Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which command sets the number of packets to log on a Cisco IPS sensor?
A. ip-log-count number
B. ip-log-packets number
C. ip-log-bytes number
D. ip-log number
Answer: B
Q2. Which two conditions must you configure in an event action override to implement a risk rating of 70 or higher and terminate the connection on the IPS? (Choose two.)
A. Configure the event action override to send a TCP reset.
B. Set the risk rating range to 70 to 100.
C. Configure the event action override to send a block-connection request.
D. Set the risk rating range to 0 to 100.
E. Configure the event action override to send a block-host request.
Answer: A,B
Q3. Which command allows the administrator to access the Cisco WSA on a secure channel on
port 8443?
A. strictssl
B. adminaccessconfig
C. ssl
D. ssh
Answer: A
Q4. What is the default IP range of the external zone?
A. 0.0.0.0 0.0.0.0
B. 0.0.0.0 - 255.255.255.255
C. 0.0.0.0/8
D. The network of the management interface
Answer: B
Q5. Which signature definition is virtual sensor 0 assigned to use?
A. rules0
B. vs0
C. sig0
D. ad0
E. ad1
F. sigl
Answer: C
Explanation:
This is the default signature. You can create multiple security policies and apply them to individual virtual sensors. A security policy is made up of a signature definition policy, an event action rules policy, and an anomaly detection policy. Cisco IPS contains a default signature definition policy called sig0, a default event action rules policy called rules0, and a default anomaly detection policy called ad0. You can assign the default policies to a virtual sensor or you can create new policies.
Q6. What is a primary difference between the web security features of the Cisco WSA and the Cisco ASA NGFW?
A. Cisco WSA provides URL filtering, while Cisco ASA NGFW does not.
B. Cisco ASA NGFW provides caching services, while Cisco WSA does not.
C. Cisco WSA provides web reputation filtering, while Cisco ASA NGFW does not.
D. Cisco ASA NGFW provides application visibility and control on all ports, while Cisco WSA does not.
Answer: D
Q7. Which three functions can Cisco Application Visibility and Control perform within Cisco Cloud Web Security? (Choose three.)
A. validation of malicious traffic
B. traffic control
C. extending Web Security to all computing devices
D. application-level classification
E. monitoring
F. signature tuning
Answer: B,D,E
Q8. A network engineer may use which three types of certificates when implementing HTTPS decryption services on the ASA CX? (Choose three.)
A. Self Signed Server Certificate
B. Self Signed Root Certificate
C. Microsoft CA Server Certificate
D. Microsoft CA Subordinate Root Certificate
E. LDAP CA Server Certificate
F. LDAP CA Root Certificate
G. Public Certificate Authority Server Certificate
H. Public Certificate Authority Root Certificate
Answer: B,D,F
Q9. Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email?
A. SBA
B. secure mobile access
C. IPv6 DMZ web service
D. ESA
Answer: D
Q10. What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?
A. Inline; fail open
B. Inline; fail closed
C. Promiscuous; fail open
D. Promiscuous; fail closed
Answer: B
Q11. During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?
A. cxsc fail
B. cxsc fail-close
C. cxsc fail-open
D. cxssp fail-close
Answer: B
Q12. Which three protocols are required when considering firewall rules for email services using a Cisco Email Security Appliance? (Choose three.)
A. SMTP
B. HTTP
C. DNS
D. SNMP
E. FTP
Answer: A,B,C
Q13. Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.)
A. It configures system polices for NAC devices.
B. It forwards traffic to destination devices.
C. It provides statistics for device health.
D. It replaces syslog, RADIUS, and TACACS+ servers.
E. It automatically detects Cisco security appliances to configure.
Answer: C,E
Q14. Which two commands are used to verify that CWS redirection is working on a Cisco ASA appliance? (Choose two.)
A. show scansafe statistics
B. show webvpn statistics
C. show service-policy inspect scansafe
D. show running-config scansafe
E. show running-config webvpn
F. show url-server statistics
Answer: A,C
Q15. Which Cisco WSA is intended for deployment in organizations of more than 6000 users?
A. WSA S370
B. WSA S670
C. WSA S370-2RU
D. WSA S170
Answer: B
Q16. Which three statements about Cisco ASA CX are true? (Choose three.)
A. It groups multiple ASAs as a single logical device.
B. It can perform context-aware inspection.
C. It provides high-density security services with high availability.
D. It uses policy-based interface controls to inspect and forward TCP- and UDP-based packets.
E. It can make context-aware decisions.
F. It uses four cooperative architectural constructs to build the firewall.
Answer: B,E,F