ccsp思科认证网络安全专家_题库_[文档在线提供]

642-501SectionAcontains105questions.SectionBcontains80questions.MissingExplanations&Answerswillbeprovidedinthenextupdate.MissingAnswers:Q:96&99-105MissingExplanations:Q:15,23,67,73-80,83,85,87,89&91-105SectionAQUESTION1YouaretheadministratorforCertkiller,Inc.YourjobtodayistoconfigureastartaccountingrecordforaPoint-to-PointsessiontobesenttoaTACACS+server.Whichconfigurationcommandwilldothis?A.aaaaccountingnetworkdefaultstart-stoptacacs+B.aaaauthenticationpppstarttacacs+C.aaaauthorizationexecdefaulttacacs+D.aaaauthorizationnetworkdefaulttacacs+E.aaaaccountingnetworkdefaultstop-onlytacacs+Answer:AExplanation:aaaaccounting{system|network|exec|commandlevel}{start-stop|wait-start|stop-only}{tacacs+|radius}noaaaaccounting{system|network|exec|commandlevel}networkRunsaccountingforallnetwork-relatedservicerequests,includingSLIP,PPP,PPPNCPs,andARAP.start-stopSendsastartaccountingnoticeatthebeginningofaprocessandastopaccountingnoticeattheendofaprocess.Thestartaccountingrecordissentinthebackground.Therequesteduserprocessbeginsregardlessofwhetherornotthestartaccountingnoticewasreceivedbytheaccountingserver.tacacs+EnablestheTACACS-styleaccounting.Reference::BExplanation:Cryptomapsettransform-setcommand:Specifieswhichtransformsetscanbeusedwiththecryptomapentry.Listmultipletransformsetsinorderofpriority,withthehighest-prioritytransformsetfirst.Reference:CiscoSecurePIXFirewall(Ciscopress)page217QUESTION3Exhibit:YouaretheadministratoratCertkillerInc.andyouneedtoaddanACLstatementtoprotectagainstaddressspoofingwhenappliedinboundontheexternalinterfaceoftheperimeterrouter.Whichoneofthesecommandsiscorrect?A.access-list101denyIP162.16.1.00.0.0.255.0.0.0.0255.255.255.255B.access-list101denyUDP162.16.1.0255.255.0.00.0.0.0255.255.255.255C.access-list101denyIP162.16.1.0255.255.255.00.0.0.0255.255.255.255D.accesslist101permitIP162.16.1.0255.255.0.00.0.0.0255.255.255.255Answer:AExplanation:access-list101denyIP162.16.1.00.0.0.2550.0.0.0255255.255.255access-listcommand-commandtodenyaccesstothe162.16.1.00.0.0.255addressesfromanyaddress(0.0.0.0255.255.255.255)Reference:ManagingCiscoNetworkSecurity(Ciscopress)pageAppendixCQUESTION4JacobatCertkillerInc.wasgiventheassignmenttosecurethenetworkfromgivingoutunauthorizedinformation.Hisfirststepistopreventtheperimeterrouterfromdivulgingtopologyinformationbytellingexternalhostswhichsubnetsarenotconfigured.Whichcommandfitsthisobjective?A.nosource-routeB.noiproute-cacheC.noserviceudp-small-serversD.noipunreachableAnswer:DExplanation:ToenablethegenerationofInternetControlMessageProtocol(ICMP)unreachablemessages,usetheipunreachablecommandininterfaceconfigurationmode.Todisablethisfunction,usethenoformofthiscommand.Reference::servicepassword-encryption!aaanew-modelaaaauthenticationlogindefaultlineaaaauthenticationloginnologinnameaaaauthenticationloginadmintacacs+enableaaaauthenticationpppdefaulttacacs+!enablesecret5$1$WogB$7.0FLEFgB8Wp.C9eqNX9L/!!interfaceGroup-AsyncipunnumberedLoopback0iptcpheader-compressionpassiveencapsulationpppasyncmodeinteractiveJohnatCertkillerInc.islookingatthisconfigurationtofigureoutwhatmethodauthenticatesthroughthevtyport.Whichmethodiscorrect?A.noaccesspermittedB.linepasswordC.noauthenticationrequiredD.defaultauthenticationusedAnswer:BExplanation:EnablingAuthenticationforLoginUsingtheaaaauthenticationlogincommandandthefollowingkeywords,youcreateoneormorelistsofauthenticationmethodsthataretriedatlogin.Thelistsareusedwiththeloginauthenticationlineconfigurationcommand.Enterthefollowingcommandinglobalconfigurationmodetoenableauthenticationforlogin:Switch#aaaauthenticationlogin{default|list-name}method1[...[method3]]Thekeywordlist-nameisanycharacterstringusedtonamethelistyouarecreating.Themethodkeywordreferstotheactualmethodtheauthenticationalgorithmtries,inthesequenceentered.Youcanenteruptothreemethods:KeywordDescriptionlineUsesthelinepasswordforauthentication.localUsesthelocalusernamedatabaseforauthentication.tacacs+UsesTACACS+authentication.Reference::EExplanation:PrerequisitesforWorkingwithRouterMCFollowingaresomeprerequisitesforworkingwithRouterMC:•SSHmustbeenabledonyourdevicesifyouwanttoimportordeploytolivedevices.Reference:UsingManagementCenterforVPNRouters1.2QUESTION7KathyistheadministratorwhoisconfiguringIOSfirewallIDS.Shehastwoi