web analytics

Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance?

Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance? A. session 1 ip address B. session 2 ip address C. session 1

When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or PAT, which type of VPN tunneling should be used to allow the VPN traffic through the stateful firewall?

When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or PAT, which type of VPN tunneling should be used to allow the VPN traffic

What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance’s administrative interface?

What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance’s administrative interface? A. adminaccessconfig B. sshconfig C. sslconfig D. ipaccessconfig Correct Answer:

Which CLI command shows the most fired signature?

A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature? A. Show statistics virtual-sensor B. Show event alert

Which describes the correct configuration?

An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration? A. Inline

What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?

What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance? A. 192.168.1.1 B. 192.168.1.2 C. 192.168.1.3 D. 192.168.1.4 E. 192.168.1.5 F. 192.168.8.8 Correct Answer: F

Which two Cisco ASA licenses enabled on its security appliance?

To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have which two Cisco ASA licenses enabled on its security appliance? (Choose two.) A. Cisco AnyConnect Premium

What are three steps that a Cisco ASA will perform to authenticate the digital certificate?

Upon receiving a digital certificate, what are three steps that a Cisco ASA will perform to authenticate the digital certificate? (Choose three.) A. The identity certificate validity period is verified

Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?

After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters

Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?

After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters

When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?

When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used? A. It is created every 24 hours and

What is the default IP range of the external zone?

What is the default IP range of the external zone? A. 0.0.0.0 0.0.0.0 B. 0.0.0.0 – 255.255.255.255 C. 0.0.0.0/8 D. The network of the management interface Correct Answer: B

Which three zones are used for anomaly detection?

Which three zones are used for anomaly detection? (Choose three.) A. Internal zone B. External zone C. Illegal zone D. Inside zone E. Outside zone F. DMZ zone Correct Answer:

What calculates the signature fidelity rating?

Who or what calculates the signature fidelity rating? A. the signature author B. Cisco Professional Services C. the administrator D. the security policy Correct Answer: A

Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance?

Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance? A. http://192.168.42.42:8080 B. http://192.168.42.42:80 C. https://192.168.42.42:443 D. https://192.168.42.42:8443 Correct Answer: D

What can Cisco Prime Security Manager (PRSM) be used to achieve?

What can Cisco Prime Security Manager (PRSM) be used to achieve? A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies B. Configure Cisco

Which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?

A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance? A. drop-exe: if (attachment-filename == “\.exe$”) OR (attachment-filetype

What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?

What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance? A. filterconfig B. filters new C. messagefilters D. policyconfig– inbound or outbound– filters

Which Cisco WSA is intended for deployment in organizations of up to 1500 users?

Which Cisco WSA is intended for deployment in organizations of up to 1500 users? A. WSA S370 B. WSA S670 C. WSA S370-2RU D. WSA S170 Correct Answer: D

Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase?

Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase? A. ASA B. WSA C. Secure mobile access D. IronPort ESA E. SBA

Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email?

Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email? A. SBA B. secure mobile access C. IPv6 DMZ web service D. ESA

Which port is used for CLI Secure shell access?

Which port is used for CLI Secure shell access? A. Port 23 B. Port 25 C. Port 22 D. Port 443 Correct Answer: C

Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance?

Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.) A. LDAP B. FTP C. TFTP D. HTTP E. SCEP F. Manual

Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?

Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?

Which four parameters must be defined in an ISAKMP policy when creating an IPsec site-to-site VPN using the Cisco ASDM?

Which four parameters must be defined in an ISAKMP policy when creating an IPsec site-to-site VPN using the Cisco ASDM? (Choose four.) A. encryption algorithm B. hash algorithm C. authentication

Which command verifies that the correct CWS license key information was entered on the Cisco ASA?

Which command verifies that the correct CWS license key information was entered on the Cisco ASA? A. sh run scansafe server B. sh run scansafe C. sh run server D.

Which Cisco WSA is intended for deployment in organizations of more than 6000 users?

Which Cisco WSA is intended for deployment in organizations of more than 6000 users? A. WSA S370 B. WSA S670 C. WSA S370-2RU D. WSA S170 Correct Answer: B

Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2?

Which two benefits are provided by the dynamic dashboard in Cisco ASDM Version 5.2? (Choose two.) A. It configures system polices for NAC devices. B. It forwards traffic to destination

Which rate limit option specifies the maximum bandwidth for rate-limited traffic?

With Cisco IDM, which rate limit option specifies the maximum bandwidth for rate-limited traffic? A. protocol B. rate C. bandwidth D. limit Correct Answer: B

What three alert notification options are available in Cisco IntelliShield Alert Manager?

What three alert notification options are available in Cisco IntelliShield Alert Manager? (Choose three.) A. Alert Summary as Text B. Complete Alert as an HTML Attachment C. Complete Alert as

How would you configure the SSL VPN tunnel to allow this application to run?

