Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. At which layer does Dynamic ARP Inspection validate packets?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 7
Answer: A
Q2. Which three logging methods are supported by Cisco routers? (Choose three.)
A. console logging
B. TACACS+ logging
C. terminal logging
D. syslog logging
E. ACL logging
F. RADIUS logging
Answer: A,C,D
Q3. A network administrator is creating an ASA-CX administrative user account with the following parameters:
The user will be responsible for configuring security policies on network devices.
The user needs read-write access to policies.
The account has no more rights than necessary for the job.
What role will the administrator assign to the user?
A. Administrator
B. Security administrator
C. System administrator
D. Root Administrator
E. Exec administrator
Answer: B
Q4. Which statement is true of the logging configuration on the Cisco ASA?
A. The contents of the internal buffer will be saved to an FTP server before the buffer is overwritten.
B. The contents of the internal buffer will be saved to flash memory before the buffer is overwritten.
C. System log messages with a severity level of six and higher will be logged to the internal buffer.
D. System log messages with a severity level of six and lower will be logged to the internal buffer.
Answer: C
Explanation:
\\psf\Home\.Trash\Screen Shot 2015-06-17 at 5.26.32 PM.png
Q5. What is a required attribute to configure NTP authentication on a Cisco ASA?
A. Key ID
B. IPsec
C. AAA
D. IKEv2
Answer: A
Q6. Which cloud characteristic is used to describe the sharing of physical resources
between various entities?
A. Multitenancy
B. Ubiquitous access
C. Elasticity
D. Resiliency
Answer: A
Q7. Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)
A. NAT
B. dynamic routing
C. SSL remote access VPN
D. IPSec remote access VPN
Answer: A,B
Q8. Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic?
A. man-in-the-middle
B. denial of service
C. distributed denial of service
D. CAM overflow
Answer: A
Q9. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option
Answer: A
Q10. Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment?
A. Cisco Nexus 1000V
B. Cisco VSG
C. WSVA
D. ESVA
Answer: A
Q11. Which command sets the source IP address of the NetFlow exports of a device?
A. ip source flow-export
B. ip source netflow-export
C. ip flow-export source
D. ip netflow-export source
Answer: C
Q12. Which action is needed to set up SSH on the Cisco ASA firewall?
A. Create an ACL to aloew the SSH traffic to the Cisco ASA.
B. Configure DHCP for the client that will connect via SSH.
C. Generate a crypto key
D. Specify the SSH version level as either 1 or 2.
E. Enable the HTTP server to allow authentication.
Answer: C
Q13. IPv6 addresses in an organization's network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?
A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C. Denial of service attacks using TCP SYN floods
D. Denial of Service attacks using spoofed IPv6 Router Solicitations
Answer: A
Q14. Which feature can suppress packet flooding in a network?
A. PortFast
B. BPDU guard
C. Dynamic ARP Inspection
D. storm control
Answer: D
Q15. Which two voice protocols can the Cisco ASA inspect? (Choose two.)
A. MGCP
B. IAX
C. Skype
D. CTIQBE
Answer: A,D