Q1. Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?
A. logging list critical_messages level 2
console logging critical_messages
B. logging list critical_messages level 2
logging console critical_messages
C. logging list critical_messages level 2
logging console enable critical_messages
D. logging list enable critical_messages level 2
console logging critical_messages
Answer: B
Q2. A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?
A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command
B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan-number
C. Configure an arp access-list and apply it to the ip arp inspection command
D. Enable port security
Answer: C
Q3. Which three statements about transparent firewall are true? ( Choose three)
A. It does not support any type of VPN.
B. Both interfaces must be configured with private IP addresses.
C. It can have only a management IP address.
D. It does not support dynamic routing protocols.
E. It only supports PAT.
F. Transparent firewall works at Layer 2.
Answer: C,D,F
Q4. For which management session types does ASDM allow a maximum simultaneous connection limit to be set?
A. ASDM, Telnet, SSH
B. ASDM, Telnet, SSH, console
C. ASDM, Telnet, SSH, VTY
D. ASDM, Telnet, SSH, other
Answer: A
Q5. Which option lists cloud deployment models?
A. Private, public, hybrid, shared
B. Private, public, hybrid
C. IaaS, PaaS, SaaS
D. Private, public, hybrid, community
Answer: D
Explanation: https://www.ibm.com/developerworks/community/blogs/722f6200-f4ca-4eb3-9d64-8d2b58b2d4e8/entry/4_Types_of_Cloud_Computing_Deployment_Model_You_Need_to_K now1 ?lang=en
Q6. Which Cisco TrustSec role does a Cisco ASA firewall serve within an identity architecture?
A. Access Requester
B. Policy Decision Point
C. Policy Information Point
D. Policy Administration Point
E. Policy Enforcement Point
Answer: E
Q7. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)
A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.
Answer: B,D,E
Q8. What is the default behavior of an access list on a Cisco ASA?
A. It will permit or deny traffic based on the access list criteria.
B. It will permit or deny all traffic on a specified interface.
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
D. It will allow all traffic.
Answer: C
Q9. When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?
A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh
Answer: B
Q10. Which type of object group will allow configuration for both TCP 80 and TCP 443?
A. service
B. network
C. time range
D. user group
Answer: A