Securing Networks with ASA Advanced
braindump is provided with ratings from different students.
I used www.examcheats.net study material and the exam
was not a problem for me.
Which two statements correctly describe configuring
active/active failover? (Choose two.)
A. You must assign contexts to failover groups
from the admin context.
B. Both units must be in multiplemode.
C. You must configure two failover groups: group 1 and
D. You must use a crossover cable to connect the failover
links on the two failover peers.
What does the redundant interface feature of the security
A. to increase the number of interfaces available
to your network without requiring you to add additional
physical interfaces or security appliances
B. to increase the reliability of your security appliance
C. to allow a VPN client to sendIPsec-protected traffic
to another VPN user by allowing such traffic in and
out of the same interface
D. to facilitate out-of-band management
The IT department of your company must perform a custom-built
TCP application within the clientless SSL VPN portal
configured on your Cisco ASA security appliance. The
application should be run by users who have either guest
or normal user mode privileges. In order to allow this
application to run, how to configure the clientless
SSL VPN portal?
A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application
In the default global policy, which three traffic types
are inspected by default? (Choose three.)
Which two statements about the downloadable ACL feature
of the security appliance are correct? (Choose two.)
A. Downloadable ACLs enable you to store full
ACLs ona AAA server and download them to the security
B. Downloadable ACLs are supported using TACACS+ or
C. The downloadable ACL must be attached to a user or
group profile ona AAA server.
D. The security appliance supports only per-user ACL
You are the network security administrator for the P4S
company. You create an FTP inspection policy including
the strict option, and it is applied to the outside
interface of the corporate adaptive security appliance.
How to handle FTP on the security appliance after this
policy is applied? (Choose three.)
A. FTP inspection is applied to traffic entering
the inside interface.
B. Strict FTP inspection is applied to traffic entering
the outside interface.
C. FTP inspection is applied to traffic exiting the
D. Strict FTP inspection is applied to traffic exiting
the outside interface.
Which three statements correctly describe protocol inspection
on the Cisco ASA adaptive security appliance? (Choose
A. The protocol inspection feature of the security
appliance securely opens and closes negotiated ports
and IP addresses for legitimate client-server connections
through the security appliance.
B. For the security appliance to inspect packets for
signs of malicious application misuse, you must enable
advanced (application layer) protocol inspection.
C. If inspection for a protocol is notenabled, traffic
for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol
that is not inspected by default or if you want to globally
disable inspection for a protocol, you can edit the
default global policy.
An SSL VPN (Secure Sockets Layer virtual private network)
is a form of VPN that can be used with a standard Web
browser. After configuring port forwarding for a clientless
SSL VPN connection, if port forwarding is to work, which
end user privilege level is required at the endpoint?
A. system level
B. guest level
C. user level
D. administrator level
Which two methods can be used to decrease the amount
of time it takes for an active Cisco ASA adaptive security
appliance to fail over to its standby failover peer
in an active/active failover configuration? (Choose
A. decrease the interface failover poll time
B. decrease the unit failover poll time
C. use the special serial failover cable to connect
the security appliances
D. use single mode
Multimedia applications transmit requests on TCP, get
responses on UDP or TCP, use dynamic ports, and use
the same port for source and destination, so they can
pose challenges to a firewall. Which three items are
true about how the Cisco ASA adaptive security appliance
handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure
multimedia connections, so you do not need to open a
large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Which options can a clientless SSL VPN user access from
a web browser without port forwarding, smart tunnels,
or browser plug-ins?
A. web-enabled applications
B. Microsoft Outlook Web Access
C. files on the network, via FTP or the CIFS protocol
D. internal websites