Which of the following describes the DHCP “starvation” attack?
A. Exhaust the address space available on the DHCP servers so that an attacker can inject their own DHCP server for malicious reasons.
B. Saturate the network with DHCP requests to prevent other network services from working.
C. Inject a DHCP server on the network for the purpose of overflowing DNS servers with bogus learned host names.
D. Send DHCP response packets for the purpose of overloading CAM tables.
Which type of VPN is based on the concept of trusted group members using the GDOI key management protocol?
E. MPLS VPN
Which three statements about IKEv2 are correct? (Choose three.)
A. INITIAL_CONTACT is used to synchronize state between peers.
B. The IKEv2 standard defines a method for fragmenting large messages.
C. The initial exchanges of IKEv2 consist of IKE_SA_INIT and IKE_AUTH.
D. Rekeying IKE and child SAs is facilitated by the IKEv2 CREATE_CHILD_SA exchange.
E. NAT-T is not supported.
F. Attribute policy push (via the configuration payload) is only supported in REQUEST/REPLY mode.
Which two identifiers are used by a Cisco Easy VPN Server to reference the correct group policy information for connecting a Cisco Easy VPN Client? (Choose two.)
A. IKE ID_KEY_ID
B. OU field in a certificate that is presented by a client
C. XAUTH username
D. hash of the OTP that is sent during XAUTH challenge/response
E. IKE ID_IPV4_ADDR
What feature on the Cisco ASA is used to check for the presence of an up-to-date antivirus vendor on an AnyConnect client?
A. Dynamic Access Policies with no additional options
B. Dynamic Access Policies with Host Scan enabled
C. advanced endpoint assessment
D. LDAP attribute maps obtained from Antivirus vendor