Q61. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces? 

A. ASA 5505 with failover license option 

B. ASA 5510 Security+ license option 

C. ASA 5520 with any license option 

D. ASA 5540 with AnyConnect Essentials License option 

Answer:


Q62. When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled? 

A. By enabling ARP inspection; however, it cannot be controlled by an ACL 

B. By enabling ARP inspection or by configuring ACLs 

C. By configuring ACLs; however, ARP inspection is not supported 

D. By configuring NAT and ARP inspection 

Answer:


Q63. Which three options are hardening techniques for Cisco IOS routers? (Choose three.) 

A. limiting access to infrastructure with access control lists 

B. enabling service password recovery 

C. using SSH whenever possible 

D. encrypting the service password 

E. using Telnet whenever possible 

F. enabling DHCP snooping 

Answer: A,C,D 


Q64. Which Layer 2 security feature validates ARP packets? 

A. DAI 

B. DHCP server 

C. BPDU guard 

D. BPDU filtering 

Answer:


Q65. Which two web browsers are supported for the Cisco ISE GUI? (Choose two.) 

A. HTTPS-enabled Mozilla Firefox version 3.x 

B. Netscape Navigator version 9 

C. Microsoft Internet Explorer version 8 in Internet Explorer 8-only mode 

D. Microsoft Internet Explorer version 8 in all Internet Explorer modes 

E. Google Chrome (all versions) 

Answer: A,C 


Q66. What are three of the RBAC views within Cisco IOS Software? (Choose three.) 

A. Admin 

B. CLI 

C. Root 

D. Super Admin 

E. Guest 

F. Super 

Answer: B,C,F 


Q67. Refer to the exhibit. Which command can produce this packet tracer output on a firewall? 

A. packet-tracer input INSIDE tcp 192.168.1.100 88 192.168.2.200 3028 

B. packet-tracer output INSIDE tcp 192.168.1.100 88 192.168.2.200 3028 

C. packet-tracer input INSIDE tcp 192.168.2.200 3028 192.168.1.100 88 

D. packet-tracer output INSIDE tcp 192.168.2.200 3028 192.168.1.100 88 

Answer:


Q68. A Cisco ASA is configured in multiple context mode and has two user-defined contexts—Context_A and Context_B. From which context are device logging messages sent? 

A. Admin 

B. Context_A 

C. Context_B 

D. System 

Answer:


Q69. Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance? 

A. HTTP and POST flood attack 

B. HTTP Compromised-Key Attack 

C. HTTP Shockwave Flash exploit 

D. HTTP SQL injection attack 

Answer:


Q70. At which layer does MACsec provide encryption? 

A. Layer 1 

B. Layer 2 

C. Layer 3 

D. Layer 4 

Answer: