' \2 s2 s/ g- }D. switch configured for MACSec can accept MACSec frame from the MACSec client. 考前我觉得应该是这个,因为A device that uses MACsec accepts either MACsec or non-MACsec frames, depending on the policy associated with the client.但考试的时候答案稍微不同,多了一个字:switch configured for MACSec can ONLY accept MACSec frame from the MACSec client." I% \/ X( N6 V# g) M
' @2 F( K* k) v* S& H
Q41 which statement about Remote Triggerd Black Hoel
% r, @& G, B. K u KE. it drops malicious traffic at the customer edge router by forwading it to a Null0 interface
7 k* `9 X0 b5 g+ R0 B, YD显然是错的,因为RTBH可以基于source (RFC5635)或destination (RFC3883)做3 ?' E4 {4 D5 Z- @
$ B- N7 Y. f- |) f2 Y8 r2 i
Q42 which statement about Cisco VSG functionality
( F# G9 n. n- X- \* f( tE. it provides trusted access to VMs in an enterprise data center 其实这个答案也不太对,但别的的答案都是明显错,比如3 w% X0 K1 w6 L3 h
A it allows..security administrator to author and manage port profile - 应该是network administrato才能管理port profile,所以不对/ t) M* v* w! w7 h k+ f
4 }( n9 p/ R2 P: ?# ?: \
Q52 which 3 similarities between container and virtual machines?9 W! d* K6 S; V' o
A. prviate space for processing, E. private network address F. allow custom routes 这是来自freecodecampe网站的一段原话5 c) ?- k! y, I
2 M" @+ f: M& K2 b. T+ a
Q58 in order to enable CA featue using SCEP, which 3 confguration steps
- q* }2 v8 ?% h5 r# @B. set an authoritative clock source E. enable ip http server F. issue no shut under the crypto ski CCO上的参考配置( S, e0 }, j* a7 ]
7 |9 y7 }& w8 o% y& _' |5 S6 l9 |
Q74 which security capablility cn best prevent zero-day malware and attacks?
/ r5 o( h( V4 R& {. `3 bB. threat intelligent. 不太可能是A. IPS 因为这里针对的是zero-day的malware
6 F/ _1 _3 a; l/ v& }+ u% R- u2 X
' l7 v: a9 Q2 u5 v! @Q90 configuring URL Redirect for Cisco ISE posture validation, you need to create redirect ACL's on switch and WLC, you will
+ S* H! E: e5 x- a( O7 z% `4 u) AB. Permit traffic to ISE on the switch ACL and deny traffic to ISE in the WLC ACL. 这个应该是实现redirect的标准做法,其它都不对5 i) K( L) A$ {4 f9 E4 h5 {
4 B9 d C* E5 k6 b, iQ99 which of the following statement aobut CisocTrustSec is incorect
: L2 U/ f. {, TA. SXP is required for SGT propogation SGT propogation还有另外一种方式 (硬件支持)3 |+ r2 Q3 U5 T0 d% q
& T& h5 ~$ T1 B" g8 BQ109 which statement correctly describe how DMVPN can be used to provide nework segmentation2 r' e z9 a- Y; H( r+ X4 h& i
B DVMPN can be used to transport MPLS packets inside of an mGRC tunnel
$ P' j* |& @9 }6 ^7 j8 I/ A* ]* T* M5 ]6 C% h: k* V* q4 N$ F Q
再次强调,这个是我个人的判断,仅供参考。祝考试顺利。
5 _, x p4 T; L% C! N
5 Y' B$ V0 C9 L3 ?' l% Z
5 h& a1 L+ m1 l* G2 g% G" j, ^3 o
|
评分
-
查看全部评分
|