A.The first three statements of ACL 112 should have permitted the ICMP traffic and the laststatement should deny the identified traffic
B.The last statement of ACL 112 should have been "access-list 112deny icmp any 10.2.1.00.0.0.255"
C.The last statement of ACL 112 should have been "access-list 112permit icmp any 10.2.1.00.0.0.255"
D.ACL 112 should have been applied to interface Fa0/0 in an inbound direction
E.The last statement of ACL 112 should have been "access-list 112deny icmp any 10.1.1.00.0.0.255"
F.ACL 112 should have been applied to interface Fa0/1 in an outbound direction
G.None of the above

A.Disable post scan
B.Use SSH or SSL
C.Enable trust levels
D.Deny echo replies on all edge routers

A.IKE keepalives are unidirectional and sent every ten seconds
B.IPsec uses the Encapsulating Security Protocol （ESP） or the Authentication Header （AH）protocol for exchanging keys
C.To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only threepackets
D.IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers

A.A good security practice is to havethe none parameter configured as the final method used toensure that no other authentication method will be used
B.If a TACACS+ server is not available， then a user connecting via the console port would not beable to gain access since no other authentication method has been defined
C.If a TACACS+ server is not available， then the user Bob could be able to enter privileged modeas long as the proper enable password is entered
D.Theaaa new-model command forces the router to override every other authentication methodpreviously configured for the router lines
E.To increase security， group radius should be used instead of group tacacs+
F.Two authentication options are prescribed by the displayedaaa authentication command