Cisco ASA Express Security v6.0

Page:    1 / 4   
Exam contains 58 questions

Which statement describes how users create their own (custom) application signatures with the Cisco ASA NGFW?

  • A. Wait for the Cisco application signatures update.
  • B. Add multiple applications into a new object, which can be used in policies.
  • C. Create rules for interesting applications that they care about, and assign an action for that rule.
  • D. Define applications based on URL, FQDN, user agents, IP addresses, or ports.

Answer : D

To maintain employee productivity, employee access is restricted based on application, user, device, and location.
Which two licenses are needed to allow administrators to enforce company policy?
(Choose two.)

  • A. AVC
  • B. Botnet Filtering
  • C. IPS for NGFW
  • D. WSE
  • E. AnyConnect Premium

Answer : A,D

Refer to the exhibit.

Which statement describes the effect of the access policy?

  • A. SSH traffic is blocked only on TCP port 22.
  • B. SSH traffic is blocked on any port.
  • C. Traffic that matches the access policy is logged in the PRMS event viewer.
  • D. SSH traffic is captured automatically.

Answer : B

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Choose three characteristics of DTLS. (Choose three.)

  • A. It uses TLS to negotiate and establish DTLS connections.
  • B. It uses DTLS to transmit datagrams.
  • C. It is disabled by default.
  • D. It uses TLS for data packet retransmission.
  • E. It replaces underlying transport layer with UDP 443.
  • F. It uses TLS to provide low-latency video application tunneling.

Answer : A,B,E

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the subnet?

  • A. http inside
  • B. http inside
  • C. http inside
  • D. http

Answer : C

Which NGFW component collects user details so that access policies can match traffic based on this information?

  • A. directory realms
  • B. identity policies
  • C. authentication settings
  • D. CDA or Active Directory agent

Answer : B

You are configuring bookmarks for the clientless SSL VPN portal without the use of plug- ins. Which three bookmark types are supported? (Choose three.)

  • A. RDP
  • B. HTTP
  • C. FTP
  • D. CIFS
  • E. SSH
  • F. Telnet

Answer : B,C,D

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

  • A. RIP (v1 and v2)
  • B. OSPF
  • C. ISIS
  • D. BGP
  • E. EIGRP
  • F. Bidirectional PIM
  • G. MOSPF
  • H. PIM dense mode

Answer : A,B,E,F

Refer to the exhibit.

Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?

  • A. route dmz route dmz
  • B. route dmz 1 route dmz 1
  • C. route dmz route dmz 2
  • D. route dmz route dmz
  • E. route dmz 1 route dmz 1
  • F. route dmz route dmz 2

Answer : F

To which two policy types can an administrator apply a web reputation profile to implement reputation-based processing? (Choose two.)

  • A. access policies that permit traffic
  • B. access policies that deny traffic
  • C. decryption policies that decrypt potentially malicious traffic
  • D. universal access policies
  • E. NAT policies for ASAs that operate in multiple device mode
  • F. packet capture policies that perform global capture of dropped packets

Answer : AC

Which statement about the on-box version of PRSM is true?

  • A. Cisco ASA NGFW comes preinstalled with a version of PRSM.
  • B. The on-box PRSM can support up to five NGFW modules.
  • C. The on-box PRSM license can be applied to the off-box version of PRSM.
  • D. Cisco ASA NGFW requires an ESXi license to run on-box PRSM.

Answer : A

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

  • A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
  • B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
  • C. Time-based licenses are stackable in duration but not in capacity.
  • D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Answer : AC

In which two ways is the Cisco ASA CWS subscription licensed? (Choose two.)

  • A. term only
  • B. term and seat
  • C. term and application
  • D. term and session
  • E. free with purchase of WSE 5-year term subscription license

Answer : AB

Which license is required on the Cisco ASA NGFW for an administrator to manage it securely from a remote laptop?

  • A. AnyConnect Endpoint Assessment
  • B. AnyConnect Premium
  • C. AnyConnect for Mobile
  • D. AnyConnect for Cisco VPN phone
  • E. Cisco Secure Desktop

Answer : B

You are an NGFW administrator at a local school and want to take appropriate steps to limit exposure to explicit content for students.
Which access policy action is the most effective with the least impact?

  • A. Limit bandwidth to 200 Kb/s.
  • B. Filter MIME image file types.
  • C. Enable IPS for NGFW.
  • D. Enforce Safe Search.
  • E. Block sites with poor web reputation.

Answer : D

Page:    1 / 4   
Exam contains 58 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy