EXMEN 1 91.

3%
1. What is a ping sweep?

A ping sweep is a network scanning technique that indicates the live hosts in a range of IP addresses. 2. A port scan is classified as what type of attack?

reconnaissance attack
3. An attacker is using a laptop as a rogue access point to capture all network traffic from a targeted user. Which type of attack is this? man in the middle 4. What are the three major components of a worm attack? (Choose three.) enabling vulnerability payload propagation mechanism 5. What are the basic phases of attack that can be used by a virus or worm in sequential order? probe, penetrate, persist, propagate, and paralyze 6. Which access attack method involves a software program attempting to discover a system password by using an electronic dictionary? brute-force attack 7. How is a Smurf attack conducted?

by sending a large number of ICMP requests to directed broadcast addresses from a spoofed source address on the same network 8. Which two statements describe access attacks? (Choose two.)

Password attacks can be implemented using brute-force attack methods, Trojan Horses, or packet sniffers. Buffer overflow attacks write data beyond the allocated buffer memory to overwrite valid data or exploit systems to execute malicious code. 9. Which type of software typically uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN? packet sniffer 10. Which phase of worm mitigation requires compartmentalization and segmentation of the network to slow down or stop the worm and prevent currently infected hosts from targeting and infecting other systems? containment phase 11. What is a characteristic of a Trojan Horse?

A Trojan Horse can be carried in a virus or worm. 12. Which two statements are characteristics of a virus? (Choose two.) A virus typically requires end-user activation. A virus can be dormant and then activate at a specific time or date. 13. Which two are characteristics of DoS attacks? (Choose two.) They attempt to compromise the availability of a network, host, or application. Examples include smurf attacks and ping of death attack 14. Which three options describe the phases of worm mitigation? (Choose three.)

The containment phase requires the use of incoming and outgoing ACLs on routers and firewalls. The inoculation phase patches uninfected systems with the appropriate vendor patch for the vulnerability. The treatment phase disinfects actively infected systems. 15. A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe? reconnaissance 16. Which two network security solutions can be used to mitigate DoS attacks? (Choose two.) anti-spoofing technologies intrusion protection systems 17. Users report to the helpdesk that icons usually seen on the menu bar are randomly appearing on their computer screens. What could be a reason that computers are displaying these random graphics? A virus has infected the computers. 18. A network administrator detects unknown sessions involving port 21 on the network. What could be causing this security breach? An FTP Trojan Horse is executing. 19. Which statement accurately characterizes the evolution of network security? Internal threats can cause even greater damage than external threats. 20. What is considered a valid method of securing the control plane in the Cisco NFP framework? routing protocol authentication 21. What are two reasons for securing the data plane in the Cisco NFP framework? (Choose two.) to protect against DoS attacks

to force technicians to use SSH and HTTPS when managing devices 22. Which type of security threat can be described as software that attaches to another program to execute a specific unwanted function? Virus

EXMEN 2 100%
1. What are three requirements that must be met if an administrator wants to maintain device configurations via secure in-band management? (Choose three.) network devices configured to accommodate SSH encryption of all remote access management traffic connection to network devices through a production network or the Internet 2. What are two characteristics of SNMP community strings? (Choose two.)

SNMP read-only community strings can be used to get information from an SNMPenabled device. SNMP read-write community strings can be used to set information on an SNMP-enabled device.

3. Refer to the exhibit. Based on the output of the show running-config command, which type of view is SUPPORT? superview, containing SHOWVIEW and VERIFYVIEW views 4. An administrator defined a local user account with a secret password on router R1 for use with SSH. Which three additional steps are required to configure R1 to accept only encrypted SSH connections? (Choose three.) configure the IP domain name on the router generate the SSH keys enable inbound vty SSH sessions 5. Which command is used to verify the existence of a secure Cisco IOS image file? - Ojo show secure bootset

6.

Refer to the exhibit. Which statement regarding the JR-Admin account is true? JR-Admin can issue ping and reload commands.

