Q1. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.) 

A. NTP authentication is enabled. 

B. NTP authentication is disabled. 

C. NTP logging is enabled. 

D. NTP logging is disabled. 

E. NTP access is enabled. 

F. NTP access is disabled. 

View Answer

Q2. What is a required attribute to configure NTP authentication on a Cisco ASA? 

A. Key ID 

B. IPsec 

C. AAA 

D. IKEv2 

View Answer

Q3. Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port? 

A. port security 

B. storm control 

C. dynamic ARP inspection 

D. BPDU guard 

E. root guard 

F. dot1x 

View Answer

Q4. Which command configures the SNMP server group1 to enable authentication for members of the access list east? 

A. snmp-server group group1 v3 auth access east 

B. snmp-server group1 v3 auth access east 

C. snmp-server group group1 v3 east 

D. snmp-server group1 v3 east access 

View Answer

Q5. CORRECT TEXT 

You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations. 

The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM. To successfully complete this activity, you must perform the following tasks: 

* Download the dynamic database and enable use of it. 

. Enable the ASA to download of the dynamic database 

. Enable the ASA to download of the dynamic database. 

. Enable DNS snooping for existing DNS inspection service policy rules.. 

. Enable Botnet Traffic Filter classification on the outside interface for All Traffic. 

. Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings 

NOTE: The database files are stored in running memory; they are not stored in flash memory. 

NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20). 

NOTE: Not all ASDM screens are active for this exercise. 

. Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following: 

. From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working. 

. From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database. 

. From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database. 

. From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer. 

View Answer

Q6. Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment? 

A. Cisco Nexus 1000V 

B. Cisco VSG 

C. WSVA 

D. ESVA 

View Answer

Q7. Which action is needed to set up SSH on the Cisco ASA firewall? 

A. Create an ACL to aloew the SSH traffic to the Cisco ASA. 

B. Configure DHCP for the client that will connect via SSH. 

C. Generate a crypto key 

D. Specify the SSH version level as either 1 or 2. 

E. Enable the HTTP server to allow authentication. 

View Answer

Q8. In which way are management packets classified on a firewall that operates in multiple context mode? 

A. by their interface IP address 

B. by the routing table 

C. by NAT 

D. by their MAC addresses 

View Answer

Q9. Refer to the exhibit. 

Which two statements about this firewall output are true? (Choose two.) 

A. The output is from a packet tracer debug. 

B. All packets are allowed to 192.168.1.0 255.255.0.0. 

C. All packets are allowed to 192.168.1.0 255.255.255.0. 

D. All packets are denied. 

E. The output is from a debug all command. 

View Answer

Q10. You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to open data-channel pinholes for voice packets that are sourced from a TRP within the WAN? 

A. CAC 

B. ACL 

C. CBAC 

D. STUN 

View Answer