1. In what three
ways do the 5505 and 5510 Adaptive Security Appliances differ? (Choose
three.)
|
||
in the method by which they can be configured using
either CLI or ASDM
|
||
in their compatibility with Cisco SecureX technology
|
||
>>
|
in the maximum traffic
throughput supported
|
|
in the number of interfaces
|
||
in operating system version support
|
||
>>
|
in types of interfaces
|
|
2. Which three
security features do ASA models 5505 and 5510 support by default? (Choose
three.)
|
||
content security and control module
|
||
Cisco Unified Communications (voice and video) security
|
||
>>
|
intrusion prevention system
|
|
>>
|
stateful firewall
|
|
>>
|
VPN concentrator
|
|
Zone-Based Policy Firewall
|
||
3. Which option
lists the ASA adaptive security algorithm session
management tasks in the correct order?
|
||
1) allocating NAT translations (xlates)
2) establishing sessions in the “fast path”
3) performing route lookups
4) performing the access list checks
|
||
1) establishing sessions in the “fast path”
2) performing the access list checks
3) allocating NAT translations (xlates)
4) performing route lookups
|
||
1) performing route lookups
2) establishing sessions in the “fast path”
3) allocating NAT translations (xlates)
4) performing the access list checks
|
||
1) performing route lookups
2) allocating NAT translations (xlates)
3) performing the access list checks
4) establishing sessions in the “fast path”
|
||
>>
|
1) performing the access
list checks
2) performing route lookups
3) allocating NAT
translations (xlates)
4) establishing sessions in
the “fast path”
|
|
4. When the ASA
recognizes that the incoming packets are part of an already established
connection, which three fast path tasks are executed? (Choose three.)
|
||
>>
|
adjusting Layer 3 and Layer
4 headers
|
|
allocating NAT translations (xlates)
|
||
>>
|
performing IP checksum
verification
|
|
performing route lookups
|
||
>>
|
performing TCP sequence
number checks
|
|
performing the access list checks
|
||
5. What are
three characteristics of ASA transparent mode? (Choose three.)
|
||
>>
|
This mode does not support
VPNs, QoS, or DHCP Relay.
|
|
The interfaces of the ASA separate Layer 3 networks and
require IP addresses in different subnets.
|
||
It is the traditional firewall deployment mode.
|
||
NAT can be implemented between connected networks.
|
||
>>
|
This mode is referred to as
a “bump in the wire.”
|
|
>>
|
In this mode the ASA is
invisible to an attacker.
|
|
6. Refer to the
exhibit. Which three sets of configuration commands were entered on the ASA
5505? (Choose three.)
|
||
interface e0/0
nameif outside
security-level 0
ip address 209.165.200.226 255.255.255.248
no shut
|
||
>>
|
interface e0/0
switchport access vlan 2
no shut
exit
|
|
>>
|
interface vlan
2
nameif outside
security-level
0
ip address 209.165.200.226
255.255.255.248
|
|
ip route 0.0.0.0 0.0.0.0 209.165.200.225
|
||
route inside 0.0.0.0 0.0.0.0 209.165.200.225
|
||
>>
|
route outside 0.0.0.0 0.0.0.0
209.165.200.225
|
|
7. Refer to the
exhibit. According to the exhibited command output, which three statements
are true about the DHCP options entered on the ASA 5505? (Choose three.)
|
||
>>
|
The dhcpd auto-config
outside command was issued to enable the DHCP client.
|
|
The dhcpd address [start-of-pool]-[end-of-pool] inside
command was issued to enable the DHCP client.
|
||
The dhcpd enable inside command was issued to enable
the DHCP client.
|
||
The dhcpd auto-config outside command was issued to
enable the DHCP server.
|
||
>>
|
The dhcpd address
[start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP
server.
|
|
>>
|
The dhcpd enable inside
command was issued to enable the DHCP server.
|
|
8. Which three
wizards are included in Cisco ASDM 6.4? (Choose three.)
|
||
ADSL Connection wizard
|
||
Advanced Firewall wizard
|
||
>>
|
High Availability and
Scalability wizard
|
|
Security Audit wizard
|
||
Startup wizard
|
||
>>
|
VPN wizard
|
|
9. Refer to the
exhibit. What will be displayed in the output of the show running-config
object command after the exhibited configuration commands are entered on an
ASA 5505?
|
||
host 192.168.1.3
|
||
host 192.168.1.4
|
||
>>
|
range 192.168.1.10
192.168.1.20
|
|
host 192.168.1.3 and host 192.168.1.4
|
||
host 192.168.1.4 and range 192.168.1.10
192.168.1.20
|
||
host 192.168.1.3, host 192.168.1.4, and range
192.168.1.10 192.168.1.20
|
||
10. Refer to the
exhibit. Which ASDM menu sequence would be required to configure Telnet or
SSH AAA authentication using a TACACS server first or the local device user
database if the TACACS server authentication is unavailable?
|
||
Configuration > Device Management > Management Access
> ASDM/HTTPS/Telnet/SSH
|
||
Configuration > Device Management > Management
Access > Management Interface
|
||
>>
|
Configuration > Device
Management > Users/AAA > AAA Access
|
|
Configuration > Device Management > Users/AAA
> AAA Server Group
|
||
Configuration > Device Management > Users/AAA
> User Accounts
|
||
11. Which option
lists the four steps to configure the Modular Policy Framework on an ASA?
|
||
1) Configure a policy map to apply actions to the identified traffic.
2) Configure a service policy to identify which
interface should be activated for the service.
3) Configure extended ACLs to identify specific
granular traffic. This step may be optional.
