- (Exam Topic 2)
What is a benefit of performing device compliance?

1. A. Verification of the latest OS patches
2. B. Device classification and authorization
3. C. Providing multi-factor authentication
4. D. Providing attribute-driven policies

Correct Answer: A

- (Exam Topic 2)
What is the purpose of the certificate signing request when adding a new certificate for a server?

1. A. It is the password for the certificate that is needed to install it with.
2. B. It provides the server information so a certificate can be created and signed
3. C. It provides the certificate client information so the server can authenticate against it when installing
4. D. It is the certificate that will be loaded onto the server

Correct Answer: B
A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) that the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key

- (Exam Topic 3)
Which solution is made from a collection of secure development practices and guidelines that developers must follow to build secure applications?

1. A. AFL
2. B. Fuzzing Framework
3. C. Radamsa
4. D. OWASP

Correct Answer: D

- (Exam Topic 3)
Which VMware platform does Cisco ACI integrate with to provide enhanced visibility, provide policy integration and deployment, and implement security policies with access lists?

1. A. VMware APIC
2. B. VMwarevRealize
3. C. VMware fusion
4. D. VMware horizons

Correct Answer: B

- (Exam Topic 1)
A network administrator configures Dynamic ARP Inspection on a switch. After Dynamic ARP Inspection is applied, all users on that switch are unable to communicate with any destination. The network administrator checks the interface status of all interfaces, and there is no err-disabled interface. What is causing this problem?

1. A. DHCP snooping has not been enabled on all VLANs.
2. B. The ip arp inspection limit command is applied on all interfaces and is blocking the traffic of all users.
3. C. Dynamic ARP Inspection has not been enabled on all VLANs
4. D. The no ip arp inspection trust command is applied on all user host interfaces

Correct Answer: D
Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. After enabling DAI, all ports become untrusted ports.