|
u must visit itcertkeys.com it is great site for all users thanks
|
Question 1. On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command? A. inspect B. sysopt connection C. tcp-options D. parameters E. set connection advanced-options Answer: E Explanation: Question 2. By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL? A. ARP B. BPDU C. CDP D. OSPF multicasts E. DHCP Answer: A Explanation: Question 3. When enabling a Cisco ASA to send syslog messages to a syslog server, which syslog level will produce the most messages? A. notifications B. informational C. alerts D. emergencies E. errors F. debugging Answer: F Explanation: Question 4. Refer to the exhibit. What can be determined about the connection status? A. The output is showing normal activity to the inside 10.1.1.50 web server. B. Many HTTP connections to the 10.1.1.50 web server have successfully completed the Threeway TCP handshake. C. Many embryonic connections are made from random sources to the 10.1.1.50 web server. D. The 10.1.1.50 host is triggering SYN flood attacks against random hosts on the outside. E. The 10.1.1.50 web server is terminating all the incoming HTTP connections. Answer: C Explanation: Question 5. What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist? A. HTTP inspection B. DNS inspection and snooping C. WebACL D. dynamic botnet database fetches (updates) E. static blacklist F. static whitelist Answer: B Explanation: Question 6. Refer to the exhibit. Which statement about the policy map named test is true? A. Only HTTP inspection will be applied to the TCP port 21 traffic. B. Only FTP inspection will be applied to the TCP port 21 traffic. C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic. D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration conflicts with the ftp class map. E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection. Answer: B Explanation: Question 7. Refer to the exhibit. Which Cisco ASA feature can be configured using this Cisco ASDM screen? A. Cisco ASA command authorization using TACACS+ B. AAA accounting to track serial, ssh, and telnet connections to the Cisco ASA C. Exec Shell access authorization using AAA D. cut-thru proxy E. AAA authentication policy for Cisco ASDM access Answer: D Explanation: Question 8. Refer to the exhibit. Which command enables the stateful failover option? A. failover link MYFAILOVER GigabitEthernet0/2 B. failover lan interface MYFAILOVER GigabitEthernet0/2 C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10 D. preempt E. failover group 1 primary F. failover lan unit primary Answer: A Explanation: Question 9. In which type of environment is the Cisco ASA MPF set connection advanced-options tcp Statebypass option the most useful? A. SIP proxy B. WCCP C. BGP peering through the Cisco ASA D. asymmetric traffic flow E. transparent firewall Answer: D Explanation: Question 10. Refer to the exhibit. Which statement about the MPF configuration is true? A. Any non-RFC complaint FTP traffic will go through additional deep FTP packet inspections. B. FTP traffic must conform to the FTP RFC, and the FTP connection will be dropped if the PUT command is used. C. Deep FTP packet inspections will be performed on all TCP inbound and outbound traffic on the outside interface. D. The ftp-pm policy-map type should be type inspect. E. Due to a configuration error, all FTP connections through the outside interface will not be permitted. Answer: B Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.