Latest CCIE 350-001 New Question (21-25)
QUESTION 21
What does Cisco recommend when you are enabling Cisco IOS IPS?
A. Do not enable all the signatures at the same time.
B. Do not enable the ICMP signature.
C. Disable the Zone-Based Policy Firewall because it is not compatible with Cisco IOS IPS.
D. Disable CEF because it is not compatible with Cisco IOS IPS.
Answer: A
QUESTION 22
Refer to the exhibit.
Which statement is correct?
A. OSPF peers are using Type 1 authentication
B. OSPF peers are using Type 2 authentication
C. Authentication is used, but there is a password mismatch
D. The OSPF peer IP address is 172.16.10.36
Answer: B
QUESTION 23
Which two statements are true about Unicast Reverse Path Forwarding Loose Mode? (Choose
two.)
A. It is used in multihome network scenarios.
B. It can be used with BGP to mitigate DoS and DDoS.
C. It does not need to have CEF enabled.
D. It is enabled via the interface level command ip verify unicast reverse-path.
E. It cannot be used with “classification” access lists.
Answer: AB
QUESTION 24
Refer to the exhibit.
What would be the security risk when you are using the above configuration?
A. The locally configured users would override the TACACS+ security policy.
B. It would be impossible to log in to the router if the TACACS+ server is down.
C. The default login policy would override the TACACS+ configuration.
D. If the TACACS+ server failed, no authentication would be required.
Answer: D
QUESTION 25
Which three protocols should be explicitly managed by using a CoPP policy on an Internet border router? (Choose three.)
A. SMTP
B. ICMP
C. BGP
D. SSH
E. RTP
F. BitTorrent
G. VTP
Answer: BCD