Cisco ASA Express Security v6.0

Page:    1 / 4   
Exam contains 55 questions

Which statement describes how users create their own (custom) application signatures with the Cisco ASA NGFW?

  • A. Wait for the Cisco application signatures update.
  • B. Add multiple applications into a new object, which can be used in policies.
  • C. Create rules for interesting applications that they care about, and assign an action for that rule.
  • D. Define applications based on URL, FQDN, user agents, IP addresses, or ports.


Answer : D

To maintain employee productivity, employee access is restricted based on application, user, device, and location.
Which two licenses are needed to allow administrators to enforce company policy?
(Choose two.)

  • A. AVC
  • B. Botnet Filtering
  • C. IPS for NGFW
  • D. WSE
  • E. AnyConnect Premium


Answer : A,D

Refer to the exhibit.


Which statement describes the effect of the access policy?

  • A. SSH traffic is blocked only on TCP port 22.
  • B. SSH traffic is blocked on any port.
  • C. Traffic that matches the access policy is logged in the PRMS event viewer.
  • D. SSH traffic is captured automatically.


Answer : B

Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Choose three characteristics of DTLS. (Choose three.)

  • A. It uses TLS to negotiate and establish DTLS connections.
  • B. It uses DTLS to transmit datagrams.
  • C. It is disabled by default.
  • D. It uses TLS for data packet retransmission.
  • E. It replaces underlying transport layer with UDP 443.
  • F. It uses TLS to provide low-latency video application tunneling.


Answer : A,B,E

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?

  • A. http 10.1.16.0 0.0.0.0 inside
  • B. http 10.1.16.0 0.0.15.255 inside
  • C. http 10.1.16.0 255.255.240.0 inside
  • D. http 10.1.16.0 255.255.255.255


Answer : C

Which NGFW component collects user details so that access policies can match traffic based on this information?

  • A. directory realms
  • B. identity policies
  • C. authentication settings
  • D. CDA or Active Directory agent


Answer : B

You are configuring bookmarks for the clientless SSL VPN portal without the use of plug- ins. Which three bookmark types are supported? (Choose three.)

  • A. RDP
  • B. HTTP
  • C. FTP
  • D. CIFS
  • E. SSH
  • F. Telnet


Answer : B,C,D

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

  • A. RIP (v1 and v2)
  • B. OSPF
  • C. ISIS
  • D. BGP
  • E. EIGRP
  • F. Bidirectional PIM
  • G. MOSPF
  • H. PIM dense mode


Answer : A,B,E,F

Refer to the exhibit.


Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?

  • A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
  • B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
  • C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
  • D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
  • E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
  • F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2


Answer : F

To which two policy types can an administrator apply a web reputation profile to implement reputation-based processing? (Choose two.)

  • A. access policies that permit traffic
  • B. access policies that deny traffic
  • C. decryption policies that decrypt potentially malicious traffic
  • D. universal access policies
  • E. NAT policies for ASAs that operate in multiple device mode
  • F. packet capture policies that perform global capture of dropped packets


Answer : A,C

Which statement about the on-box version of PRSM is true?

  • A. Cisco ASA NGFW comes preinstalled with a version of PRSM.
  • B. The on-box PRSM can support up to five NGFW modules.
  • C. The on-box PRSM license can be applied to the off-box version of PRSM.
  • D. Cisco ASA NGFW requires an ESXi license to run on-box PRSM.


Answer : A

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

  • A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
  • B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
  • C. Time-based licenses are stackable in duration but not in capacity.
  • D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.


Answer : A,C

In which two ways is the Cisco ASA CWS subscription licensed? (Choose two.)

  • A. term only
  • B. term and seat
  • C. term and application
  • D. term and session
  • E. free with purchase of WSE 5-year term subscription license


Answer : A,B

Which license is required on the Cisco ASA NGFW for an administrator to manage it securely from a remote laptop?

  • A. AnyConnect Endpoint Assessment
  • B. AnyConnect Premium
  • C. AnyConnect for Mobile
  • D. AnyConnect for Cisco VPN phone
  • E. Cisco Secure Desktop


Answer : B

You are an NGFW administrator at a local school and want to take appropriate steps to limit exposure to explicit content for students.
Which access policy action is the most effective with the least impact?

  • A. Limit bandwidth to 200 Kb/s.
  • B. Filter MIME image file types.
  • C. Enable IPS for NGFW.
  • D. Enforce Safe Search.
  • E. Block sites with poor web reputation.


Answer : D

Page:    1 / 4   
Exam contains 55 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.