Question 6 of 82

Which identity store option allows you to modify the directory services that run on TCP/IP?

    Correct Answer: A

    Lightweight Directory Access Protocol (LDAP) is a standards-based networking protocol that is specifically used for querying and modifying directory services running over TCP/IP. This makes it the correct answer for the given question.

Question 7 of 82

Which three features should be enabled as best practices for MAB? (Choose three.)

    Correct Answer: BCE

    As best practices for MAC Authentication Bypass (MAB), it is recommended to enable DHCP Snooping, Dynamic ARP Inspection (DAI), and IP Source Guard. DHCP Snooping helps prevent rogue DHCP servers within the network, DAI protects against ARP spoofing attacks, and IP Source Guard helps in verifying the source IP address of traffic received on untrusted ports. These features enhance network security and integrity when deploying MAB.

Question 8 of 82

Which administrative role has permission to assign Security Group Access Control Lists?

    Correct Answer: A

    The administrative role with the permission to assign Security Group Access Control Lists is typically the System Admin. This role usually has comprehensive access and control over various system settings and configurations, including security group management. Other roles like Policy Admin, Network Device Admin, and Identity Admin have more specific and limited scopes of responsibilities.

Question 9 of 82

Refer to the exhibit.

If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect?

    Correct Answer: D

    The given configuration applies an access-list that denies any IP traffic from the object-group vpnservers during the time period from Friday at 6:00 p.m. until Monday at 8:00 a.m. This means that external users are unable to connect during this period. Therefore, external users are able to connect from Monday at 8:01 a.m. until Friday at 5:59 p.m.

Question 10 of 82

Which command enables static PAT for TCP port 25?

    Correct Answer: C

    To enable static Port Address Translation (PAT) for TCP port 25, the command needs to specify static translation using a service. The correct syntax to achieve this would indicate translating the inside IP address and port to the outside IP address and port for TCP services. Thus, the appropriate command uses 'nat (inside,outside) static' followed by the internal IP address, the protocol (TCP), and then the service port (smtp) which corresponds to TCP port 25.