7. By default, how many seconds of delay between virtual login attempts is invoked when the login block-for command is configured? one 8. Which recommended security practice prevents attackers from performing password recovery on a Cisco IOS router for the purpose of gaining access to the privileged EXEC mode? Locate the router in a secure locked room that is accessible only to authorized personnel. 9. Which set of commands are required to create a username of admin, hash the password using MD5, and force the router to access the internal username database when a user attempts to access the console? R1(config)# username admin secret Admin01pa55 R1(config)# line con 0 R1(config-line)# login local 10. Which two statements describe the initial deployed services of Cisco routers and recommended security configuration changes? (Choose two.) ICMP unreachable notifications are enabled by default but should be disabled on untrusted interfaces. TCP keepalives are disabled by default but should be enabled globally to prevent certain DoS attacks. 11. Which three services does CCP One-Step Lockdown enable? (Choose three.) SSH access to the router password encryption firewall on all outside interfaces 12. Which three areas of router security must be maintained to secure an edge router at the network perimeter? (Choose three.) physical security operating system security router hardening

13. Refer to the exhibit. What two pieces of information can be gathered from the generated message? (Choose two.) This message is a level five notification message. This message indicates that service timestamps have been globally enabled.

14. Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.) Router R1 is the master, and R2 is the client. The IP address of R1 is 192.168.1.2. 15. Why is the usernamenamesecretpassword usernamenamepasswordpassword command? It uses the MD5 algorithm for encrypting passwords. 16. Which three options can be configured by Cisco AutoSecure? (Choose three.) CBAC security banner enable secret password 17. Which two characteristics apply to Role-Based CLI Access superviews? (Choose two.) command preferred over the

Users logged in to a superview can access all commands specified within the associated CLI views. Commands cannot be configured for a specific superview. 18. Which statement describes the operation of the CCP Security Audit wizard? The wizard compares a router configuration against recommended settings. 19. Which three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.) root view superview CLI view

20. If AAA is already enabled, which three CLI steps are required to configure a router with a specific view? (Choose three.) Assign a secret password to the view. Assign commands to the view. Create a view using the parser viewview-name command.

EXMEN 3 100%
1. Which technology provides the framework to enable scalable access security? authentication, authorization, and accounting

2. Which authentication method stores usernames and passwords in the router and is ideal for small networks? local AAA

3.

How does a Cisco Secure ACS improve performance of the TACACS+ authorization process? reduces delays in the authorization queries by using persistent TCP sessions

4.

When configuring a Cisco Secure ACS, how is the configuration interface accessed? A Web browser is used to configure a Cisco Secure ACS.

5.

In regards to Cisco Secure ACS, what is a client device? a router, switch, firewall, or VPN concentrator

6. What is a difference between using the login local command and using local AAA authentication for authenticating administrator access? Local AAA provides a way to configure backup methods of authentication; login local does not.

7. Refer to the exhibit. Router R1 has been configured as shown, with the resulting log message. On the basis of the information presented, which two AAA authentication statements are true? (Choose two.)

The locked-out user failed authentication. The locked-out user stays locked out until the clear aaa local user lockout username Admin command is issued. 8. Due to implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? authorization 9. Which two modes are supported by AAA to authenticate users for accessing the network and devices? (Choose two.) character mode packet mode 10. When configuring a method list for AAA authentication, what is the effect of the keyword local? It accepts a locally configured username, regardless of case. 11. Which two statements describe Cisco Secure ACS? (Choose two.) Cisco Secure ACS supports LDAP. Cisco Secure ACS supports both TACACS+ and RADIUS protocols.

12.

Which two AAA access method statements are true? (Choose two.) Character mode provides users with administrative privilege EXEC access and requires use of the console, vty, or tty ports. Packet mode provides remote users with access to network resources and requires use of dialup or VPN.

13.

Which statement identifies an important difference between TACACS+ and RADIUS? The TACACS+ protocol allows for separation of authentication from authorization.

14.

What is a characteristic of TACACS+? TACACS+ provides authorization of router commands on a per-user or per-group basis.

15. Refer to the exhibit. Router R1 is configured as shown. An administrative user attempts to use Telnet from router R2 to router R1 using the interface IP address 10.10.10.1. However, Telnet access is denied. Which option corrects this problem? The administrative user should use the username Admin and password Str0ngPa55w0rd. 16. Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) password encryption utilization of transport layer protocols 17. What is an effect if AAA authorization on a device is not configured? Authenticated users are granted full access rights. 18. Why is local database authentication preferred over a password-only login? It provides for authentication and accountability.

19. Refer to the exhibit. In the network shown, which AAA command logs the use of EXEC session commands? aaa accounting exec start-stop group tacacs+ 20. After accounting is enabled on an IOS device, how is a default accounting method list applied?

Accounting method lists are applied only to the VTY interfaces. (ojo) 21. What is the result if an administrator configures the aaa authorization command prior to creating a user with full access rights? The administrator is immediately locked out of the system.

EXMEN 4 85.4%
1. To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? echo reply 2. For a stateful firewall, which information is stored in the stateful session flow table?

source and destination IP addresses, and port numbers and sequencing information associated with a particular session

3. Which statement describes one of the rules governing interface behavior in the context of implementing a zone-based policy firewall configuration? By default, traffic is allowed to flow among interfaces that are members of the same zone.

4. Refer to the exhibit. Which statement is true about the effect of this Cisco IOS zone-based policy firewall configuration? The firewall will automatically allow HTTP, HTTPS, and FTP traffic from fa0/0 to s0/0 and will track the connections. Tracking the connection allows only return traffic to be permitted through the firewall in the opposite direction.

5. When configuring a Cisco IOS zone-based policy firewall, which two actions can be applied to a traffic class? (Choose two.) drop inspect 6. Which two parameters are tracked by CBAC for TCP traffic but not for UDP traffic? (Choose two.) sequence number SYN and ACK flags 7. Which two are characteristics of ACLs? (Choose two.) Extended ACLs can filter on destination TCP and UDP ports. Extended ACLs can filter on source and destination IP addresses. 8. When using CCP to apply an ACL, the administrator received an informational message indicating that a rule was already associated with the designated interface in the designated direction. The administrator continued with the association by selecting the merge option. Which statement describes the effect of the option that was selected? A new combined access rule was created using the new access rule number. Duplicate ACEs were removed.

9.

Refer to the exhibit. Which statement describes the function of the ACEs? These ACEs allow for IPv6 neighbor discovery traffic.

10. Which statement correctly describes how an ACL can be used with the access-class command to filter vty access to a router? An extended ACL can be used to restrict vty access based on specific source addresses and protocol but the destination can only specify the keyword any 11. Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or originating from the router? self zone 12. What is the first step in configuring a Cisco IOS zone-based policy firewall using the CLI? Create zones. 13. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? ipv6 traffic-filter ENG_ACL in

14. Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet? The packet is dropped.

15.

What is a limitation of using object groups within an access control entry?

It is not possible to delete an object group or make an object group empty if the object group is already applied to an ACE. 16. Class maps identify traffic and traffic parameters for policy application based on which three criteria? (Choose three.) access group protocol subordinate class map

17.

Which statement describes a typical security policy for a DMZ firewall configuration? Traffic that originates from the DMZ interface is permitted to traverse the firewall to the outside interface with little or no restrictions.

18. Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OSI model? A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer.

19. Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two.)

SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed. Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked. 20. When implementing an inbound Internet traffic ACL, what should be included to prevent the spoofing of internal networks? ACEs to prevent traffic from private address spaces

EXMEN 5 87.5%

1. Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.) Deny Attacker Inline Deny Connection Inline 2. Why is a network that deploys only IDS particularly vulnerable to an atomic attack? The IDS permits malicious single packets into the network. 3. A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use? show ip ips statistics 4. Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.) ip http server ip ips notify sdee

5. Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category? Only signatures in the ios_ips basic category will be compiled into memory for scanning. 6. Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.) addition of a signature risk rating support for encrypted signature parameters

7. Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.) IOS-Sxxx-CLI.pkg realm-cisco.pub.key.txt 8. A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature? medium

9. Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate? The public crypto key is invalid or entered incorrectly.