4) Configure the class map to define interesting
traffic.
|
||
1) Configure a service policy to identify which
interface should be activated for the service.
2) Configure extended ACLs to identify specific
granular traffic. This step may be optional.
3) Configure the class map to define interesting
traffic.
4) Configure a policy map to apply actions to the
identified traffic.
|
||
>>
|
1) Configure extended ACLs
to identify specific granular traffic. This step may be optional.
2) Configure the class map
to define interesting traffic.
3) Configure a policy map
to apply actions to the identified traffic.
4) Configure a service
policy to identify which interface should be activated for the service.
|
|
1) Configure extended ACLs to identify specific
granular traffic. This step may be optional.
2) Configure the class map to define interesting
traffic.
3) Configure a service policy to identify which
interface should be activated for the service.
4) Configure a policy map to apply actions to the
identified traffic.
|
||
12. Which three
types of remote access VPNs are supported on ASA devices? (Choose three.)
|
||
Clientless SSL VPN using the Cisco AnyConnect Client
|
||
>>
|
Clientless SSL VPN using a
web browser
|
|
>>
|
IPsec (IKEv1) VPN using the
Cisco VPN Client
|
|
IPsec (IKEv1) VPN using a web browser
|
||
>>
|
SSL or IPsec (IKEv2) VPN
using the Cisco AnyConnect Client
|
|
SSL or IPsec (IKEv2) VPN using the Cisco VPN Client
|
||
13. Which three
components must be configured when implementing a clientless SSL VPN on an
ASA 5505 device? (Choose three.)
|
||
>>
|
bookmark lists
|
|
client address assignment
|
||
client images
|
||
>>
|
connection profile name
|
|
>>
|
group policy
|
|
NAT exemption rules
|
||
VPN protocol (SSL or IPsec or both)
|
||
14. Which three
components must be configured when implementing a client-based SSL VPN on an
ASA 5505 device? (Choose three.)
|
||
bookmark lists
|
||
>>
|
client address assignment
|
|
>>
|
client image
|
|
DHCP pools
|
||
group policy
|
||
>>
|
SSL or IPsec
|
|
15. Refer to the
exhibit. A remote host is connecting to an ASA 5505 via a VPN
connection. Once authenticated, the host displays the highlighted
system tray icon. On the basis of the information that is presented, what
three assumptions can be made? (Choose three.)
|
||
The host web browser window is displaying the ASA SSL
web portal webpage containing bookmarks.
|
||
>>
|
The host has connected to
the ASA via a client-based SSL VPN connection.
|
|
>>
|
The host is connected via
the AnyConnect VPN client.
|
|
The host is connected via the Cisco VPN client.
|
||
Using the ipconfig command on the host displays one IP
address from the originating network.
|
||
>>
|
Using the ipconfig command
on the host displays an IP address from the originating network and an IP
address for the VPN connection.
|
|
16. Refer to the
exhibit. An administrator has entered the indicated commands on an ASA 5505.
Based on the information presented, what type of remote access
VPN has the administrator configured?
|
||
a clientless SSL VPN via the Cisco AnyConnect Client
|
||
>>
|
a clientless SSL VPN via a
web browser
|
|
an IPsec (IKEv1) VPN via the Cisco VPN Client
|
||
an IPsec (IKEv1) VPN via a web browser
|
||
an SSL or IPsec (IKEv2) VPN via the Cisco AnyConnect
Client
|
||
an SSL or IPsec (IKEv2) VPN via a Cisco VPN Client
|
||
17. Which Cisco
ASDM menu sequence would be used to edit a client-based AnyConnect SSL VPN
configuration?
|
||
Configuration > Remote Access VPN > Advanced
|
||
Configuration > Remote Access VPN > Clientless
SSL VPN Access
|
||
Configuration > Remote Access VPN > Easy VPN
Remote
|
||
>>
|
Configuration > Remote
Access VPN > Network (Client) Access
|
|
Monitoring > VPN > VPN Sessions
|
||
Monitoring > VPN > Clientless SSL VPN
|
||
18. Which three
components must be configured when using the Site-to-Site VPN Connection Setup
wizard in ASDM? (Choose three.)
|
||
>>
|
authentication method
|
|
bookmarks
|
||
crypto maps
|
||
>>
|
encryption algorithms
|
|
GRE tunnel specifications
|
||
>>
|
IKE version
|
|
19. An
administrator has successfully configured a site-to-site VPN on an ASA 5505.
Which ASDM menu sequence displays the number of packets encrypted, decrypted,
and security association requests?
|
||
Configuration > Site-to-Site VPN > Advanced
|
||
Configuration > Site-to-Site VPN > Connection
Profiles
|
||
Configuration > Site-to-Site VPN > Group Policies
|
||
>>
|
Monitoring > VPN >
VPN Statistics > Crypto Statistics
|
|
Monitoring > VPN > VPN Statistics > Encryption
Statistics
|
||
Monitoring > VPN > VPN Statistics > Sessions
|
||
20. Which two
statements correctly describe the ASA as an advanced stateful firewall?
(Choose two.)
|
||
An ASA uses the Zone-Based Firewall feature and tracks
the state of the TCP or UDP network connections that are traversing the
network.
|
||
>>
|
In routed mode, an ASA can
support two or more Layer 3 interfaces.
|
|
In routed mode, an ASA requires a management IP address
that is configured in global configuration mode.
|
||
In transparent mode, each interface has an associated
security level.
|
||
>>
|
The first packet of a flow
examined by an ASA goes through the session management path.
|
|
CCNA Security Chapter 10 Answers |
No comments:
Post a Comment