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. The finance employees need remote access to the software during non- business

Which three modes?

A network engineer can assign IPS event action overrides to virtual sensors and configure which three modes? (Choose three.) A. Anomaly detection operational mode B. Inline TCP session tracking mode

Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?

Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats? A. the IntelliShield Threat Outbreak Alert B. IntelliShield Alert Manager vulnerability alerts C. the IntelliShield

Which three search parameters are supported by the Email Security Monitor?

Which three search parameters are supported by the Email Security Monitor? (Choose three.) A. Destination domain B. Network owner C. MAC address D. Policy requirements E. Internal sender IP address

Which Cisco monitoring solution displays information and important statistics for the security devices in a network?

Which Cisco monitoring solution displays information and important statistics for the security devices in a network? A. Cisco Prime LAN Management B. Cisco ASDM Version 5.2 C. Cisco Threat Defense

What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

What is the correct deployment for an IPS appliance in a network where traffic identified as threat traffic should be blocked and all traffic is blocked if the IPS fails?

What are two benefits of using SPAN with promiscuous mode deployment?

What are two benefits of using SPAN with promiscuous mode deployment? (Choose two.) A. SPAN does not introduce latency to network traffic. B. SPAN can perform granular scanning on captures

Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?

Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server? A. sensor# configure terminal sensor(config)# service sensor sensor(config-hos)# network-settings sensor(config-hos-net)# ftp-timeout 500

Which two practices are recommended for implementing NIPS at enterprise Internet edges?

Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.) A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).

What are three benefits of the Cisco AnyConnect Secure Mobility Solution?

What are three benefits of the Cisco AnyConnect Secure Mobility Solution? (Choose three.) A. It can protect against command-injection and directory-traversal attacks. B. It provides Internet transport while maintaining corporate

Which version of AsyncOS for web is required to deploy the Web Security Appliance as a CWS connector?

Which version of AsyncOS for web is required to deploy the Web Security Appliance as a CWS connector? A. AsyncOS version 7.7.x B. AsyncOS version 7.5.x C. AsyncOS version 7.5.7

What are the initial actions that can be performed on an incoming SMTP session by the workqueue of a Cisco Email Security Appliance?

What are the initial actions that can be performed on an incoming SMTP session by the workqueue of a Cisco Email Security Appliance? A. Accept, Reject, Relay, TCPRefuse B. LDAP

Which three statements about Cisco ASA CX are true?

Which three statements about Cisco ASA CX are true? (Choose three.) A. It groups multiple ASAs as a single logical device. B. It can perform context-aware inspection. C. It provides

Which Cisco technology is a modular security service that combines a stateful inspection firewall with next-generation application awareness, providing near real-time threat protection?

Which Cisco technology is a modular security service that combines a stateful inspection firewall with next-generation application awareness, providing near real-time threat protection? A. Cisco ASA 5500 series appliances B.

Which antispam technology assumes that email from server A, which has a history of distributing spam, is more likely to be spam than email from server B, which does not have a history of distributing spam?

Which antispam technology assumes that email from server A, which has a history of distributing spam, is more likely to be spam than email from server B, which does not

Which Cisco technology secures the network through malware filtering, category-based control, and reputation-based control?

Which Cisco technology secures the network through malware filtering, category-based control, and reputation-based control? A. Cisco ASA 5500 Series appliances B. Cisco remote-access VPNs C. Cisco IronPort WSA D. Cisco

Which IPS signature regular expression CLI command matches a host issuing a domain lookup for www.theblock.com?

Which IPS signature regular expression CLI command matches a host issuing a domain lookup for www.theblock.com? A. regex-string (x03[Tt][Hh][Ee]x05[Bb][Ll][Oo][Cc][Kk]) B. regex-string (x0b[theblock.com]) C. regex-string (x03[the]x05[block]0x3[com]) D. regex-string (x03[T][H][E]x05[B][L][O][C][K]x03[.][C][O][M] Correct Answer:

Which five system management protocols are supported by the Intrusion Prevention System?

Which five system management protocols are supported by the Intrusion Prevention System? (Choose five.) A. SNMPv2c B. SNMPv1 C. SNMPv2 D. SNMPv3 E. syslog F. SDEE G. SMTP Correct Answer:

Which are the two most likely reasons that the category is still being blocked for a faculty and staff user?

The Web Security Appliance has identities defined for faculty and staff, students, and default access. The faculty and staff identity identifies users based on the source network and authenticated credentials.

Which three of the following?

Cisco AVC allows control of which three of the following? (Choose three.) A. Facebook B. LWAPP C. IPv6 D. MySpace E. Twitter F. WCCP Correct Answer: ADE