10.

Refer to the exhibit. What action will be taken if a signature match occurs? The packet will be allowed, and an alert will be generated.

11. Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase Network database? global correlation

12.

Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS?

all traffic entering the s0/0/1 interface and all traffic entering and leaving the fa0/1 interface

13.

What is a disadvantage of network-based IPS as compared to host-based IPS? Network-based IPS cannot examine encrypted traffic.

14. Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command? It is the subsignature ID. 15. Which statement is true about an atomic alert that is generated by an IPS? It is an alert that is generated every time a specific signature has been found.

16. Refer to the exhibit. Based on the configuration commands that are shown, how will IPS event notifications be sent? syslog format 17. An administrator is using CCP to modify a signature action so that if a match occurs, the packet and all future packets from the TCP flow are dropped. What action should the administrator select? reset-tcp-connection 18. What information is provided by the show ip ips configuration configuration command? the default actions for attack signatures

19. Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1? All traffic that is permitted by the ACL is subject to inspection by the IPS. 20. Which protocol is used when an IPS sends signature alarm messages?

SDEE

EXMEN 6 83.3%
1. Which Cisco IronPort appliance would an organization install to protect against malware? S-Series 2. What is the goal of the Cisco NAC framework and the Cisco NAC appliance? to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network 3. Which two methods are used to mitigate VLAN attacks? (Choose two.) implementing BPDU guard on all access ports disabling DTP autonegotiation on all trunk ports 4. Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.) Use a dedicated native VLAN for all trunk ports. Disable trunk negotiation on all ports connecting to workstations. 5. As a recommended practice for Layer 2 security, how should VLAN 1 be treated? VLAN 1 should not be used. 6. Which attack relies on the default automatic trunking configuration on most Cisco switches? VLAN hopping attack 7. Under which circumstance is it safe to connect to an open wireless network? The device has been updated with the latest virus protection software. 8. Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices? These devices are more varied in type and are portable. 9. Which three switch security commands are required to enable port security on a port so that it will dynamically learn a single MAC address and disable the port if a host with any other MAC address is connected? (Choose three.) switchport mode access switchport port-security switchport port-security mac-address sticky

10.

Which command is used to configure the PVLAN Edge feature? switchport protected

11. Which Cisco IronPort appliance would an organization install to manage and monitor security policy settings and audit information? M-Series

12. Refer to the exhibit. What action will the switch take when the maximum number of secure MAC addresses has reached the allowed limit on the Fa0/2 port? Packets with unknown source addresses are dropped without notification.

13.

What is the default configuration of the PVLAN Edge feature on a Cisco switch? No ports are defined as protected.

14.

Which three are SAN transport technologies? (Choose three.) Fibre Channel iSCSI FCIP

15.

What is an example of a trusted path in an operating system? Ctrl-Alt-Delete key sequence

16.

Which software tool can a hacker use to flood the MAC address table of a switch? macof

17. Which statement is true about a characteristic of the PVLAN Edge feature on a Cisco switch? All data traffic that passes between protected ports must be forwarded through a Layer 3 device. 18. Which option best describes a MAC address spoofing attack?

An attacker alters the MAC address of his host to match another known MAC address of a target host. 19. With IP voice systems on data networks, which two types of attacks target VoIP specifically? (Choose two.)

SPIT vishing 20. When the Cisco NAC appliance evaluates an incoming connection from a remote device against the defined network policies, what feature is being used? authentication and authorization

EXMEN 7 85.4%

1. A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required? nonrepudiation of the transaction 2. Which encryption protocol provides network layer confidentiality? IPsec protocol suite 3. Which characteristic of security key management is responsible for making certain that weak cryptographic keys are not used? verification

4.

Refer to the exhibit. Which type of cipher method is depicted? transposition cipher

5.

Why is RSA typically used to protect only small amounts of data? The algorithms used to encrypt data are slow.

6.

Which statement describes a cryptographic hash function?

