QUESTION 1 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1 that has the Network Policy Server server role and the Remote Access server role installed. The domain contains a server named Server2 that is configured as a RADIUS server. Server1 provides VPN access to external users. You need to ensure that all of the VPN connections to Server1 are logged to the RADIUS server on Server2. What should you run? A. Add-RemoteAccessRadius -ServerNameServer1 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting B. Set-RemoteAccessAccounting -AccountingOnOffMsg Enabled -AccountingOnOffMsg Enabled C. Add-RemoteAccessRadius -ServerName Server2 -AccountingOnOffMsg Enabled -SharedSecret "Secret" -Purpose Accounting D. Set-RemoteAccessAccounting -EnableAccountingType Inbox -AccountingOnOffMsg Enabled Correct Answer: C QUESTION 2 Your network contains four Network Policy Server (NPS) servers named Server1, Server2, Servers, and Server4. Server1 is configured as a RADIUS proxy that forwards connection requests to a remote RADIUS server group named Group1. You need to ensure that Server2 and Server3 receive connection requests. Server4 must only receive connection requests if both Server2 and Server3 are unavailable. How should you configure Group1? A. Change the Weight of Server4 to 10. B. Change the Weight of Server2 and Server3 to 10. C. Change the Priority of Server2 and Server3 to 10. D. Change the Priority of Server4 to 10. Correct Answer: D QUESTION 3 Your network contains an Active Directory domain named adatum.com. A network administrator creates a Group Policy central store. After the central store is created, you discover that when you create new Group Policy objects (GPOs), the GPOs do not contain any Administrative Templates. You need to ensure that the Administrative https://www.pass4itsure.com/70-411.html Templates appear in new GPOs. What should you do? A. Add your user account to the Group Policy Creator Owners group. B. Configure all domain controllers as global catalog servers. C. Copy files from %Windir%\Policydefinitions to the central store. D. Modify the Delegation settings of the new GPOs. Correct Answer: C QUESTION 4 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains 500 client computers that run Windows 8 Enterprise. You implement a Group Policy central store. You have an application named App1. App1 requires that a custom registry setting be deployed to all of the computers. You need to deploy the custom registry setting. The solution must minimize administrator effort. What should you configure in a Group Policy object (GPO)? A. The Software Installation settings B. The Administrative Templates C. An application control policy D. The Group Policy preferences Correct Answer: D QUESTION 5 Your network contains two Active Directory forests named contoso.com and dev.contoso.com. The contoso.com forest contains a domain controller named DC1. The dev.contoso.com forest contains a domain controller named DC2. Each domain contains an organizational unit (OU) named OU1. Dev.contoso.com has a Group Policy object (GPO) named GPO1. GPO1 contains 200 settings, including several settings that have network paths. GPO1 is linked to OU1. You need to copy GPO1 from dev.contoso.com to contoso.com. What should you do first on DC2? A. From the Group Policy Management console, right-click GPO1 and select Copy. B. Run the mtedit.exe command and specify the /Domaintcontoso.com /DC: DC 1 parameter. C. Run the Save-NetGpocmdlet. D. Run the Backup-Gpocmdlet. Correct Answer: A QUESTION 6 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. Client computers run either Windows 7 or Windows 8. All of the client computers have an application named App1 installed. The domain contains a Group Policy object (GPO) named GPO1 that is applied to all of the client computers. You need to add a system variable named App1Data to all of the client computers. Which Group Policy preference should you configure? A. Environment B. Ini Files C. Data Sources D. Services Correct Answer: A QUESTION 7 Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do? A. Enforce GPO1. B. Modify the Link1 shortcut preference of GPO1. C. Enable loopback processing in GPO1. D. Modify the Security Filtering settings of GPO1. Correct Answer: B Vendor: Cisco Exam Code: 210-260 Exam Name: Implementing Cisco https://www.pass4itsure.com/210-260.html Network Security Q&As: 329 (324Q&As & 5 Labs)QUESTION 1 Which three ESP fields can be encrypted during transmission? (Choose three.) A. Security Parameter Index B. Sequence Number C. MAC Address D. Padding E. Pad Length F. Next Header Correct Answer: DEF Explanation QUESTION 2 What mechanism does asymmetric cryptography use to secure data? A. a public/private key pair B. shared secret keys C. an RSA nonce D. an MD5 hash Correct Answer: A Explanation QUESTION 3 Whit which type of Leyer 2 attack can you "do something" for one host: A. MAC spoofing B. CAM overflow.... Correct Answer: A Explanation QUESTION 4 Refer to the exhibit. How many times was a read-only string used to attempt a write operation? A. 9 B. 6 C. 4 D. 3 E. 2 Correct Answer: A Explanation QUESTION 5 Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address? A. next IP B. round robin C. dynamic rotation D. NAT address rotation Correct Answer: B Explanation QUESTION 6 Which label is given to a person who uses existing computer scripts to hack into computers lacking the expertise to write their own? A. white hat hacker B. hacktivist C. phreaker D. script kiddy Correct Answer: D Explanation QUESTION 7 When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.) A. pass B. police C. inspect D. drop E. queue F. shape Correct Answer: ACD Explanation Explanation/Reference: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080 8bc994.shtml Zone-Based Policy Firewall Actions ZFW provides three actions for traffic that traverses from one zone to another: Drop -- This is the default action for all traffic, as applied by the "class class-default" that terminates every inspect-type policy-map. Other class-maps within a policy-map can also be configured to drop unwanted traffic. Traffic that is handled by the drop action is "silently" dropped (i.e., no notification of the drop is sent to the relevant end-host) by the ZFW, as opposed to an ACL's behavior of sending an ICMP "host unreachable" message to the host that sent the denied traffic. Currently, there is not an option to change the "silent drop" behavior. The log option can be added with drop for syslog notification that traffic was dropped by the firewall. Pass -- This action allows the router to forward traffic from one zone to another. The pass action does not track the state of connections or sessions within the traffic. Pass only allows the traffic in one direction. A corresponding policy must be applied to allow return traffic to pass in the opposite direction. The pass action is useful for protocols such as IPSec ESP, IPSec AH, ISAKMP, and other inherently secure protocols with predictable behavior. However, most application traffic is better handled in the ZFW with the inspect action. Inspect--The inspect action offers state-based traffic control. For example, if traffic from the private zone to the Internet zone in the earlier example network is inspected, the router maintains connection or session information for TCP and User Datagram Protocol (UDP) traffic. Therefore, the router permits return traffic sent from Internet-zone hosts in reply to private zone connection requests. Also, inspect can provide application inspection and control for certain service protocols that might carry vulnerable or sensitive application traffic.Audit-trail can be applied with a parameter-map to record connection/session start, stop, duration, the data volume transferred, and source and destination addresses. QUESTION 8 Which type of security control is defense in depth? A. Threat mitigation B. Risk analysis C. Botnet mitigation D. Overt and covert channels Correct Answer: A Explanation QUESTION 9 Which statement about a PVLAN isolated port configured on a switch is true? A. The isolated port can communicate only with the promiscuous port. B. The isolated port can communicate with other isolated ports and the promiscuous port. C. The isolated port can communicate only with community ports. D. The isolated port can communicate only with other isolated ports. Correct Answer: A Explanation QUESTION 10 Which statement about Cisco cert4sure.netACS authentication and authorization is true? A. ACS servers can be clustered to provide scalability. B. ACS can query multiple Active Directory domains. C. ACS uses TACACS to proxy other authentication servers. D. ACS can use only one authorization profile to allow or deny requests. Correct Answer: A Explanation ACSM-Certification Oracle Exam Questions