Q1. What are two protocols that HTTP can use to secure sessions? (Choose two)
A. HTTPS
B. AES
C. TLS
D. AH
E. SSL
Answer: A,E
Q2. Refer to the exhibit. R1 and R2 are connected across and ASA with MD5 authentication. Which statement about eBGP peering between the routers could be true?
A. eBGP peering will fail because ASA is transit lacks BGP support.
B. eBGP peering will be successful.
C. eBGP peering will fail because the two routers must be directly connected to allow peering.
D. eBGP peering will fail because of the TCP random sequence number feature.
Answer: C
Q3. when a host initiates a TCP session, what is the numerical range into which the initial sequence number must fail?
A. 0 to 65535
B. 1 to 1024
C. 0 to 4,294,967,295
D. 1 to 65535
E. 1 to 4,294,967,295
F. 0 to 1024
Answer: C
Q4. Refer to the exhibit.
Which two effect of this configuration are true ? (Choose two)
A. The Cisco ASA first check the user credentials against the AD tree of the security.cisco.com.
B. The Cisco ASA use the cisco directory as the starting point for the user search.
C. The AAA server SERVERGROUP is configured on host 10.10.10.1 with the timeout of 20 seconds.
D. The Cisco ASA uses the security account to log in to the AD directory and search for the user cisco.
E. The Cisco ASA authentication directly with the AD server configured on host 10.10.10.1 with the timeout of 20 second.
F. The admin user is authenticated against the members of the security.cisco.com group.
Answer: C,F
Q5. Which three Cisco attributes for LDAP authorization are supported on the ASA? (Choose three)
A. L2TP-Encryption
B. Web-VPN-ACL-Filters
C. IPsec-Client-Firewall-Filter-Name
D. Authenticated-User-Idle-Timeout
E. IPsec-Default-Domain
F. Authorization-Type
Answer: B,D,E
Q6. Which Three statement about cisco IPS manager express are true? (Choose three)
A. It provides a customizable view of events statistics.
B. It Can provision policies based on risk rating.
C. It Can provision policies based on signatures.
D. It Can provision policies based on IP addresses and ports.
E. It uses vulnerability-focused signature to protect against zero-day attacks.
F. It supports up to 10 sensors.
Answer: A,B,F
Q7. How does a wireless association flood attack create a DoS?
A. It sends a high-power RF pulse that can damage the internals of the AP
B. It spoofs disassociation frames from the access point.
C. It uses a brute force attack to crack the encryption.
D. It exhausts the access client association table.
Answer: D
Q8. From what type of server can you to transfer files to ASA’s internal memory ?
A. SSH
B. SFTP
C. Netlogon
D. SMB
Answer: D
Q9. What is the purpose of enabling the IP option selective Drop feature on your network routers?
A. To protect the internal network from IP spoofing attacks.
B. To drop IP fragmented packets.
C. To drop packet with a TTL value of Zero.
D. To protect the network from DoS attacks.
Answer: D
Q10. Which two statements about RFC 2827 are true? (Choose two.)
A. RFC 2827 defines egress packet filtering to safeguard against IP spoofing.
B. A corresponding practice is documented by the IEFT in BCP 38.
C. RFC 2827 defines ingress packet filtering for the multihomed network.
D. RFC 2827 defines ingress packet filtering to defeat DoS using IP spoofing.
E. A corresponding practice is documented by the IEFT in BCP 84.
Answer: B,D