CCNP Secure FAQ Implementing and Configuring Cisco IOS Routed Data Plane Security


CCNP Secure FAQ Implementing and Configuring Cisco IOS Routed Data Plane Security

Q1. Which of the following are some of the most common types of routed data plane attacks?
A. Routing protocol spoofing
B. Slow-path denial of service
C. STP spoofing
D. Traffic flooding

Answer: B and D

Q2. Which of the following ACL ranges are used for standard access lists?
A. 100–199
B. 2000–2699
C. 1–99
D. 1300–1999

Answer: C and D

Q3. When using a reflexive access list, which of the following ACL types must be used?
A. Standard IP ACL
B. Extended IP ACL
C. Extended IP named ACL
D. Reflexive ACL
E. Standard IP named ACL

Answer: C

Q4. Which of the following are valid steps required for the creation of an FPM filtering policy?
A. Defining a service policy
B. Loading of a PCFD
C. Defining an access list
D. Loading of a PHDF

Answer: A and D

Q5. Which command are used to load a traffic classification file (TCDF)?
A. load protocol
B. load classification
C. load tcdf
D. load class-file

Answer: B

Q6. Which commands are used to configure matching for a traffic class?
A. match field
B. match start
C. match beginning
D. match l2-layer
E. match packet

Answer: A and B

Q7. Which of the following are restrictions when using FPM?
A. Stateful inspection only
B. IPv4/IPv6 unicast packets only
C. IPv4 unicast packets only
D. Cannot be used with IP options packets

Answer: C and D

Q8. Which of the following are benefits that are gained by using Flexible NetFlow?
A. Flexible key and nonkey fields
B. Version 5 export format
C. Standardized key and nonkey fields
D. Version 9 export format

Answer: A and D

Q9. Which of the following are Flexible NetFlow components?
A. Flow sequencers
B. Flow policers
C. Flow monitors
D. Flow samplers

Answer: C and D

Q10. Unicast RPF utilizes which of the following to compare source packet information?
A. IP routing table
C. Topology tables
D. NetFlow records

Answer: B

Q11. There is a(n) _____ at the end of each access list.

Answer: implicit deny

Q12. An extended access list can use the number ranges of _____ and _____.

Answer: 100–199, 2000–2699

Q13. The wildcard mask that would be used with a subnet mask of would be _____.


Q14. When assigning reflexive access lists to an interface, they are typically placed _____ on an interface facing away from the internal network or _____ on an interface facing toward the internal network.

Answer: outbound, inbound

Q15. Both PHDF and TCDF are formatted using _____.

Answer: XML

Q16. When using FPM, traffic can be classified using _____ files or using the _____.

Answer: TCDF, CLI

Q17. FPM is only able to inspect _____ unicast packets.

Answer: IPv4

Q18. _____ fields are used by NetFlow to identify specific flows.

Answer: Key

Q19. Unicast RPF can operate in _____ or _____ mode.

Answer: strict, loose

Q20. When configuring Unicast RPF, the first thing that must be configured is _____.

Answer: CEF

More Resources

About the author


Leave a Comment