Page: 1
/ 68
Total 337 questions
Which two services define cloud networks? (Choose two.)
- A. Infrastructure as a Service
- B. Platform as a Service
- C. Security as a Service
- D. Compute as a Service
- E. Tenancy as a Service
Answer : AB
Explanation:
The diagram below depicts the Cloud Computing stack "" it shows three distinct categories within Cloud Computing: Software as a Service, Platform as a Service and Infrastructure as a Service.
A simplified way of differentiating these flavors of Cloud Computing is as follows;
-> SaaS applications are designed for end-users, delivered over the web
-> PaaS is the set of tools and services designed to make coding and deploying those applications quick and efficient
-> IaaS is the hardware and software that powers it all "" servers, storage, networks, operating systems
Reference:
https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-iaas/
In which two situations should you use out-of-band management? (Choose two.)
- A. when a network device fails to forward packets
- B. when you require ROMMON access
- C. when management applications need concurrent access to the device
- D. when you require administrator access from multiple locations
- E. when the control plane fails to respond
Answer : AB
Explanation:
Out-of-band refers to an interface that allows only management protocol traffic to be forwarded or processed. An out-of-band management interface is defined by the network operator to specifically receive network management traffic. The advantage isthat forwarding (or customer) traffic cannot interfere with the management of the router, which significantly reduces the possibility of denial-of-service attacks.
Out-of-band interfaces forward traffic only between out-of-band interfaces or terminate management packets that are destined to the router. In addition, the out-of- band interfaces can participate in dynamic routing protocols. The service provider connects to the router"™s out-of-band interfaces and builds an independent overlay management network, with all the routing and policy tools that the router can provide.
Reference:
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/security/configuration/guide/b_sc40asr9kbook/ b_sc40asr9kbook_chapter_0101.pdf
In which three ways does the TACACS protocol differ from RADIUS? (Choose three.)
- A. TACACS uses TCP to communicate with the NAS.
- B. TACACS can encrypt the entire packet that is sent to the NAS.
- C. TACACS supports per-command authorization.
- D. TACACS authenticates and authorizes simultaneously, causing fewer packets to be transmitted.
- E. TACACS uses UDP to communicate with the NAS.
- F. TACACS encrypts only the password field in an authentication packet.
Answer : ABC
Explanation:
TACACS+ uses Transmission Control Protocol (TCP) port 49 to communicate between the TACACS+ client and the TACACS+ server. An example is a Cisco switch authenticating and authorizing administrative access to the switch"™s IOS CLI. The switch is the TACACS+ client, and Cisco Secure ACS is the server.
TACACS+ communication between the client and server uses different message types depending on the function. In other words, different messages may be used for authentication than are used for authorization and accounting. Another very interesting point to know is that TACACS+ communication will encrypt the entire packet.
Reference:
http://www.networkworld.com/article/2838882/radius-versus-tacacs.html
According to Cisco best practices, which three protocols should the default ACL allow on an access port to enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)
- A. BOOTP
- B. TFTP
- C. DNS
- D. MAB
- E. HTTP
- F. 802.1x
Answer : ABC
Explanation:
ACL-DEFAULT allows DHCP, DNS, ICMP, and TFTP traffic and denies everything else.
Reference:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Wired.html
Which two next-generation encryption algorithms does Cisco recommend? (Choose two.)
- A. AES
- B. 3DES
- C. DES
- D. MD5
- E. DH-1024
- F. SHA-384
Answer : Answer: A, F
Explanation:
The following table shows the relative security level provided by the recommended and NGE algorithms. The security level is the relative strength of an algorithm. bits, the relative effort it would take to "beat"
-bit symmetric key algorithm (without reduction or other attacks). The 128-bit security level is for sensitive information and the 192-bit level is for information of higher importance.
Reference:
http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
31 days access 