Exam Questions, Answers,
I think it was tough
but thanks to www.examcheets.com . I purchased their
study material and got through. The stuff had drag
and drops, exhibits and all that is required for the
A designer wants to configure a cluster of ASAs. Which
statement best describes the maximum characteristics
of the cluster?
A. One Master with 256 slaves
B. Four Master with up to 256 slaves
C. Tow Master with up to 256 slaves each
D. One to 256 Masters with up to a total of 256 slaves
A designer implemented SSL VPN services in a data
center. The server group is complaining that they
are no longer able to track the users. How can this
issue be addressed?
A. Turn on connection pooling
B. Add Via header in the HTTP menu
C. Add X-forwarding-for header in the HTTP menu
D. Configure Proxy IP addressing on the ingress ports
Abc .com is experiencing performance problem with
their E-commerce servers. SSL traffic has been determined
to be the culprit. They would like to improve performance
by load balancing their encrypted traffic based on
Layer 7 attributes but used to maintain the encryption
to the servers. What is the minimum version of ASA
required to facilitate their request?
D. any version supports the requirement
E. ASA version 2.4 w/ end to end encryption
Which encryption algorithms are supported on the ASA?
A. RC2, and DES3
B. DES, DES3 only
C. DES and RC4 (streaming) only
D. RC2, RC4 (Streaming) DES,&DES3
E. DES3 encryption Only. Other available through upgrade.
A new customer needs to terminate HTTPS requires and
pass it to HTTP servers. A throughput between 1400
and 1900 SSL TPS is expected with a maximum of 10,000
concurrent sessions. What is the minimum solution
A. A cluster of two ASA410 systems
B. A cluster of four ASA310 systems
C. A cluster of three ASA410 systems
D. A cluster of three ASA410 systems
A design engineer deployed SSL acceleration services
in a network. The security department has mandated
that all traffic use only the IEFT slandered - TLS
1.0. How should the design engineer configure the
SSL Acceleration service to conform to this restriction?
A. Restrict to TLS 1.0
B. Do nothing, TLS 1.0is the default setting
C. Enable TLS 1.0 & remove all others under/cfg/ssl/advanced/ciphers.
D. Have everyone upgrade their browsers, newer browsers
support TLS 1.0only.
For each HSM card in an SSL Acceleration there are
unique ikeys used for identifying based authentication:
• HSM-Security officer (SO)
• IkeyHSM-USER ikey.
The HSO ikey can perform all of the following except:
A. Changing the HSM-USER ikey password
B. Changing the HSM-SO ikey password
C. Installing a new ASA HSM in a new cluster
D. Adding an additional ASA HSM into a cluster
When an ASA joins an existing cluster, which statement
A. The first box in a cluster is always the Master,
all other are slaves
B. The network administrator can change the Management
IP address of the cluster.
C. The first two ASAs in the cluster will automatically
be Master, all other will be slaves
D. The first four ASAs in the cluster will automatically
be Master, all other will be slaves
Abc .com has implemented an SSL VPN solution. Which
topologies are available for this VPN solution?
A. In path and out of path
B. Single path and path available
C. In path, out of path or dual path
D. In path, out of path or high ayailabilty
An insurance company has built an application that
allows customers to update their personal data. After
deployment, server performance degraded dramatically
and they now want to deploy an ASA solution. Current
requirements are to provide end to end encryption,
scale to 10 backend servers, and persistency maintained
by the individual user. What is the best way to address
A. Configure SSL Connect to the backed serves
B. Configure SSL Connect to the L7loaad servers
C. Torn on Hashing on the SSL Server group in the
D. Add a L7 Load Balanced after SSL traffic has been
encrypted, before the origin servers
Abc .com is tacked operate an e-commerce portal using
HTTPS. The customer must be secure connection wants
to enhance to the encryption capacity and implement
an intrusion Detection System. The communication must
be secure and encrypted to the web server. What are
the necessary components required to meet this objective?
A. One ASA
B. One ASA, one Alteon Web Switch
C. Two ASAs, one Alteon Web Switch
D. Two ASAs, two Alteon Web Switches
The ASA supports Certificate Revocation Lists (CRLs).
Which statement is NOT true?
A. A local CRL can be defined on the ASA.
B. The CRL can be imported by TFTP into the ASA
C. PEM, DER and ASCII are valid file formats for the
D. The CRL must be held by a root Certificate Authority(CA)
Answer: B. C