Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What is the best description of a unified ACL on a Cisco firewall?
A. An ACL with both IPv4 and IPv6 functionality.
B. An IPv6 ACL with IPv4 backwards compatibility.
C. An IPv4 ACL with IPv6 support.
D. An ACL that supports EtherType in addition to IPv6.
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html
Q2. In which way are management packets classified on a firewall that operates in multiple context mode?
A. by their interface IP address
B. by the routing table
C. by NAT
D. by their MAC addresses
Answer: A
Q3. Which statement about Cisco IPS Manager Express is true?
A. It provides basic device management for large-scale deployments.
B. It provides a GUI for configuring IPS sensors and security modules.
C. It enables communication with Cisco ASA devices that have no administrative access.
D. It provides greater security than simple ACLs.
Answer: B
Q4. When a Cisco ASA is configured in multicontext mode, which command is used to change between contexts?
A. changeto config context
B. changeto context
C. changeto/config context change
D. changeto/config context 2
Answer: B
Q5. When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?
A. By enabling ARP inspection; however, it cannot be controlled by an ACL
B. By enabling ARP inspection or by configuring ACLs
C. By configuring ACLs; however, ARP inspection is not supported
D. By configuring NAT and ARP inspection
Answer: A
Q6. Which feature is a limitation of a Cisco ASA 5555-X running 8.4.5 version with multiple contexts?
A. Deep packet inspection
B. Packet tracer
C. IPsec
D. Manual/auto NAT
E. Multipolicy packet capture
Answer: C
Q7. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option
Answer: A
Q8. Which two features block traffic that is sourced from non-topological IPv6 addresses? (Choose two.)
A. DHCPv6 Guard
B. IPv6 Prefix Guard
C. IPv6 RA Guard
D. IPv6 Source Guard
Answer: B,D
Q9. Which statement about Cisco Security Manager form factors is true?
A. Cisco Security Manager Professional and Cisco Security Manager UCS Server Bundles support FWSMs.
B. Cisco Security Manager Standard and Cisco Security Manager Professional support FWSMs.
C. Only Cisco Security Manager Professional supports FWSMs.
D. Only Cisco Security Manager Standard supports FWSMs.
Answer: A
Q10. Which three logging methods are supported by Cisco routers? (Choose three.)
A. console logging
B. TACACS+ logging
C. terminal logging
D. syslog logging
E. ACL logging
F. RADIUS logging
Answer: A,C,D
Q11. When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.)
A. rogue DHCP servers
B. ARP attacks
C. DHCP starvation
D. MAC spoofing
E. CAM attacks
F. IP spoofing
Answer: D,F
Q12. When configuring a new context on a Cisco ASA device, which command creates a domain for the context?
A. domain config name
B. domain-name
C. changeto/domain name change
D. domain context 2
Answer: B
Q13. Which statement is true of the logging configuration on the Cisco ASA?
A. The contents of the internal buffer will be saved to an FTP server before the buffer is overwritten.
B. The contents of the internal buffer will be saved to flash memory before the buffer is overwritten.
C. System log messages with a severity level of six and higher will be logged to the internal buffer.
D. System log messages with a severity level of six and lower will be logged to the internal buffer.
Answer: C
Explanation:
\\psf\Home\.Trash\Screen Shot 2015-06-17 at 5.26.32 PM.png
Q14. Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface?
A. Bridge protocol Data Unit Guard
B. Storm Control
C. Embedded event monitoring
D. Access control lists
Answer: B
Q15. When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?
A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh
Answer: B