Q1. Which command can you enter on the Cisco ASA to disable SSH?
A. Crypto key generate ecdsa label
B. Crypto key generate rsa usage-keys noconfirm
C. Crypto keys generate rsa general-keys modulus 768
D. Crypto keys generate ecdsa noconfirm
E. Crypto keys zeroize rsa noconfirm
Answer: E
Q2. What command specifies the peer from which MSDP SA message are accepted?
A. IP msdpsa-filter in <peer>[list<acl>] [route-map <map> ]
B. Ipmsdp default-peer <peer>
C. Ipmsdp mesh-group
D. Ipmsdp originator-id <interface>
Answer: B
Q3. What are three QoS features supported on the ASA running version 8.x? (Choose Three)
A. Traffic shaping and standard priority queuing on the same interface.
B. IPSec-over-TCP priority queuing.
C. Traffic shaping within the class-default class map only.
D. Priority queuing.
E. Traffic shaping within any class map.
F. Traffic policing.
Answer: C,D,F
Q4. What technology can you implement on your network to allow IPv4-dependent applications to work with IPv6- capable application?
A. NAT 6to4
B. DS-lite
C. NAT-PT
D. ISATAP
E. NAT64
Answer: E
Q5. Refer to the exhibitÂ
which two statement about the given IPV6 ZBF configuration are true? (Choose two)
A. It provides backward compability with legacy IPv6 inspection
B. It inspect TCP, UDP,ICMP and FTP traffic from Z1 to Z2.
C. It inspect TCP, UDP,ICMP and FTP traffic from Z2 to Z1.
D. It inspect TCP,UDP,ICMP and FTP traffic in both direction between z1 and z2.
E. It passes TCP, UDP,ICMP and FTP traffic from z1 to z2.
F. It provide backward compatibility with legacy IPv4 inseption.
Answer: A,B
Q6. Refer to the exhibit. What type of attack is represented in the given Wireshark packet capture?
A. a SYN flood
B. spoofing
C. a duplicate ACK
D. TCP congestion control
E. a shrew attack
Answer: A
Q7. Which three statements are true regarding Security Group Tags? (Choose three.)
A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result.
B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile.
C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x.
D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and
WebAuth methods of authentication.
E. A Security Group Tag is a variable length string that is returned as an authorization result.
Answer: A,C,D
Q8. What message does the TACACS+ daemon send during the AAA authentication process to request additional authentication information?
A. ACCEPT
B. REJECT
C. CONTINUE
D. ERROR
E. REPLY
Answer: C
Q9. What is the default communication port used by RSA SDI and ASA ?
A. UDP 500
B. UDP 848
C. UDP 4500
D. UDP 5500
Answer: D
Q10. What security element must an organization have in place before it can implement a security audit and validate the audit results?
A. firewall
B. network access control
C. an incident response team
D. a security policy
E. a security operation center
Answer: D