Question 1mediummultiple choice
Open the full VLAN trunking answer →350-701 Security Concepts • Complete Question Bank
Complete 350-701 Security Concepts question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip verify source ! interface GigabitEthernet0/1 ip address 192.168.2.1 255.255.255.0 ip verify source ! ip dhcp snooping vlan 1-100 ip dhcp snooping information option ip dhcp snooping ! ip source binding 00:11:22:33:44:55 vlan 10 192.168.1.10 interface GigabitEthernet0/0 !
Refer to the exhibit. ! Cisco FMC intrusion policy snippet preprocessor global_sensitivity: sensitivity_level high preprocessor frag3: frag3_engine policy=first, bind_to=0.0.0.0 preprocessor stream5_global: track_tcp yes, track_udp yes preprocessor stream5_tcp: policy=windows, use_static_footprint_sizes yes preprocessor http_inspect: global iis_unicode_map unicode.map 1252 preprocessor http_inspect: default_inspect_http_profiles preprocessor smtp: ports 25 465 587 !
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
443
22
53
25
161
Drag a concept onto its matching description — or click a concept then click the description.
Next-generation firewall and IPS
DNS-layer security and web filtering
Endpoint threat detection and response
Network access control and policy enforcement
Network traffic analysis and anomaly detection
Refer to the exhibit. ``` interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip access-group INBOUND in ! access-list 100 permit tcp any host 192.168.1.100 eq 80 access-list 100 deny ip any any ```
Refer to the exhibit. ``` ipsec proposal MY_PROPOSAL esp encryption aes-256 esp integrity sha256 ! crypto map MY_MAP 10 ipsec-isakmp set peer 203.0.113.1 set transform-set MY_SET match address 100 ! access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255 ```
Refer to the exhibit. ``` ! RADIUS server configuration radius server MY_RADIUS address ipv4 192.168.10.10 auth-port 1812 acct-port 1813 key cisco123 ! aaa new-model aaa authentication login default group radius local aaa authorization exec default group radius local aaa accounting exec default start-stop group radius ```
crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac mode tunnel crypto map CMAP 10 ipsec-isakmp set peer 10.0.0.2 set transform-set ESP-AES256-SHA match address 100 access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
show asp drop Frame drop: No route to host 100 Access list deny 50 Flow blocked (other) 0 Flow drop: No valid session 20 Stateful ACL check failed 5 Cluster drop: 0
show running-config | section policy-map policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rpc inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp inspect sip inspect pptp inspect icmp inspect icmp error inspect ip-options class class-default set connection advanced-options UMBC_Inside
Router1#show crypto ipsec sa peer 10.1.1.2
interface: Tunnel0
Crypto map tag: VPN-CM, local addr 10.1.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.2.2.0/255.255.255.0/0/0)
current_peer 10.1.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#send errors 0, #recv errors 0
local crypto endpt.: 10.1.1.1, remote crypto endpt.: 10.1.1.2
path mtu 1500, ipsec overhead 66, media mtu 1500
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x0(0)
transform: esp-aes 256 esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 0, flow_id: 0, sibling_flags 80000040, crypto map: VPN-CM
sa timing: remaining key lifetime (k/sec): (0/0)
IV size: 16 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x0(0)
transform: esp-aes 256 esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 0, flow_id: 0, sibling_flags 80000040, crypto map: VPN-CM
sa timing: remaining key lifetime (k/sec): (0/0)
IV size: 16 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
Router1#show crypto isakmp sa
dst src state conn-id slot
10.1.1.2 10.1.1.1 MM_NO_STATE 1 0policy-map type inspect INSPECT-POLICY class type inspect BAD_TRAFFIC drop class type inspect GOOD_TRAFFIC inspect ! class-map type inspect match-any BAD_TRAFFIC match protocol dns match protocol ms-sql ! class-map type inspect match-any GOOD_TRAFFIC match access-group 100 ! zone security INSIDE zone security OUTSIDE zone-pair security ZP-IN-2-OUT source INSIDE destination OUTSIDE service-policy type inspect INSPECT-POLICY
zone-pair security ZP_INSIDE_OUT source INSIDE destination OUTSIDE service-policy type inspect INSIDE_OUT_POLICY ! class-map type inspect match-any DMZ_OUT_TRAFFIC match protocol tcp match protocol udp ! policy-map type inspect DMZ_OUT_POLICY class type inspect DMZ_OUT_TRAFFIC inspect class class-default drop