Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. In which way are management packets classified on a firewall that operates in multiple context mode?
A. by their interface IP address
B. by the routing table
C. by NAT
D. by their MAC addresses
Answer: A
Q2. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ?
A. TCP sessions
B. DHCP lease
C. NAT translations
D. Routing tables
Answer: B
Q3. A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue.
Which two commands can protect against this problem? (Choose two.)
A. switch(config)#spanning-tree portfast bpduguard default
B. switch(config)#spanning-tree portfast bpdufilter default
C. switch(config-if)#spanning-tree portfast
D. switch(config-if)#spanning-tree portfast disable
E. switch(config-if)#switchport port-security violation protect
F. switch(config-if)#spanning-tree port-priority 0
Answer: A,C
Q4. Which cloud characteristic is used to describes the sharing of physical resource between various
entities ?
A. Elasticity
B. Ubiquitous access
C. Multitenancy
D. Resiliency
Answer: D
Explanation:
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_cloud1.html
Q5. In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages?
A. Logging is not enabled globally on the Cisco ASA.
B. The syslog server has failed.
C. There have not been any events with a severity level of seven.
D. The Cisco ASA is not configured to log messages to the syslog server at that IP address.
Answer: B
Explanation: By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally:
\\psf\Home\.Trash\Screen Shot 2015-06-11 at 8.38.59 PM.png
Q6. Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?
A. Cisco Security Manager
B. Cisco IPS Manager Express
C. Cisco IPS Device Manager
D. Cisco Adaptive Security Device Manager
Answer: A
Q7. When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true?
A. It is replaced by the Cisco AIP-SSM home page.
B. It must reconnect to the NAT policies database.
C. The administrator can manually update the page.
D. It displays a new Intrusion Prevention panel.
Answer: D
Q8. Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?
A. Log
B. Inspect
C. Permit
D. Deny
Answer: B
Q9. An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?
A. no service password-recovery
B. no service startup-config
C. service password-encryption
D. no confreg 0x2142
Answer: A
Q10. Which Cisco product provides a GUI-based device management tool to configure Cisco access routers?
A. Cisco ASDM
B. Cisco CP Express
C. Cisco ASA 5500
D. Cisco CP
Answer: D
Q11. When a Cisoc ASA CX module is managed by Cisco prime Security Manager in Multiple Device Mode , which mode does the firewall use?
A. Multi mode
B. Unmanaged mode
C. Single mode
D. Managed mode
Answer: D
Explanation: http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1b_User_Guide_for_ASA_CX_a nd_PR SM_9_1_chapter_011 0.html#task_7E648F43AD724DA2983699B12E92A528
Q12. When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.)
A. rogue DHCP servers
B. ARP attacks
C. DHCP starvation
D. MAC spoofing
E. CAM attacks
F. IP spoofing
Answer: D,F
Q13. A router is being enabled for SSH command line access. The following steps have been taken:
. The vty ports have been configured with transport input SSH and login local.
. Local user accounts have been created.
. The enable password has been configured.
What additional step must be taken if users receive a 'connection refused' error when attempting to access the router via SSH?
A. A RSA keypair must be generated on the router
B. An access list permitting SSH inbound must be configured and applied to the vty ports
C. An access list permitting SSH outbound must be configured and applied to the vty ports
D. SSH v2.0 must be enabled on the router
Answer: A
Q14. An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM.
When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access?
A. admin / admin
B. asaAdmin / (no password)
C. It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command.
D. enable_15 / (no password)
E. cisco / cisco
Answer: D
Q15. Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.)
A. Cisco ESA
B. Cisco ASA
C. Cisco WSA
D. Cisco ASA CX
Answer: B,D