Implementing Cisco Edge Network Security Solutions v11.0

Page:    1 / 15   
Total 222 questions Expand All

You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted
Relay Point (TRP) in a voice network. Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN?

  • A. CAC
  • B. ACL
  • C. CBAC
  • D. STUN

Answer : D

Which Layer 2 security feature validates ARP packets?

  • A. DAI
  • B. DHCP server
  • C. BPDU guard
  • D. BPDU filtering

Answer : A

To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?

  • A. outside
  • B. inside
  • C. management
  • D. DMZ

Answer : B

Answer :

1) Click on Service Policy Rules, then Edit the default inspection rule.
2) Click on Rule Actions, then enable HTTP as shown here:

3)Click on Configure, then add as shown here:

4)Create the new map in ASDM like shown:

5)Edit the policy as shown:

6) Hit OK

Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)

  • A. Enable the EIGRP routing process and specify the AS number.
  • B. Define the EIGRP default-metric.
  • C. Configure the EIGRP router ID.
  • D. Use the neighbor command(s) to specify the EIGRP neighbors.
  • E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Answer : A,E

What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2
Services? (Choose two.)

  • A. guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access thedevice
  • B. increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE
  • C. enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality
  • D. provided complete proactive protection against frame and device spoofing

Answer : B,C

When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

  • A. By enabling ARP inspection; however, it cannot be controlled by an ACL
  • B. By enabling ARP inspection or by configuring ACLs
  • C. By configuring ACLs; however, ARP inspection is not supported
  • D. By configuring NAT and ARP inspection

Answer : A

Which option is a valid action for a port security violation ?

  • A. Restrict
  • B. Reject
  • C. Disable
  • D. Reset

Answer : A

Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?

  • A. network
  • B. ICMP
  • C. protocol
  • D. TCP-UDP
  • E. service

Answer : E

Which three configurations are needed to enable SNMPv3 support on the Cisco ASA?
(Choose three.)

  • A. SNMPv3 Local EngineID
  • B. SNMPv3 Remote EngineID
  • C. SNMP Users
  • D. SNMP Groups
  • E. SNMP Community Strings
  • F. SNMP Hosts

Answer : C,D,F

Refer to the exhibit.

Which two statements about this firewall output are true? (Choose two.)

  • A. The output is from a packet tracer debug.
  • B. All packets are allowed to
  • C. All packets are allowed to
  • D. All packets are denied.
  • E. The output is from a debug all command.

Answer : A,C

What are three attributes that can be applied to a user account with RBAC? (Choose three.)

  • A. domain
  • B. password
  • C. ACE tag
  • D. user roles
  • E. VDC group tag
  • F. expiry date

Answer : B,D,F

Which two features does Cisco Security Manager provide? (Choose two.)

  • A. Configuration and policy deployment before device discovery
  • B. Health and performance monitoring
  • C. Event management and alerting
  • D. Command line menu for troubleshooting
  • E. Ticketing management and tracking

Answer : B,C

When a Cisco ASA CX module is management by Cisco Prime Security Manager in a
Multiple Devices Mode, which mode does the firewall use ?

  • A. Managed Mode
  • B. Unmanaged mode
  • C. Single mode
  • D. Multi mode

Answer : A

Explanation: b_User_Guide_for_ASA_CX_and_PRSM_9_1b_User_Guide_for_ASA_CX_and_PRSM_9 ml#task_7E648F43AD724DA2983699B12E92A528

Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?

  • A. logging list critical_messages level 2console logging critical_messages
  • B. logging list critical_messages level 2logging console critical_messages
  • C. logging list critical_messages level 2logging console enable critical_messages
  • D. logging list enable critical_messages level 2 console logging critical_messages

Answer : B

Page:    1 / 15   
Total 222 questions Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us