For Part 2 of this series, click here.

The following questions will be added to the Core Knowledge Simulation engine.   Answers will be provided in the comments section.

Implement Identity Management

Refer to the diagram.   The software running on the PC performs what role?

Basic 802.1x

Configure Cisco IPS to mitigate network threats

Refer to the diagram.   How are IPS alerts from the IOS router collected on IME and MARS?


Implement secure networks using Cisco ASA Firewalls

When a new policy-map is applied globally, what effect does that have on the interfaces of the ASA?

Implement secure networks using Cisco VPN solutions

What layer 4 ports / protocols would  typically be used as part of a GDOI implementation?

You can leave a response, or trackback from your own site.

15 Responses to “CCIE Security Core Knowledge Questions – Part 3”

  1. irom says:

    1) Collect Information about client for posture validation ?
    2) SDEE ?
    3)Depends on the feature..(i.e. inspection , policing) If there is no conflict both will be applied. If there is a conflict ..don’t remeber
    4) UDP 848 ?

  2. Paul Alexander says:

    1) Supplicant
    2) SDEE or Syslog
    3) Applies to traffic in both directions flowing through the firewall
    4) UDP 848

  3. Yostie says:

    1) Authenticating Server – authenticates the user again a locally defined user database or again an external database
    2) SDEE
    3) Apply’s the policy set forth in the policy map on all interfaces unless a per interface policy map is already applied then the per interface policy map takes precedence.
    4) Haven’t the slightest clue. Started looking at the RFC and have sort of an idea.

  4. Jsteve says:

    1) Authenticator
    2) SDEE
    3) Global policy will be applied to all interfaces.
    4) UDP port 848

  5. marcin chojna says:

    1) Supplicant
    2) SDEE or Syslog
    3) Applies to traffic in both directions flowing through the firewall
    4) UDP 848

    Same as Paul

  6. Paul Gilbert says:

    1. Supplicant
    2. Syslog – SDEE
    3. inbound and outbound on each interface.
    4. UDP 848

  7. jeff_1 says:

    1. Supplicant (client with CTA or without)
    2. SDEE
    3. Global policy will apply to all interfaces
    4. UDP/848

  8. Bheda Laxman says:

    1. Supplicant
    2. Security Device Event Exchange – Syslog
    3. Global Policy will be applied to all the Interface of ASA on which there is no per-interface policy is applied.
    4. Protocol: User Datagram Protocol Port: 848 without any NAT-T. With NAT-T UDP 4500

  9. Thomas S. says:

    The only thing I would change from Bheda Laxman’s post is number 1.

    1. 801.1x Supplicant

    Cisco can get picky on the wording of their tests and answers.

  10. A huge thank you to irom, both Pauls, Yostie, JSteve, marcin, Jeff_1, Bheda and Thomas!

    The answers are:
    1. 802.1x supplicant

    2. SDEE / Syslog

    3. If included in the policy, and not preempted by a local interface policy, the global policy would provide policing ingress and egress, prioritization egress and inspection ingress on all interfaces.

    4. UDP 848 for the members registration to the key server, and protocol 50 for the encrypted traffic between members.

    Thank you everyone, and good luck with your studies.

  11. mostafa says:

    Dear All,

    I had just come from my CCIE security exam two days ago, i had failed in the open-ended question.

    So if there a way to contact some one to discuss these 4 question and show to me the right answer.

  12. mostafa says:

    Is there some way how for a channel to edit a question for any configuration i can’t do or a technology i need help in it like FPM for example, and got some one help in it.
    This exam was my second attempt, i take the first attempt in the old version and the new one is full of tricky and i need a way to increase my experience for the third attempt, also note i already registered for the core knowledge simulation, labs and class on demand for the security part.

    Thanks in advance.

  13. For part 4, click on the link just above this comment…


Leave a Reply


CCIE Bloggers