A.The IDS is in the traffic path.
B.The IDS can send TCP resets to the source device.
C.The IDS can send TCP resets to the destination device.
D.The IDS listens promiscuously to all traffic on the network.
E.Default operation is for the IDS to discard malicious traffic.

A.All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B.A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C.Prior to responding to a proxy ARP，the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D.The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

A.network-based application recognition （NBAR）
B.authentication proxy
C.stateful packet filtering
D.AAA services
E.proxy server
F.IPS

A.The IP inspection rule can be applied in the inbound direction on the secured interface.
B.The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C.The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D.The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E.For temporary openings to be created dynamically by Cisco IOS Firewall，the access-list for thereturning traffic must be a standard ACL.
F.For temporary openings to be created dynamically by Cisco IOS Firewall，the IP inspection rule must be applied to the secured interface.

A.Decrease the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
B.Increase the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
C.No additional configuration is required. Interface MTU size will be automatically adjusted to accommodate the larger size frames.
D.No additional configuration is required. Frames with larger MTU size will be automatically fragmented and forwarded on all LAN segments.

A.Packets can be labeled and forwarded out interface Fa0/1 because of the MPLS operational status of the interface.
B.Because LSP tunnel labeling has not been enabled on interface Fa0/1， packets cannot be labeled and forwarded out interface Fa0/1.
C.Packets can be labeled and forwarded out interface Fa1/1 because MPLS has been enabled on this interface.
D.Because the MTU size is increased above the size limit， packets cannot be labeled and forwarded out interface Fa1/1.

A.MPLS eliminates the need of an IGP in the core.
B.MPLS reduces the required number of BGP-enabled devices in the core.
C.Reduces routing table lookup since only the MPLS core routers perform routing table lookups.
D.MPLS eliminates the need for fully meshed connections between BGP enabled devices.

A.reset the connection
B.forward the packet
C.check the packet against an ACL
D.drop the packet

A.A static route that points towards the Cisco Easy VPN server is created on the remote client.
B.A static route is created on the Cisco Easy VPN server for the internal IP address of each VPN client.
C.A default route is injected into the route table of the remote client.
D.A default route is injected into the route table of the Cisco Easy VPN server.

A.Configure SNMP with only read-only community strings.
B.Encrypt TFTP and syslog traffic in an IPSec tunnel.
C.Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D.Synchronize the NTP master clock with an Internet atomic clock.
E.Use SNMP version 2.
F.Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.