Exam A
QUESTION 1
Commercial browsers such as Netscape or Internet Explorer have knowledge of existing root CA certificates because:
A. They connect to netscape.com or microsoft.com to download the current list of CA certificates each time the user is on-line.
B. A number of root CA certificates is already installed in the software. Users can then manually add or remove certificates to this list.
C. A number of root certificates is already installed in the software. This list cannot be altered, but companies can request intermediary CA certificates to be signed by one of these root CAs.
D. There exists a standard that outlines which CA’s can be trusted ; the browser checks the CA certificate against this standard.
E. During installation of the browser, the install program will download the latest list of trusted root CA certificates from download.rsa.org and install these with the browser.
Correct Answer: B
QUESTION 2
The configuration register does NOT retain settings for:
A. An enabled ‘Break’ key
B. The console baud rate
C. The boot method
D. An enabled AUX port
Correct Answer: D
QUESTION 3
You work as a network engineer at Certkiller .com. Study the exhibit carefully.
The address field contains: (multiple answer)
Exhibit:
A. The DLCI Value
B. The Extended Address (EA)
C. Congestion Control
D. FCS
Correct Answer: ABC
QUESTION 4
A root CA certificate distinguishes itself from other certificates because:
A. The root CA certificate has a special bit set in the Key Usage field.
B. The root CA certificate has its serial number in a dedicated range.
C. The root CA certificate issuer and subject are the same.
D. The root CA certificate has a Subject Type equal to CA in its Basic Constraints.
E. The root CA certificate has a Thumbprint.
Correct Answer: C
QUESTION 5
In the SSL handshake, how is the cipher suite negotiated?
A. The client sends a list of supported cipher suites, and the server must select the first one on that list it supports.
B. The client and the server take turns in sending proposals back and forth, until they agree on a cipher suite or have exhausted their supported cipher suite lists.
C. The client sends the cipher suite it wants to use; the server has to support all cipher suites.
D. The server sends the cipher suite it wants to use; the client has to support all cipher suites.
E. The client sends a list of supported cipher suites, and the server selects the cipher suite it wants to use.
Correct Answer: E
QUESTION 6
You work as a network engineer at Certkiller .com. Study the exhibit carefully. In the shown diagram the
two web servers are configured for port 81 and the content rule for port 80. If a client wishes to connect to
the virtual IP address 172.16.0.100:
Exhibit:
A. A source group is needed to make this work properly.
B. This configuration will work as configured.
C. This configuration will not work.
D. Access-lists must be configured to allow this to work.
E. DNS must be configured on the CSS for this to work properly.
Correct Answer: C
QUESTION 7
The NNI specification defines communications between: A. An ATM end system and an ATM switch
B. Two ATM end systems
C. An ATM device and a non-ATM device
D. Two ATM switches from different carriers
E. Two ATM switches
Correct Answer: E
QUESTION 8
You work as a network engineer at Certkiller .com. Study the topology exhibit carefully. Host Certkiller 1 and Host Certkiller 2 are on Ethernet LANs in different buildings. A serial line is installed between two Cisco routers using Cisco HDLC serial line encapsulation. Routers Certkiller A and Certkiller B are configured to route IP traffic. Host Certkiller 1 sends a packet to Host Certkiller 2. A line hit on the serial line causes an error in the packet. When this is detected, the retransmission is sent by: Exhibit:
A. Host Certkiller 1
B. Host Certkiller 2
C. Router Certkiller A
D. Router Certkiller B
E. Protocol analyzer
Correct Answer: A
QUESTION 9
A router is receiving updates for a subnet from different routing protocols. The administrator wishes to take advantage of a path via a route with a less favorable Administrative Distance. What can be done to affect this without losing any of the updates?
A. Configure a static route with an Administrative Distance of 120
B. Use the Router Configuration mode command distance with an appropriate ‘weight’ for this subnet
C. Create a distribute-list to block this subnet
D. Modify the default-metric weight of the routing protocol offering the more favorable Administrative Distance
Correct Answer: B
QUESTION 10
SSL Session ID is used to:
A. Resume old SSL sessions — the keys remain the same
B. Give loadbalancers the opportunity to loadbalance SSL based upon a non-encrypted field that stays constant throughout one session, yet is guaranteed to change between sessions
C. Resume old SSL sessions — the keys are recomputed using the old master_secret and new random values
D. Allow the client to distinguish between the various SSL connections it has to a server
E. Allow the server to distinguish between the various SSL connections it has to a client
Correct Answer: C