Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)
A. router solicitation
B. router advertisement
C. neighbor solicitation
D. neighbor advertisement
E. redirect
Answer: C,D
Q2. Which log level provides the most detail on the Cisco Web Security Appliance?
A. Debug
B. Critical
C. Trace
D. Informational
Answer: C
Q3. Which statement about Cisco IPS Manager Express is true?
A. It provides basic device management for large-scale deployments.
B. It provides a GUI for configuring IPS sensors and security modules.
C. It enables communication with Cisco ASA devices that have no administrative access.
D. It provides greater security than simple ACLs.
Answer: B
Q4. Which three options correctly identify the Cisco ASA1000V Cloud Firewall? (Choose three.)
A. operates at Layer 2
B. operates at Layer 3
C. secures tenant edge traffic
D. secures intraswitch traffic
E. secures data center edge traffic
F. replaces Cisco VSG
G. complements Cisco VSG
H. requires Cisco VSG
Answer: B,C,G
Q5. Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance?
A. HTTP and POST flood attack
B. HTTP Compromised-Key Attack
C. HTTP Shockwave Flash exploit
D. HTTP SQL injection attack
Answer: D
Q6. Which option is a different type of secondary VLAN?
A. Transparent
B. Promiscuous
C. Virtual
D. Community
Answer: D
Q7. SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?
A. an SNMP group
B. at least one interface
C. the SNMP inspection in the global_policy
D. at least two interfaces
Answer: A
Explanation: This can be verified via the ASDM screen shot shown here:
Q8. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?
A. ACL permitting udp 123 from ntp server
B. ntp authentication
C. multiple ntp servers
D. local system clock
Answer: B
Q9. Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?
A. DHCP snooping
B. Port security
C. Source Guard
D. Rate Limiting
Answer: C
Q10. CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco ASA.
You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
. Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:
. Network object name: Internal-Networks
. IP subnet: 10.10.0.0/16
. Translated IP address: 192.0.2.100
. Source interface: inside
. Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
. In the Cisco ASDM, display and view the auto-generated NAT rule.
. From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.
. At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.
Answer: Use the following configuration as per exhibit in explanation.
Q11. Which two parameters must be configured before you enable SCP on a router? (Choose two.)
A. SSH
B. authorization
C. ACLs
D. NTP
E. TACACS+
Answer: A,B
Q12. How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment?
A. 1GB
B. 5GB
C. 2GB
D. 10GB
Answer: C
Q13. The Cisco Email Security Appliance can be managed with both local and external users of different privilege levels. What three external modes of authentication are supported? (Choose three.)
A. LDAP authentication
B. RADIUS Authentication
C. TACAS
D. SSH host keys
E. Common Access Card Authentication
F. RSA Single use tokens
Answer: A,B,D
Q14. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces?
A. ASA 5505 with failover license option
B. ASA 5510 Security+ license option
C. ASA 5520 with any license option
D. ASA 5540 with AnyConnect Essentials License option
Answer: B
Q15. What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)
A. DHCP snooping
B. IP Source Guard
C. Telnet
D. Secure Shell
E. SNMP
Answer: A,B