Q1. Which port is used for CLI Secure shell access?
A. Port 23
B. Port 25
C. Port 22
D. Port 443
Answer: C
Q2. Which three statements about threat ratings are true? (Choose three.)
A. A threat rating is equivalent to a risk rating that has been lowered by an alert rating.
B. The largest threat rating from all actioned events is added to the risk rating.
C. The smallest threat rating from all actioned events is subtracted from the risk rating.
D. The alert rating for deny-attacker-inline is 45.
E. Unmitigated events do not cause a threat rating modification.
F. The threat rating for deny-attacker-inline is 50.
Answer: A,D,E
Q3. Which three sender reputation ranges identify the default behavior of the Cisco Email Security Appliance? (Choose three.)
A. If it is between -1 and +10, the email is accepted
B. If it is between +1 and +10, the email is accepted
C. If it is between -3 and -1, the email is accepted and additional emails from the sender are throttled
D. If it is between -3 and +1, the email is accepted and additional emails from the sender are throttled
E. If it is between -4 and +1, the email is accepted and additional emails from the sender are throttled
F. If it is between -10 and -3, the email is blocked
G. If it is between -10 and -3, the email is sent to the virus and spam engines for additional scanning
H. If it is between -10 and -4, the email is blocked
Answer: A,C,F
Q4. What can Cisco Prime Security Manager (PRSM) be used to achieve?
A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies
B. Configure Cisco ASA connection limits
C. Configure TCP state bypass in Cisco ASA and IOS
D. Configure Cisco IPS signature and monitor signature alerts
E. Cisco Cloud Security on Cisco ASA
Answer: A
Q5. Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe that each time an alert fired, requests on the IP address exceeded replies by the same number. Which configuration could cause this behavior?
A. The reply-ratio parameter is enabled.
B. MAC flip is enabled.
C. The inspection condition is disabled.
D. The IPS is misconfigured.
Answer: A
Q6. Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase?
A. ASA
B. WSA
C. Secure mobile access
D. IronPort ESA
E. SBA
Answer: D
Q7. Which three statements about Cisco ASA CX are true? (Choose three.)
A. It groups multiple ASAs as a single logical device.
B. It can perform context-aware inspection.
C. It provides high-density security services with high availability.
D. It uses policy-based interface controls to inspect and forward TCP- and UDP-based packets.
E. It can make context-aware decisions.
F. It uses four cooperative architectural constructs to build the firewall.
Answer: B,E,F
Q8. What is the access-list command on a Cisco IPS appliance used for?
A. to permanently filter traffic coming to the Cisco.IPS.appliance via the sensing port
B. to filter for traffic when the Cisco.IPS.appliance is in the inline mode
C. to restrict management access to the sensor
D. to create a filter that can be applied on the interface that is under attack
Answer: C
Q9. If inline-TCP-evasion-protection-mode on a Cisco IPS is set to asymmetric mode, what is a side effect?
A. Packet flow is normal.
B. TCP requests are throttled.
C. Embryonic connections are ignored.
D. Evasion may become possible.
Answer: D
Q10. Which set of commands changes the FTP client timeout when the sensor is communicating with an FTP server?
A. sensor# configure terminal
sensor(config)# service sensor
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
B. sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings parameter ftp
sensor(config-hos-net)# ftp-timeout 500
C. sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
D. sensor# configure terminal
sensor(config)# service network
sensor(config-hos)# network-settings
sensor(config-hos-net)# ftp-timeout 500
Answer: C