Comments on: CCIE Security Core Knowledge Questions – Part 3

By: CCIE Security Core Knowledge Questions – Part 4 - CCIE Blog

CCIE Security Core Knowledge Questions – Part 4 - CCIE Blog — Tue, 05 Jan 2010 23:35:53 +0000

For part 4, click on the link just above this comment…

By: INE Instructor

INE Instructor — Thu, 17 Dec 2009 00:41:10 +0000

We would love for you to suggest more topic areas for our Core Knowledge Sim – but please – do not share specific questions.

Thanks!

kbarker@ine.com

By: mostafa

mostafa — Thu, 17 Dec 2009 00:39:49 +0000

Hi,
Is there some way how for a channel to edit a question for any configuration i can’t do or a technology i need help in it like FPM for example, and got some one help in it.
This exam was my second attempt, i take the first attempt in the old version and the new one is full of tricky and i need a way to increase my experience for the third attempt, also note i already registered for the core knowledge simulation, labs and class on demand for the security part.

Thanks in advance.

By: INE Instructor

INE Instructor — Wed, 16 Dec 2009 16:52:36 +0000

Mostafa – we cannot discuss the questions you received. Sorry, that is a violation of Cisco’s NDA.

By: mostafa

mostafa — Wed, 16 Dec 2009 07:44:06 +0000

Dear All,

I had just come from my CCIE security exam two days ago, i had failed in the open-ended question.

So if there a way to contact some one to discuss these 4 question and show to me the right answer.

By: INE Instructor

INE Instructor — Fri, 04 Dec 2009 13:08:27 +0000

A huge thank you to irom, both Pauls, Yostie, JSteve, marcin, Jeff_1, Bheda and Thomas!

The answers are:
1. 802.1x supplicant

2. SDEE / Syslog

3. If included in the policy, and not preempted by a local interface policy, the global policy would provide policing ingress and egress, prioritization egress and inspection ingress on all interfaces.

4. UDP 848 for the members registration to the key server, and protocol 50 for the encrypted traffic between members.

Thank you everyone, and good luck with your studies.

By: Thomas S.

Thomas S. — Mon, 30 Nov 2009 20:20:42 +0000

The only thing I would change from Bheda Laxman’s post is number 1.

1. 801.1x Supplicant

Cisco can get picky on the wording of their tests and answers.

By: Bheda Laxman

Bheda Laxman — Thu, 26 Nov 2009 12:42:18 +0000

1. Supplicant
2. Security Device Event Exchange – Syslog
3. Global Policy will be applied to all the Interface of ASA on which there is no per-interface policy is applied.
4. Protocol: User Datagram Protocol Port: 848 without any NAT-T. With NAT-T UDP 4500

By: jeff_1

jeff_1 — Wed, 25 Nov 2009 21:11:55 +0000

1. Supplicant (client with CTA or without)
2. SDEE
3. Global policy will apply to all interfaces
4. UDP/848

By: Paul Gilbert

Paul Gilbert — Wed, 25 Nov 2009 20:34:55 +0000

1. Supplicant
2. Syslog – SDEE
3. inbound and outbound on each interface.
4. UDP 848