A one-way cryptographic hash function is hard to invert. 7. Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure? The users must obtain the certificate of the CA and then their own certificate. 8. Which statement describes asymmetric encryption algorithms? They are relatively slow because they are based on difficult computational algorithms.

9.

Which statement is a feature of HMAC?

HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance. 10. Which two non-secret numbers are initially agreed upon when the Diffie-Hellman algorithm is used? (Choose two.) generator prime modulus 11. Which two statements correctly describe certificate classes used in the PKI? (Choose two.) A class 0 certificate is for testing purposes. A class 4 certificate is for online business transactions between companies. 12. The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee? nonrepudiation

13.

How do modern cryptographers defend against brute-force attacks?

Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack. 14. Which type of cryptographic key would be used when connecting to a secure website? symmetric keys 15. An administrator requires a PKI that supports a longer lifetime for keys used for digital signing operations than for keys used for encrypting data. Which feature should the PKI support? usage keys 16. Which three primary functions are required to secure communication across network links? (Choose three.) authentication

confidentiality integrity

17.

What is the basic method used by 3DES to encrypt plaintext? The data is encrypted, decrypted, and encrypted using three different keys.

18. Which algorithm is used to automatically generate a shared secret for two systems to use in establishing an IPsec VPN? DH

19.

Refer to the exhibit. Which encryption algorithm is described in the exhibit? 3DES

20.

What does it mean when a hashing algorithm is collision resistant? Two messages with the same hash are unlikely to occur.

EXMEN 8 85.4%

1. Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the CCP Site-to-Site VPN wizard on R1. Which IP address should the administrator enter in the highlighted field?

10.2.2.2 2. A network administrator is planning to implement centralized management of Cisco VPN devices to simplify VPN deployment for remote offices and teleworkers. Which Cisco IOS feature would provide this solution? Cisco Easy VPN 3. Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways? 500

4. Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel between R1 and R2. Assuming the R2 GRE configuration is correct and based on the running configuration of R1, what must the administrator do to fix the problem? Change the tunnel destination to 209.165.200.225.

5. Refer to the exhibit. Based on the CCP settings that are shown, which Easy VPN Server component is being configured? group policy 6. With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client? Reverse Route Injection 7. When using ESP tunnel mode, which portion of the packet is not authenticated? new IP header

8.

Which statement describes an important characteristic of a site-to-site VPN? It must be statically set up.

9.

Which action do IPsec peers take during the IKE Phase 2 exchange? negotiation of IPsec policy

10. When configuring an IPsec VPN, what is used to define the traffic that is sent through the IPsec tunnel and protected by the IPsec process? crypto ACL 11. Which two statements accurately describe characteristics of IPsec? (Choose two.) IPsec works at the network layer and operates over all Layer 2 protocols. IPsec is a framework of open standards that relies on existing algorithms. 12. A user launches Cisco VPN Client software to connect remotely to a VPN service. What does the user select before entering the username and password? the desired preconfigured VPN server site

13. Refer to the exhibit. Based on the CCP screen that is shown, which two conclusions can be drawn about the IKE policy that is being configured? (Choose two.) It will use digital certificates for authentication. It will use a very strong encryption algorithm. 14. What is the default IKE policy value for encryption? DES 15. How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel? 24

16. Which two authentication methods can be configured when using the CCP Site-to-Site VPN wizard? (Choose two.) pre-shared keys digital certificates 17. When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings? show crypto isakmp policy

18. Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.) Confidentiality options include DES, 3DES, and AES. Diffie-Hellman options include DH1, DH2, and DH5.

19.

What are two benefits of an SSL VPN? (Choose two.) It has the option of only requiring an SSL-enabled web browser. It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.

20.

What is required for a host to use an SSL VPN to connect to a remote network device? A web browser must be installed on the host.

EXMEN 10 90.4%
1. Which three components must be configured when implementing a client-based SSL VPN on an ASA 5505 device? (Choose three.) client address assignment client image group policy 2. Which option lists the four steps to configure the Modular Policy Framework on an ASA? 1) Configure extended ACLs to identify specific granular traffic. This step may be optional. 2) Configure the class map to define interesting traffic. 3) Configure a policy map to apply actions to the identified traffic. 4) Configure a service policy to identify which interface should be activated for the service.

