Exam Questions, Answers,
I think it was tough
but thanks to www.examcheats.net . I purchased their
study material and got through. The stuff had drag and
drops, exhibits and all that is required for the exam.
A designer wants to configure a cluster of ASAs. Which
statement best describes the maximum characteristics
of the cluster?
A. One Master with 256 slaves
B. Four Master with up to 256 slaves
C. Tow Master with up to 256 slaves each
D. One to 256 Masters with up to a total of 256 slaves
A designer implemented SSL VPN services in a data center.
The server group is complaining that they are no longer
able to track the users. How can this issue be addressed?
A. Turn on connection pooling
B. Add Via header in the HTTP menu
C. Add X-forwarding-for header in the HTTP menu
D. Configure Proxy IP addressing on the ingress ports
Abc .com is experiencing performance problem with their
E-commerce servers. SSL traffic has been determined
to be the culprit. They would like to improve performance
by load balancing their encrypted traffic based on Layer
7 attributes but used to maintain the encryption to
the servers. What is the minimum version of ASA required
to facilitate their request?
D. any version supports the requirement
E. ASA version 2.4 w/ end to end encryption
Which encryption algorithms are supported on the ASA?
A. RC2, and DES3
B. DES, DES3 only
C. DES and RC4 (streaming) only
D. RC2, RC4 (Streaming) DES,&DES3
E. DES3 encryption Only. Other available through upgrade.
A new customer needs to terminate HTTPS requires and
pass it to HTTP servers. A throughput between 1400 and
1900 SSL TPS is expected with a maximum of 10,000 concurrent
sessions. What is the minimum solution this design?
A. A cluster of two ASA410 systems
B. A cluster of four ASA310 systems
C. A cluster of three ASA410 systems
D. A cluster of three ASA410 systems
A design engineer deployed SSL acceleration services
in a network. The security department has mandated that
all traffic use only the IEFT slandered - TLS 1.0. How
should the design engineer configure the SSL Acceleration
service to conform to this restriction?
A. Restrict to TLS 1.0
B. Do nothing, TLS 1.0is the default setting
C. Enable TLS 1.0 & remove all others under/cfg/ssl/advanced/ciphers.
D. Have everyone upgrade their browsers, newer browsers
support TLS 1.0only.
For each HSM card in an SSL Acceleration there are unique
ikeys used for identifying based authentication:
• HSM-Security officer (SO)
• IkeyHSM-USER ikey.
The HSO ikey can perform all of the following except:
A. Changing the HSM-USER ikey password
B. Changing the HSM-SO ikey password
C. Installing a new ASA HSM in a new cluster
D. Adding an additional ASA HSM into a cluster
When an ASA joins an existing cluster, which statement
A. The first box in a cluster is always the Master,
all other are slaves
B. The network administrator can change the Management
IP address of the cluster.
C. The first two ASAs in the cluster will automatically
be Master, all other will be slaves
D. The first four ASAs in the cluster will automatically
be Master, all other will be slaves
Abc .com has implemented an SSL VPN solution. Which
topologies are available for this VPN solution?
A. In path and out of path
B. Single path and path available
C. In path, out of path or dual path
D. In path, out of path or high ayailabilty
An insurance company has built an application that allows
customers to update their personal data. After deployment,
server performance degraded dramatically and they now
want to deploy an ASA solution. Current requirements
are to provide end to end encryption, scale to 10 backend
servers, and persistency maintained by the individual
user. What is the best way to address this issue?
A. Configure SSL Connect to the backed serves
B. Configure SSL Connect to the L7loaad servers
C. Torn on Hashing on the SSL Server group in the ASA
D. Add a L7 Load Balanced after SSL traffic has been
encrypted, before the origin servers
Abc .com is tacked operate an e-commerce portal using
HTTPS. The customer must be secure connection wants
to enhance to the encryption capacity and implement
an intrusion Detection System. The communication must
be secure and encrypted to the web server. What are
the necessary components required to meet this objective?
A. One ASA
B. One ASA, one Alteon Web Switch
C. Two ASAs, one Alteon Web Switch
D. Two ASAs, two Alteon Web Switches
The ASA supports Certificate Revocation Lists (CRLs).
Which statement is NOT true?
A. A local CRL can be defined on the ASA.
B. The CRL can be imported by TFTP into the ASA
C. PEM, DER and ASCII are valid file formats for the
D. The CRL must be held by a root Certificate Authority(CA)
Answer: B. C