A.Any protected subnets that are entered represent subnets at the end user’s site that will be accessed without going through the encrypted tunnel.
B.Any protected subnets that are entered represent subnets at the end user’s site that will be accessed through the encrypted tunnel.
C.Any protected subnets that are entered represent subnets at the VPN server site that will be accessed without going through the encrypted tunnel.
D.Any protected subnets that are entered represent subnets at the VPN server site that will be accessedthrough the encrypted tunnel.

A.All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B.Cisco123 would be a valid password for both the enable password and the enable secret commands.
C.The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D.For an interactive full session of AutoSecure， the auto secure login command should be used.
E.If the SSH server was configured， the 1024 bit RSA keys are generated after the auto secure commandis enabled.

A.the outer label used to determine the next hop
B.the IPv4 label for the destination network
C.the IPv4 label for the forwarding router
D.the IPv4 label for the destination router

A.If the VPN server is configured for Xauth， the VPN client waits for a username / password challenge.
B.The Cisco Easy VPN feature only supports transform sets that provide authentication and encryption.
C.The VPN client initiates aggressive mode （AM） if a pre-shared key is used for authentication during the IKE phase 1 process.
D.The VPN client verifies a server username/password challenge by using a AAA authentication server that supports TACACS+ or RADIUS.
E.The VPN server can only be enabled on Cisco PIX Firewalls and Cisco VPN 3000 series concentrators.
F.When connecting with a VPN client，the VPN server must be configured for ISAKMP group 1，2 or 5.

A.The LIST1 list will disable authentication on the console port.
B.Because no method list is specified， the LIST1 list will not authenticate anyone on the console port.
C.All login requests will be authenticated using the group tacacs+ method.
D.All login requests will be authenticated using the local database method.
E.The default login authentication will automatically be applied to all login connections.

A.The TCP connection that matches the defined ACL will be reset by the router if the connection does not complete the three-way handshake within the defined time period.
B.The router will reply to the TCP connection requests. If the three-way handshake completes successfully， the router will establish a TCP connection between itself and the server.
C.The TCP traffic that matches the ACL will be allowed to pass through the router and create a TCP connection with the server.
D.The router will intercept the traceroute messages. It will validate the connection requests before forwarding the packets to the inside network.

A.RRI
B.IPsec Backup Peerings 
C.Dynamic Crypto Ma
D.HSRP
E.IPsec Stateful Switchover （SSO）
F.Dual Router Mode （DRM） IPsec

A.Cisco Express Forwarding （CEF） must be enabled as a prerequisite to running MPLS on a Cisco router.
B.Frame-mode MPLS inserts a 32-bit label between the Layer 3 and Layer 4 headers.
C.MPLS is designed for use with frame-based Layer 2 encapsulation protocols such as Frame Relay， but is not supported by ATM because of ATM fixed-length cells.
D.OSPF， EIGRP， IS-IS， RIP， and BGP can be used in the control plane.
E.The control plane is responsible for forwarding packets.
F.The two major components of MPLS include the control plane and the data plane.

A.encapsulation aal5snap applied to the PVC
B.encapsulation aal5ciscoppp applied to the PVC
C.encapsulation aal5ciscoppp applied to the ATM0 interface
D.encapsulation aal5mux ppp dialer applied to the ATM0 interface
E.encapsulation aal5mux ppp dialer applied to the PVC

A.Inoculate systems by applying update patches. 
B.Limit traffic rate. 
C.Apply authentication. 
D.Quarantine infected machines. 
E.Enable anti-spoof measures.

A.Transparent tunneling must be enabled.
B.A valid root certificate must be installed.
C.A group pre-shared secret must be properly configured.
D.The option to "Allow Local LAN Access" must be selected.