ASA Info

Question 1

Which Cisco security management solution provides the means to identify, isolate and counter security threats?

A) Adaptive Security Device Manager
B) Intrusion Prevention Device Manager
C) Security Device Manager
D) Cisco Security Manager
E) Cisco Security Monitoring, Analysis and Response System

Answer 1

Answer:

E) Cisco Security Monitoring, Analysis and Response System

Question 2

What four types of ACL object group are supported on the ASA (release 8.2)? - Choose 4

A) Protocol B) Network
C) Port D) Service
E) ICMP-type F) Host

Answer 2

Answer:

A) Protocol B) Network
D) Service E) ICMP-type

Question 3

By default, which traffic can pass through an ASA that is operating in Transparent mode without explicitly allowing it using an ACL?

A) ARP B) BPDU
C) CDP D) DHCP

Answer 3

Answer:

A) ARP

Question 4

Which ASA feature enable the ASA do to these two things? 1) Act as a proxy-server and generate a SYN-ACK response to a client SYN-Request? 2) When the ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows connection to the server?

A) TCP normalizer
B) TCP State by-pass
C) TCP Intercept
D) Basic threat detection
E) Bonnet traffic filter

Answer 4

Answer:

C) TCP Intercept

Question 5

In which type of environment is the Cisco ASA Modular Policy Framework (MPF) set connection advance-option tcp-state-bypass option the most useful?

A) SIP Proxy 
B) WCCP
C) BGP peering through the Cisco ASA
D) Asymmetric traffic flow
E) Transparent firewall

Answer 5

Answer:

D) Asymmetric traffic flow

Question 6

When ordering the licenses for a Cisco ASA, which two license must be ordered that are “platform specifics” to the Cisco ASA 5505?

A) Any Connect Essential License
B) Per-User Premium SSL VPN License
C) VPN Shared License
D) Internal User License
E) Security Plus License

Answer 6

Answer:

D) Internal User License

E) Security Plus License

Question 7

By default, which access rule is applied to the inside interface of an ASA?

A) All IP traffic is denied.
B) All IP traffic is permitted.
C) All IP traffic sourced from any source to any less secure network destination is permitted.
D) All IP traffic sourced from any source to any more secure network destination is permitted.

Answer 7

Answer:

C) All IP traffic sourced from any source to any less secure network destination is permitted.

Question 8

The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three (3) Cisco ASA options will NOT support these requirements?

A) Transparent mode
B) Multiple context mode
C) Active / standby fail-over mode
D) Active / active fail-over mode
E) Routed mode
F) No-NAT-control

Answer 8

Answer:

A) Transparent mode

B) Multiple context mode

D) Active / active fail-over mode

Question 9

Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?

A) 5540
B) 5550
C) 5580 - 20
D) 5580 - 40

Answer 9

Answer:

B) 5550