Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. If the Cisco ASA 1000V has too few licenses, what is its behavior?
A. It drops all traffic.
B. It drops all outside-to-inside packets.
C. It drops all inside-to-outside packets.
D. It passes the first outside-to-inside packet and drops all remaining packets.
Answer: D
Q2. Which two options are private-VLAN secondary VLAN types? (Choose two)
A. Isolated
B. Secured
C. Community
D. Common
E. Segregated
Answer: A,C
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html
Q3. When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?
A. By enabling ARP inspection; however, it cannot be controlled by an ACL
B. By enabling ARP inspection or by configuring ACLs
C. By configuring ACLs; however, ARP inspection is not supported
D. By configuring NAT and ARP inspection
Answer: A
Q4. Refer to the exhibit. What is the effect of this configuration?
A. The firewall will inspect IP traffic only between networks 192.168.1.0 and 192.168.2.0.
B. The firewall will inspect all IP traffic except traffic to 192.168.1.0 and 192.168.2.0.
C. The firewall will inspect traffic only if it is defined within a standard ACL.
D. The firewall will inspect all IP traffic.
Answer: A
Q5. Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?
A. Enable DNS snooping, traffic classification, and actions.
B. Botnet Traffic Filtering is not supported in transparent mode.
C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
D. Enable the use of dynamic database, enable traffic classification and actions.
Answer: C
Q6. If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified?
A. admin (the default administrator account)
B. casuser (the default service account)
C. guest (the default guest account)
D. user (the default user account)
Answer: B
Q7. When access rule properties are configured within ASDM, which traffic direction type is required by global and management access rule?
A. Any
B. Both in and out
C. In
D. Out
Answer: C
Q8. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true?
A. Use a sysopt command to enable NSEL on a specific interface.
B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled
C. NSEL tracks the flow continuously and provides updates every 10 seconds.
D. You must define a flow-export event type under a policy.
E. NSEL can be used without a collector configured.
Answer: D
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_co nfig/ monitor_nsel.html
Q9. Which statement about Cisco ASA NetFlow v9 (NSEL) is true?
A. NSEL events match all traffic classes in parallel
B. NSEL is has a time interval locked at 20 seconds and is not user configurable
C. NSEL tracks flow-create, flow-teardown, and flow-denied events and generates appropriate NSEL data records
D. You cannot disable syslog messages that have become redundant because of NSEL
E. NSEL tracks the flow continuously and provides updates every 10 second
F. NSEL provides stateless IP flow tracking that exports all record od a specific flow
Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/monitor _nsel. Html
Q10. Which log level provides the most detail on the Cisco Web Security Appliance?
A. Debug
B. Critical
C. Trace
D. Informational
Answer: C
Q11. According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)
A. switchport mode access
B. switchport access vlan 2
C. switchport mode trunk
D. switchport access vlan 1
E. switchport trunk native vlan 1
F. switchport protected
Answer: A,B
Q12. Which option is a valid action for a port security violation?
A. Reset
B. Reject
C. Restrict
D. Disable
Answer: C
Q13. SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?
A. an SNMP group
B. at least one interface
C. the SNMP inspection in the global_policy
D. at least two interfaces
Answer: A
Explanation: This can be verified via the ASDM screen shot shown here:
Q14. Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)
A. NAT
B. dynamic routing
C. SSL remote access VPN
D. IPSec remote access VPN
Answer: A,B
Q15. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?
A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection
Answer: A