Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two options are protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? ( Choose two )
A. Unicast Reverse Path Forwarding
B. NetFlow
C. Routing Protocol Authentication
D. Threat detection
E. Syslog
F. ICMP unreachables
G. Cisco URL Filtering
Answer: B,E
Explanation: http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html
Q2. The Cisco Email Security Appliance can be managed with both local and external users of different privilege levels. What three external modes of authentication are supported? (Choose three.)
A. LDAP authentication
B. RADIUS Authentication
C. TACAS
D. SSH host keys
E. Common Access Card Authentication
F. RSA Single use tokens
Answer: A,B,D
Q3. Which command tests authentication with SSH and shows a generated key?
A. show key mypubkey rsa
B. show crypto key mypubkey rsa
C. show crypto key
D. show key mypubkey
Answer: B
Q4. A Cisco ASA is configured in multiple context mode and has two user-defined contexts—Context_A and Context_B. From which context are device logging messages sent?
A. Admin
B. Context_A
C. Context_B
D. System
Answer: A
Q5. Which Layer 2 security feature validates ARP packets?
A. DAI
B. DHCP server
C. BPDU guard
D. BPDU filtering
Answer: A
Q6. Which security operations management best practice should be followed to enable appropriate network access for administrators?
A. Provide full network access from dedicated network administration systems
B. Configure the same management account on every network device
C. Dedicate a separate physical or logical plane for management traffic
D. Configure switches as terminal servers for secure device access
Answer: C
Q7. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ?
A. TCP sessions
B. DHCP lease
C. NAT translations
D. Routing tables
Answer: B
Q8. Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.)
A. Service
B. Change Audit
C. Vendor Advisory
D. TAC Service Request
E. Validated Design
F. Smart Business Architecture
Answer: A,B,C
Q9. Where on a firewall does an administrator assign interfaces to contexts?
A. in the system execution space
B. in the admin context
C. in a user-defined context
D. in the console
Answer: A
Q10. Which two statements about zone-based firewalls are true? (Choose two.)
A. More than one interface can be assigned to the same zone.
B. Only one interface can be in a given zone.
C. An interface can only be in one zone.
D. An interface can be a member of multiple zones.
E. Every device interface must be a member of a zone.
Answer: A,C
Q11. Which two options are.protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? (Choose two.)
A. ICMP unreachables
B. NetFlow
C. syslog
D. Routing Protocol Authentication
E. Cisco URL Filtering
F. threat detection
G. Unicast Reverse Path Forwarding
Answer: B,C
Q12. A network administrator is creating an ASA-CX administrative user account with the following parameters:
The user will be responsible for configuring security policies on network devices.
The user needs read-write access to policies.
The account has no more rights than necessary for the job.
What role will be assigned to the user?
A. Administrator
B. Security administrator
C. System administrator
D. Root Administrator
E. Exec administrator
Answer: B
Q13. Which two options are two purposes of the packet-tracer command? (Choose two.)
A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to inject virtual packets into the data path
D. to debug packet drops in a production network
E. to correct dropped packets in a production network
Answer: C,D
Q14. Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?
A. to provide detailed packet-trace information
B. to specify the source interface for the packet trace
C. to display the trace capture in XML format
D. to specify the protocol type for the packet trace
Answer: B
Q15. When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?
A. in the system execution space
B. in the admin context
C. in a user-defined context
D. in the global configuration
Answer: A