web analytics

Which three commands can be used to harden a switch?

Which three commands can be used to harden a switch? (Choose three.) A. switch(config-if)# spanning-tree bpdufilter enable B. switch(config)# ip dhcp snooping C. switch(config)# errdisable recovery interval 900 D. switch(config-if)#

What are three features of the Cisco ASA 1000V?

What are three features of the Cisco ASA 1000V? (Choose three.) A. cloning the Cisco ASA 1000V B. dynamic routing C. the Cisco VNMC policy agent D. IPv6 E. active/standby

What is its behavior?

If the Cisco ASA 1000V has too few licenses, what is its behavior? A. It drops all traffic. B. It drops all outside-to-inside packets. C. It drops all inside-to-outside packets.

What role will the administrator assign to the user?

A network administrator is creating an ASA-CX administrative user account with the following parameters: – The user will be responsible for configuring security policies on network devices. – The user

Which two web browsers are supported for the Cisco ISE GUI?

Which two web browsers are supported for the Cisco ISE GUI? (Choose two.) A. HTTPS-enabled Mozilla Firefox version 3.x B. Netscape Navigator version 9 C. Microsoft Internet Explorer version 8

How many monitored interface failures will cause failover to occur?

With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur? A. 1 B. 2 C. 3 D. 4 E. 5 Answer: A

Which statement about SNMP support on the Cisco ASA appliance is true?

Which statement about SNMP support on the Cisco ASA appliance is true? A. The Cisco ASA appliance supports only SNMPv1 or SNMPv2c. B. The Cisco ASA appliance supports read-only and

Which statement about Cisco ASA multicast routing support is true?

Which statement about Cisco ASA multicast routing support is true? A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM. B. The Cisco ASA appliance supports only

How many interfaces can a Cisco ASA bridge group support and how many bridge groups can a Cisco ASA appliance support?

How many interfaces can a Cisco ASA bridge group support and how many bridge groups can a Cisco ASA appliance support? A. up to 2 interfaces per bridge group and

Which addresses are considered “ambiguous addresses” and are put on the greylist by the Cisco ASA botnet traffic filter feature?

Which addresses are considered “ambiguous addresses” and are put on the greylist by the Cisco ASA botnet traffic filter feature? A. addresses that are unknown B. addresses that are on

For which purpose is the Cisco ASA CLI command aaa authentication match used?

For which purpose is the Cisco ASA CLI command aaa authentication match used? A. Enable authentication for SSH and Telnet connections to the Cisco ASA appliance. B. Enable authentication for

Which configuration enables sampling, assuming that NetFlow is already configured and running on the router’s fa0/0 interface?

A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router’s fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured

What is the default log level on the Cisco Web Security Appliance?

What is the default log level on the Cisco Web Security Appliance? A. Trace B. Debug C. Informational D. Critical Answer: C

Which command sets the source IP address of the NetFlow exports of a device?

Which command sets the source IP address of the NetFlow exports of a device? A. ip source flow-export B. ip source netflow-export C. ip flow-export source D. ip netflow-export source

Which two SNMPv3 features ensure that SNMP packets have been sent securely?

Which two SNMPv3 features ensure that SNMP packets have been sent securely?” Choose two. A. host authorization B. authentication C. encryption D. compression Answer: BC

Which three logging methods are supported by Cisco routers?

Which three logging methods are supported by Cisco routers? (Choose three.) A. console logging B. TACACS+ logging C. terminal logging D. syslog logging E. ACL logging F. RADIUS logging Answer:

Which three options are default settings for NTP parameters on a Cisco device?

Which three options are default settings for NTP parameters on a Cisco device? (Choose three.) A. NTP authentication is enabled. B. NTP authentication is disabled. C. NTP logging is enabled.

When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode?

A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode?

Which two features are supported when configuring clustering of multiple Cisco ASA appliances?

Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.) A. NAT B. dynamic routing C. SSL remote access VPN D. IPSec remote access VPN

Which two device types can Cisco Prime Security Manager manage in Multiple Device mode?

Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.) A. Cisco ESA B. Cisco ASA C. Cisco WSA D. Cisco ASA CX Answer:

Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?

Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V? A. Virtual Service Node B. Virtual Service Gateway C. Virtual Service Data

To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?

To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it? A. outside B. inside C. management D. DMZ Answer:

Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN?

You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to

Which account has most likely been improperly modified?

If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified? A.

Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance? A. a DES or 3DES license B. a NAT policy server C.

Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?

Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? A. A class-map that matches port 2525 and applying

What role will be assigned to the user?

A network administrator is creating an ASA-CX administrative user account with the following parameters: – The user will be responsible for configuring security policies on network devices. – The user

Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices?

Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices? A. Prime Infrastructure B. Prime Assurance C. Prime Network Registrar D. Prime Network

Which three compliance and audit report types are available in Cisco Prime Infrastructure?

Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.) A. Service B. Change Audit C. Vendor Advisory D. TAC Service Request E. Validated Design

Which statement about the Cisco ASA botnet traffic filter is true?

Which statement about the Cisco ASA botnet traffic filter is true? A. The four threat levels are low, moderate, high, and very high. B. By default, the dynamic-filter drop blacklist

Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured?

Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured? A. admin context B. customer context C. system execution space D. within the system execution space and

Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?

Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols? A. network B. ICMP C. protocol D. TCP-UDP E. service Answer:

Which Cisco ASA show command groups the xlates and connections information together in its output?

Which Cisco ASA show command groups the xlates and connections information together in its output? A. show conn B. show conn detail C. show xlate D. show asp E. show

When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?

When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts? A. each security context B. system configuration C. admin

When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?

When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified? A. The nameif configuration on the member physical interfaces are identical. B. The MAC address configuration

Where are the Layer 5-7 policy maps applied?

On the Cisco ASA, where are the Layer 5-7 policy maps applied? A. inside the Layer 3-4 policy map B. inside the Layer 3-4 class map C. inside the Layer

A Cisco ASA requires an additional feature license to enable which feature?

A Cisco ASA requires an additional feature license to enable which feature? A. transparent firewall B. cut-thru proxy C. threat detection D. botnet traffic filtering E. TCP normalizer Answer: D

Which four are IPv6 First Hop Security technologies?

Which four are IPv6 First Hop Security technologies? (Choose four.) A. Send B. Dynamic ARP Inspection C. Router Advertisement Guard D. Neighbor Discovery Inspection E. Traffic Storm Control F. Port

What is a security concern of using SLAAC for IPv6 address assignment?

IPv6 addresses in an organization’s network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment? A. Man-In-The-Middle attacks or traffic interception

Which two parameters must be configured before you enable SCP on a router?

Which two parameters must be configured before you enable SCP on a router? (Choose two.) A. SSH B. authorization C. ACLs D. NTP E. TACACS+ Answer: AB

Which command suppresses those syslog messages while maintaining ability to troubleshoot?

A network engineer is troubleshooting and configures the ASA logging level to debugging. The logging-buffer is dominated by %ASA-6-305009 log messages. Which command suppresses those syslog messages while maintaining ability

Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?

Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device? A. to provide detailed packet-trace information B. to specify the source

Which two options are two purposes of the packet-tracer command?

Which two options are two purposes of the packet-tracer command? (Choose two.) A. to filter and monitor ingress traffic to a switch B. to configure an interface-specific packet trace C.

Which set of commands enables logging and displays the log buffer on a Cisco ASA?

Which set of commands enables logging and displays the log buffer on a Cisco ASA? A. enable logging show logging B. logging enable show logging C. enable logging int e0/1

Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?

By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default

Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog?

Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.) A. logging list test message 711001 B.

Which five options are valid logging destinations for the Cisco ASA?

Which five options are valid logging destinations for the Cisco ASA? (Choose five.) A. AAA server B. Cisco ASDM C. buffer D. SNMP traps E. LDAP server F. email G.

When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit?

When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.) A. address translation rate B. Cisco ASDM session

Which three Cisco ASA options will not support these requirements?

The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.) A. transparent mode B. multiple context mode

Which command displays syslog messages on the Cisco ASA console as they occur?

Which command displays syslog messages on the Cisco ASA console as they occur? A. Console logging B. Logging console C. Logging trap D. Terminal monitor E. Logging monitor Answer: B