1.For the following commands, which one enables the DHCP server on the DMZ interface of the
Cisco ASA with an address pool of 10.0.1.10010.0.1.108
and a DNS server of 192.168.1.2?
A.dhcpd address 10.0.1.10010.0.1.108
DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
B.dhcpd address range 10.0.1.10010.0.1.108
dhcpd dns server 192.168.1.2 dhcpd enable DMZ
C.dhcpd range 10.0.1.10010.0.1.108
DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
D.dhcpd address range 10.0.1.10010.0.1.108
dhcpd dns 192.168.1.2 dhcpd enable
Correct:A
2.Which description is correct about the output provided in the exhibit?
A.The ACLOUT access list has been designed to allow the IP address with the network address of
192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B.The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the
host with a network address of 192.168.6.0.
C.The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
D.The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
Correct:A
3.What is the effect of the peruseroverride
option when applied to the accessgroup
command
syntax?
A.The log option in the peruser
access list overrides existing interface log options.
B.It allows for extended authentication on a peruser
basis.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It increases security by building upon the existing access list applied to the interface. All subsequent
users are also subject to the additional access list entries.
Correct:C
4.In order to recover the Cisco ASA password, which operation mode should you enter?
A.configure
B.unprivilegedC.privileged
D.monitor
Correct:D
5.Observe the following commands, which one verifies that NAT is working normally and displays
active NAT translations?
A.show ip nat all
B.show runningconfiguration
nat
C.show xlate
D.show nat translation
Correct:C
6.What is the result if the WebVPN urlentry
parameter is disabled?
A.The end user is unable to access predefined
URLs.
B.The end user is unable to access any CIFS shares or URLs.
C.The end user is able to access CIFS shares but not URLs.
D.The end user is able to access predefined
URLs.
Correct:D
7.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose
three.)
A.IPsec over TCP
B.IPsec over UDP
C.ESP
D.AH
Correct:A B C
8.Tom is a network administrator, study the exhibit carefully. He wants to authenticate remote
users who are accessing the P4SWEB
server from the Internet. When a remote user initiates a
session to the P4SWEB
server, the ASA1 security appliance will verify the user’s credentials with
the TX_ACS AAA server via RADIUS. In order to achieve this goal, Tom needs to load and
configure Cisco ACS software on the TX_ACS AAA server. During the process, he should
appropriately configure the AAA client information in the Cisco ACS network configuration
window. What should Tom place in field A (AAA Client Hostname) and field B (AAA Client IP
address)?
A.A P4SPC
B 192.168.2.10
B.A TX_
ACS B 10.0.1.10
C.A P4SWEB
B 172.16.1.2
D.A ASA1
B 10.0.1.1
Correct:D
9.What are the two purposes of the samesecuritytraffic
permit intrainterface
command?
(Choose two.)
A.It allows all of the VPN spokes in a hubandspoke
configuration to be terminated on a single interface.
B.It enables Dynamic Multipoint VPN.
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It allows communication between different interfaces that have the same security level
Correct:A C
10.How many unique transforms will included in a single transform set while configuring a crypto
ipsec transformset
command?
A.three
B.two
C.four
D.one
Correct:B
11.John works as a network administrator , according to the following exhibit. Descriptions are
added to class maps for each part of the modular policy framework. Which text should John add
to the description command to describe the TO_SERVER class map?
P4Sasa1(
config)#accesslist
UDP permit udp any any P4Sasa1(
config)#accesslist
TCP permit
tcp any any P4Sasa1(
config)#accesslist
PUBLIC_WEB permit ip any 10.10.10.100
255.255.255.255 P4Sasa1(
config)#classmap
ALL_VDP P4Sasa1(
configcmap)#
description “This
classmap
matches all UDP traffic” P4Sasa1(
configcmap)#
match accesslist
VDP
P4Sasa1(
configcmap)#
classmap
ALL_TCP P4Sasa1(
configcmap)#
description “This classmap
matches all TCP traffic” P4Sasa1(
configcmap)#
match accesslist
TCP
P4Sasa1(
configcmap)#
classmap
ALL_WEB_SERVER P4Sasa1(
configcmap)#
description “This
classmap
matches all HTTP traffic” P4Sasa1(
configcmap)#
match port tcp eq http
P4Sasa1(
configcmap)#
classmap
TO_SERVER P4Sasa1(
configcmap)#
match accesslist
PUBLIC_WEB
A.description “This classmap
matches all TCP traffic for the public web server.”
B.description “This classmap
matches all HTTP traffic for the public web server.”
C.description “This classmap
matches all HTTPS traffic for the public web server.”
D.description “This classmap
matches all IP traffic for the public web server.”
Correct:D
12.By default, the AIPSSM
IPS software is accessible from the management port at IP address
10.1.9.201/24. Which CLI command should an administrator use to change the default AIPSSM
management port IP address?
A.interface
B.hw module 1 recover
C.setup
D.hw module 1 setup
Correct:C
Link : http://www.killtest.co.kr/CCSP/642-523.asp

Tags: