Cisco ASA Express Security v6.0
Question 1
Which statement describes how users create their own (custom) application signatures with the Cisco ASA NGFW?
- A. Wait for the Cisco application signatures update.
- B. Add multiple applications into a new object, which can be used in policies.
- C. Create rules for interesting applications that they care about, and assign an action for that rule.
- D. Define applications based on URL, FQDN, user agents, IP addresses, or ports.
Answer : D
Question 2
To maintain employee productivity, employee access is restricted based on application, user, device, and location.
Which two licenses are needed to allow administrators to enforce company policy?
(Choose two.)
- A. AVC
- B. Botnet Filtering
- C. IPS for NGFW
- D. WSE
- E. AnyConnect Premium
Answer : A,D
Question 3
Refer to the exhibit.
Which statement describes the effect of the access policy?
- A. SSH traffic is blocked only on TCP port 22.
- B. SSH traffic is blocked on any port.
- C. Traffic that matches the access policy is logged in the PRMS event viewer.
- D. SSH traffic is captured automatically.
Answer : B
Question 4
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues.
Choose three characteristics of DTLS. (Choose three.)
- A. It uses TLS to negotiate and establish DTLS connections.
- B. It uses DTLS to transmit datagrams.
- C. It is disabled by default.
- D. It uses TLS for data packet retransmission.
- E. It replaces underlying transport layer with UDP 443.
- F. It uses TLS to provide low-latency video application tunneling.
Answer : A,B,E
Question 5
Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?
- A. http 10.1.16.0 0.0.0.0 inside
- B. http 10.1.16.0 0.0.15.255 inside
- C. http 10.1.16.0 255.255.240.0 inside
- D. http 10.1.16.0 255.255.255.255
Answer : C
Question 6
Which NGFW component collects user details so that access policies can match traffic based on this information?
- A. directory realms
- B. identity policies
- C. authentication settings
- D. CDA or Active Directory agent
Answer : B
Question 7
You are configuring bookmarks for the clientless SSL VPN portal without the use of plug- ins. Which three bookmark types are supported? (Choose three.)
- A. RDP
- B. HTTP
- C. FTP
- D. CIFS
- E. SSH
- F. Telnet
Answer : B,C,D
Question 8
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
- A. RIP (v1 and v2)
- B. OSPF
- C. ISIS
- D. BGP
- E. EIGRP
- F. Bidirectional PIM
- G. MOSPF
- H. PIM dense mode
Answer : A,B,E,F
Question 9
Refer to the exhibit.
Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?
- A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
- B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
- C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
- D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
- E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
- F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2
Answer : F
Question 10
To which two policy types can an administrator apply a web reputation profile to implement reputation-based processing? (Choose two.)
- A. access policies that permit traffic
- B. access policies that deny traffic
- C. decryption policies that decrypt potentially malicious traffic
- D. universal access policies
- E. NAT policies for ASAs that operate in multiple device mode
- F. packet capture policies that perform global capture of dropped packets
Answer : AC
Question 11
Which statement about the on-box version of PRSM is true?
- A. Cisco ASA NGFW comes preinstalled with a version of PRSM.
- B. The on-box PRSM can support up to five NGFW modules.
- C. The on-box PRSM license can be applied to the off-box version of PRSM.
- D. Cisco ASA NGFW requires an ESXi license to run on-box PRSM.
Answer : A
Question 12
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
- A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
- B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
- C. Time-based licenses are stackable in duration but not in capacity.
- D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.
Answer : AC
Question 13
In which two ways is the Cisco ASA CWS subscription licensed? (Choose two.)
- A. term only
- B. term and seat
- C. term and application
- D. term and session
- E. free with purchase of WSE 5-year term subscription license
Answer : AB
Question 14
Which license is required on the Cisco ASA NGFW for an administrator to manage it securely from a remote laptop?
- A. AnyConnect Endpoint Assessment
- B. AnyConnect Premium
- C. AnyConnect for Mobile
- D. AnyConnect for Cisco VPN phone
- E. Cisco Secure Desktop
Answer : B
Question 15
You are an NGFW administrator at a local school and want to take appropriate steps to limit exposure to explicit content for students.
Which access policy action is the most effective with the least impact?
- A. Limit bandwidth to 200 Kb/s.
- B. Filter MIME image file types.
- C. Enable IPS for NGFW.
- D. Enforce Safe Search.
- E. Block sites with poor web reputation.
Answer : D