Q1. Which two TCP ports must be open on the Cisco Security Manager server to allow the server to communicate with the Cisco Security Manager client? (Choose two.) 

A. 1741 

B. 443 

C. 80 

D. 1740 

E. 8080 

View Answer

Q2. According to the logging configuration on the Cisco ASA, what will happen if syslog server 10.10.2.40 fails? 

A. New connections through the ASA will be blocked and debug system logs will be sent to the internal buffer. 

B. New connections through the ASA will be blocked and informational system logs will be sent to the internal buffer. 

C. New connections through the ASA will be blocked and system logs will be sent to server 10.10.2.41. 

D. New connections through the ASA will be allowed and system logs will be sent to server 10.10.2.41. 

E. New connections through the ASA will be allowed and informational system logs will be sent to the internal buffer. 

F. New connections through the ASA will be allowed and debug system logs will be sent to the internal buffer. 

View Answer

Q3. What are three of the RBAC views within Cisco IOS Software? (Choose three.) 

A. Admin 

B. CLI 

C. Root 

D. Super Admin 

E. Guest 

F. Super 

View Answer

Q4. Refer to the exhibit. What is the effect of this configuration? 

A. The firewall will inspect IP traffic only between networks 192.168.1.0 and 192.168.2.0. 

B. The firewall will inspect all IP traffic except traffic to 192.168.1.0 and 192.168.2.0. 

C. The firewall will inspect traffic only if it is defined within a standard ACL. 

D. The firewall will inspect all IP traffic. 

View Answer

Q5. Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection 

View Answer

Q6. Which two options are protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? ( Choose two ) 

A. Unicast Reverse Path Forwarding 

B. NetFlow 

C. Routing Protocol Authentication 

D. Threat detection 

E. Syslog 

F. ICMP unreachables 

G. Cisco URL Filtering 

View Answer

Q7. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack? 

A. MACsec 

B. Flex VPN 

C. Control Plane Protection 

D. Dynamic Arp Inspection 

View Answer

Q8. Which security operations management best practice should be followed to enable appropriate network access for administrators? 

A. Provide full network access from dedicated network administration systems 

B. Configure the same management account on every network device 

C. Dedicate a separate physical or logical plane for management traffic 

D. Configure switches as terminal servers for secure device access 

View Answer

Q9. Which three options are hardening techniques for Cisco IOS routers? (Choose three.) 

A. limiting access to infrastructure with access control lists 

B. enabling service password recovery 

C. using SSH whenever possible 

D. encrypting the service password 

E. using Telnet whenever possible 

F. enabling DHCP snooping 

View Answer

Q10. Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic? 

A. Log 

B. Inspect 

C. Permit 

D. Deny 

View Answer