Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?
A. in the system execution space
B. in the admin context
C. in a user-defined context
D. in the global configuration
Answer: A
Q2. What is the default behavior of NAT control on Cisco ASA Software Version 8.3?
A. NAT control has been deprecated on Cisco ASA Software Version 8.3.
B. It will prevent traffic from traversing from one enclave to the next without proper access configuration.
C. It will allow traffic to traverse from one enclave to the next without proper access configuration.
D. It will deny all traffic.
Answer: A
Q3. In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages?
A. Logging is not enabled globally on the Cisco ASA.
B. The syslog server has failed.
C. There have not been any events with a severity level of seven.
D. The Cisco ASA is not configured to log messages to the syslog server at that IP address.
Answer: B
Explanation: By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally:
\\psf\Home\.Trash\Screen Shot 2015-06-11 at 8.38.59 PM.png
Q4. Which URL matches the regex statement "http"*/"www.cisco.com/"*[^E]"xe"?
A. https://www.cisco.com/ftp/ios/tftpserver.exe
B. https://cisco.com/ftp/ios/tftpserver.exe
C. http:/www.cisco.com/ftp/ios/tftpserver.Exe
D. https:/www.cisco.com/ftp/ios/tftpserver.EXE
Answer: A
Q5. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP?
A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection
Answer: A
Q6. Refer to the exhibit.
Which two statements about this firewall output are true? (Choose two.)
A. The output is from a packet tracer debug.
B. All packets are allowed to 192.168.1.0 255.255.0.0.
C. All packets are allowed to 192.168.1.0 255.255.255.0.
D. All packets are denied.
E. The output is from a debug all command.
Answer: A,C
Q7. Which two options are.protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? (Choose two.)
A. ICMP unreachables
B. NetFlow
C. syslog
D. Routing Protocol Authentication
E. Cisco URL Filtering
F. threat detection
G. Unicast Reverse Path Forwarding
Answer: B,C
Q8. Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface?
A. Bridge protocol Data Unit Guard
B. Storm Control
C. Embedded event monitoring
D. Access control lists
Answer: B
Q9. Which option lists cloud deployment models?
A. Private, public, hybrid, shared
B. Private, public, hybrid
C. IaaS, PaaS, SaaS
D. Private, public, hybrid, community
Answer: D
Explanation: https://www.ibm.com/developerworks/community/blogs/722f6200-f4ca-4eb3-9d64-8d2b58b2d4e8/entry/4_Types_of_Cloud_Computing_Deployment_Model_You_Need_to_K now1 ?lang=en
Q10. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.
Which statement describes how to set these access levels?
A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access.
B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.
C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.
D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI.
Answer: B
Q11. hich command is the first that you enter to check whether or not ASDM is installed on the ASA?
A. Show ip
B. Show running-config asdm
C. Show running-config boot
D. Show version
E. Show route
Answer: D
Q12. Which two options are private-VLAN secondary VLAN types? (Choose two)
A. Isolated
B. Secured
C. Community
D. Common
E. Segregated
Answer: A,C
Explanation:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html
Q13. Which statement about how the Cisco ASA supports SNMP is true?
A. All SNMFV3 traffic on the inside interface will be denied by the global ACL
B. The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c, and 3, but do not support the use of all three versions simultaneously.
C. The Cisco ASA and ASASM have an SNMP agent that notifies designated management ,. stations if events occur that are predefined to require a notification, for example, when a link in the network goes up or down.
D. SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default.
E. SNMPv3 is more secure because it uses SSH as the transport mechanism.
Answer: C
Explanation:
This can be verified by this ASDM screen shot:
Q14. A network administrator is creating an ASA-CX administrative user account with the following parameters:
The user will be responsible for configuring security policies on network devices.
The user needs read-write access to policies.
The account has no more rights than necessary for the job.
What role will be assigned to the user?
A. Administrator
B. Security administrator
C. System administrator
D. Root Administrator
E. Exec administrator
Answer: B
Q15. When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?
A. By enabling ARP inspection; however, it cannot be controlled by an ACL
B. By enabling ARP inspection or by configuring ACLs
C. By configuring ACLs; however, ARP inspection is not supported
D. By configuring NAT and ARP inspection
Answer: A