Q1. Which CLI command is used to generate firewall debug messages on a Cisco FirePOWER sensor?
A. system support ssl-debug
B. system support firewall-engine-debug
C. system support capture-traffic
D. system support platform
Answer: C
Q2. Which three access control actions permit traffic to pass through the device when using Cisco FirePOWER? (Choose three.)
A. pass
B. trust
C. monitor
D. allow
E. permit
F. inspect
Answer: B C D
Explanation
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/A
Q3. Which detection method is also known as machine learning on Network-based Cisco Advanced Malware Protection?
A. custom file detection
B. hashing
C. Spero engine
D. dynamic analysis
Answer: D
Q4. The Web Cache Communication Protocol (WCCP) is a content-routing protocol that can facilitate the redirection of traffic flows in real time. Your organization has deployed WCCP to redirect web traffic that traverses their Cisco Adaptive Security Appliances (ASAs) to their Cisco Web Security Appliances (WSAs).
The simulator will provide access to the graphical user interfaces of one Cisco ASA and one Cisco WSA that are participating in a WCCP service. Not all aspects of the GUIs are implemented in the simulator. The options that have been implemented are sufficient to determine the best answer to each of the questions that are presented.
Your task is to examine the details available in the simulated graphical user interfaces and select the best answer.
How many Cisco ASAs and how many Cisco WSAs are participating in the WCCP service?
A. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and one Cisco WSA.
B. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and one Cisco WSA.
C. One Cisco ASA or two Cisco ASAs configured as an Active/Standby failover pair, and two Cisco WSAs.
D. One Cisco ASA or two Cisco ASAs configured as an Active/Active failover pair, and two Cisco WSAs.
E. Two Cisco ASAs and one Cisco WSA.
F. Two Cisco ASAs and two Cisco WSAs.
Answer: A
Explanation
We can see from the output that the number of routers (ASA’s) is 1, so there is a single ASA or an active/ standby pair being used, and 1 Cache Engine. If the ASA’s were in a active/active role it would show up as 2 routers.
Q5. Which three access control actions permit traffic to pass through the device when using Cisco FirePOWER? (Choose three.)
A. pass
B. trust
C. monitor
D. allow
E. permit
F. inspect
Answer: B C D
Explanation
http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/A
Q6. When creating an SSL policy on Cisco FirePOWER, which three options do you have
A. do not decrypt
B. trust
C. allow
D. block with reset
E. block
F. encrypt
Answer: A D E
Explanation
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-S
Q7. The Cisco Email Security Appliance will reject messages from which domains?
A. red. public
B. red. public and orange. public
C. red. public, orange. Public and yellow. public
D. orange. public
E. violet. public
F. violet. public and blue.public
G. None of the listed domains
Answer: C
Q8. Which detection method is also known as machine learning on Network-based Cisco Advanced Malware Protection?
A. custom file detection
B. hashing
C. Spero engine
D. dynamic analysis
Answer: D
Q9. With Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)
A. Speed
B. Duplex
C. Media Type
D. Redundant Interface
E. EtherChannel
Answer: A B
Q10. What is the maximum message size that the Cisco Email Security Appliance will accept from the violet.public domain?
A. 1 KB
B. 100 KB
C. 1 MB
D. 10 MB
E. 100 MB
F. Unlimited
Answer: D