Beyond knowing the answer, and actually understanding the 300-320 exam questions puts you one step ahead of the test. Completely understanding a concept and reasoning behind how something works, makes your task second nature. Your 300-320 quiz will melt in your hands if you know the logic behind the concepts. Any legitimate 300-320 pdf should enforce this style of learning – but you will be hard pressed to find more than a 300-320 dumps test anywhere other than Learningpdf. CCIE Security certification tests the expert level ability of a candidate to secure a large-scale network. This certification qualifies you to manage, lead and design the most complex network security solution. Traditionally, you could have taken CCIE Security 300-320 pdf Exam and after clearing it you needed to take.
Latest 300-135 dumps questions and answers (15Q&As)
300-320 dumps pdf QUESTION 16
Which statement about RBAC user roles on a Cisco Nexus switch is true?
A. If you belong to multiple roles, you can execute only the commands that are permitted by both roles (logical AND).
B. Access to a command takes priority over being denied access to a command.
C. The predefined roles can only be changed by the network administrator (superuser).
D. The default SAN administrator role restricts configuration to Fibre Channel interfaces.
E. On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs.
Correct Answer: B
If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which
denied access to the configuration commands. However, the users also have RoleB, which has access to the configuration commands. In this case, the users have access to the configuration commands.
300-320 dumps pdf QUESTION 17
Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series Switches is true?
A. While SGACL enforcement and SGT propagation are supported on the M and F modules, 802.1AE (MACsec) support is available only on the M module.
B. SGT Exchange Protocol is required to propagate the SGTs across F modules that lack hardware support for Cisco TrustSec.
C. AAA authentication and authorization is supported using TACACS or RADIUS to a Cisco Secure Access Control Server.
D. Both Cisco TrustSec and 802.1X can be configured on an F or M module interface.
Correct Answer: A
The M-Series modules on the Nexus 7000 support 802.1AE MACSEC on all ports, including the new M2-series modules. The F2e modules will have this feature enabled in the future.
It is important to note that because 802.1AE MACSEC is a link-level encryption, the two MACSEC-enabled endpoints, Nexus 7000 devices in our case, must be directly L2 adjacent. This means we direct fiber connection or one facilitated with
optical gear is required. MACSEC has integrity checks for the frames and intermediate devices, like another switch, even at L2, will cause the integrity checks to fail. In most cases, this means metro-Ethernet services or carrier-provided label
switched services will not work for a MACSEC connection.
300-320 dumps pdf QUESTION 18
Which two security features are only supported on the Cisco Nexus 7000 Series Switches? (Choose two.)
A. IP source guard
B. traffic storm control
D. DHCP snooping
E. Dynamic ARP Inspection
Correct Answer: BF
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic
storm on physical interfaces. Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 10-millisecond interval. During this interval, the traffic level,
which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm
control drops the traffic until the interval ends.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter1.html
300-320 dumps pdf QUESTION 19
When a local RBAC user account has the same name as a remote user account on an AAA server, what happens when a user with that name logs into a Cisco Nexus switch?
A. The user roles from the remote AAA user account are applied, not the configured local user roles.
B. All the roles are merged (logical OR).
C. The user roles from the local user account are applied, not the remote AAA user roles.
D. Only the roles that are defined on both accounts are merged (logical AND).
Correct Answer: C
If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not
the user roles configured on the AAA server.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx- os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html
300-320 dumps pdf QUESTION 20
Which statement is true if password-strength checking is enabled?
A. Short, easy-to-decipher passwords will be rejected.
B. The strength of existing passwords will be checked.
C. Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.
D. Passwords become case-sensitive.
Correct Answer: A
If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled. Be sure to configure a strong password. Passwords are case
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7- x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX- OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-
300-320 dumps pdf QUESTION 21
Which command specifies a load-balancing method based on the MAC address of a host where the same forwarder is always used for a particular host while the number of GLBP group members remains unchanged?A. load-balancing host-dependent
B. load-balancing mac-pinning
C. load-balancing round-robin
D. load-balancing weighted
Correct Answer: A
300-320 dumps pdf QUESTION 22
Which two elements must be configured correctly for Cisco TrustSec Fibre Channel Link Encryption to work on a Cisco MDS 9000 Series Switch? (Choose two.)
Correct Answer: BC
300-320 dumps pdf QUESTION 23
Which configuration is specific to Cisco TelePresence System seed devices?
A. radius server radius-server-name
B. aaa session-id common
C. radius-server vsa send authentication
D. aaa new-model
Correct Answer: A
300-320 dumps pdf QUESTION 24
Which command is used to associate EID-to-RLOC for a LISP site?
A. #feature lisp
B. #ipv6 lisp itr
C. #ip lisp database-mapping
D. #ip lisp itr map-resolver
Correct Answer: C
300-320 dumps pdf QUESTION 25
Which three options of encryption are supported in PIM hello messages? (Choose three.)
D. Cisco Type 7
Correct Answer: ADF
When you are going to get the Cisco 300-320 exam but don’t know how to prepare for it, Learningpdf can offer you an absolute perfect and quick way. We have a mass of Cisco 300-320 dumps pdf. If you download our 300-320 CCIE Security Written Exam vce files, you will get all the CCIE Security Written Exam important contents. To help you pass Cisco certification exam is the recognition of our best efforts. In order to achieve this goal, our IT experts and certified trainers have focused on the Learningpdf 300-320 dumps with their rich experience and constantly keep the updating our 300-320 dumps pdf study materials to ensure the accuracy of exam questions and answers. There are 24/7 customer assisting to support you if you have any questions.