3. Refer to the exhibit. What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505?

range 192.168.1.10 192.168.1.20

4. Refer to the exhibit. An administrator has entered the indicated commands on an ASA 5505. Based on the information presented, what type of remote access VPN has the administrator configured? a clientless SSL VPN via a web browser 5. Which Cisco ASDM menu sequence would be used to edit a client-based AnyConnect SSL VPN configuration? Configuration > Remote Access VPN > Network (Client) Access 6. Which three types of remote access VPNs are supported on ASA devices? (Choose three.) Clientless SSL VPN using a web browser IPsec (IKEv1) VPN using the Cisco VPN Client SSL or IPsec (IKEv2) VPN using the Cisco AnyConnect Client

7. Refer to the exhibit. Which ASDM menu sequence would be required to configure Telnet or SSH AAA authentication using a TACACS server first or the local device user database if the TACACS server authentication is unavailable? Configuration > Device Management > Management Access > ASDM/HTTPS/Telnet/SSH 8. When the ASA recognizes that the incoming packets are part of an already established connection, which three fast path tasks are executed? (Choose three.) adjusting Layer 3 and Layer 4 headers performing IP checksum verification performing TCP sequence number checks 9. Which two statements correctly describe the ASA as an advanced stateful firewall? (Choose two.) In routed mode, an ASA can support two or more Layer 3 interfaces. The first packet of a flow examined by an ASA goes through the session management path. 10. Which three wizards are included in Cisco ASDM 6.4? (Choose three.) Security Audit wizard Startup wizard VPN wizard

11. Refer to the exhibit. Which three sets of configuration commands were entered on the ASA 5505? (Choose three.) 2.1- interface e0/0 2.2.- switchport access vlan 2 2.3.- no shut 2.4.- exit 3.1.- interface vlan 2 3.2.- nameif outside 3.3.- security-level 0 3.4.- ip address 209.165.200.226 255.255.255.248 12. Which three components must be configured when using the Site-to-Site VPN Connection Setup wizard in ASDM? (Choose three.) authentication method encryption algorithms IKE version

13. Which three components must be configured when implementing a clientless SSL VPN on an ASA 5505 device? (Choose three.) bookmark lists connection profile name group policy 14. Which option lists the ASA adaptive security algorithm session management tasks in the correct order? 1) performing the access list checks

2) performing route lookups 3) allocating NAT translations (xlates) 4) establishing sessions in the "fast path"

15. Refer to the exhibit. A remote host is connecting to an ASA 5505 via a VPN connection. Once authenticated, the host displays the highlighted system tray icon. On the basis of the information that is presented, what three assumptions can be made? (Choose three.) The host has connected to the ASA via a client-based SSL VPN connection. The host is connected via the AnyConnect VPN client. The host is connected via the Cisco VPN client. 16. What are three characteristics of ASA transparent mode? (Choose three.) This mode does not support VPNs, QoS, or DHCP Relay. This mode is referred to as a "bump in the wire." In this mode the ASA is invisible to an attacker.

17. Refer to the exhibit. According to the exhibited command output, which three statements are true about the DHCP options entered on the ASA 5505? (Choose three.) The dhcpd auto-config outside command was issued to enable the DHCP client. The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server. The dhcpd enable insidecommand was issued to enable the DHCP server.

18. An administrator has successfully configured a site-to-site VPN on an ASA 5505. Which ASDM menu sequence displays the number of packets encrypted, decrypted, and security association requests?

Monitoring > VPN > VPN Statistics > Crypto Statistics 19. In what three ways do the 5505 and 5510 Adaptive Security Appliances differ? (Choose three.) in the maximum traffic throughput supported in the number of interfaces in types of interfaces 20. Which three security features do ASA models 5505 and 5510 support by default? (Choose three.) intrusion prevention system stateful firewall VPN concentrator