Which command set would be used to create an object group for a server running the DNS server service located on the 10.0.0.0 255.0.0.0 network?
You have been asked to strengthen the security of each network switch. One method that needs to be employed is IP Source Guard. Which levels of IP traffic filtering are available? (Choose two)
A network group named blcokNY was created. It contains only IPv4 networks. An IPv6 network needs to have the same ACLs applied to it. Which option would best achieve this requirement?
Describe how dynamic protocols are supported on the ASA. (Choose three)
You are in the process of configuring PVLANs on a Cisco Catalyst switch. You need to configure the port that connects to the default gateway. What type of port should be configured?
Which SNMP version and security level needs to be specified in the "snmp-server user" command if SHA authentication and AES encryption are to be used for SNMP users? (Choose two)
A network has recently configured the following L2 Data Plane control: DHCP snooping. What will configuring this accomplish for the organization? (Choose two)
Identify the ways in which IP spoofing is used? (Choose three)
What statements describe service placement within the network zone architecture? (Choose two)
Which of the following statements describe the self zone? (Choose three)
You want to check if host 10.1.1.2 has an entry in the local host table. Which commands can you use? (Choose two)
Which of the following are available firewall filtering technologies? (Choose three)
Which SAP operational mode provides both encryption and authentication?
Which type of attack can be mitigated by using BPDU guard?
A network administrator has identified several hosts on the network that have been infected with malware. An analysis of traffic from the infected hosts identified that communication had occurred with a malware control server on the Internet. Which feature should be implemented on the Cisco ASA that is specifically designed to prevent these types of attacks?
A Cisco security consultant is designing a firewall solution for a company. The company contains a single Active Directory Domain Services domain and has several remote employees. Management has given the following requirements: - Only HR employees can access the HR department network. - Users should not be prompted for login information. Which firewall solution can be used?
Identify the features of the Zone-Based Policy Firewall TCP normalizer. (Choose three)
Which of the following describe C3PL policy map functions? (Choose three)
Firewall threat controls should be placed throughout the Cisco modular network architecture, one option for a control are stateful packet filters. Which statements are true of stateful packet filters? (Choose two)
Which option supports Cisco TrustSec NDAC SAP?
Which statements describe the benefits of inside NAT? (Choose three)
Identify the tasks involved in configuring control plane protection. (Choose four)
How can the ASA be configured to allow the SNMP clients to poll or to receive traps from the ASA? (Choose two)
A network administrator has configured the DHCP snooping feature on a switch. Which command can be used to determine the interfaces that have been trusted and the rate limit configured on them?
Identify statements that describe plane and management plane security controls. (Choose two)
Identify the statements that describe NAT with PAT and policy-based NAT. (Choose three)
Which protocol can be implemented to maintain accurate time synchronization on Cisco devices?
Recently, Cisco Botnet Traffic Filter was enabled. However, after traffic analysis, it is determined that data is being sent to and from a known Botnet. Which two separate configurations could be implemented to resolve this issue? (Choose two)
How will a configured Cisco ASA appliance handle a packet when there is no match in the NAT table?
Which of the following correctly describes the Cisco modular network architecture design management module?
Which security features provided by switches can protect network devices and network endpoints against L2 attacks? (Choose two)
Examine the output in the exhibit. What can be concluded based upon the output?
Which of the following options are the benefits of the Identity Internal Firewall? (Choose three)
Which statements are true regarding the configuration of Zone-Based Policy Firewall zones and zone pairs? (Choose three)
Select the statements that best a describe Zone Interface Points. (Choose two)
A network administrator is designing a firewall solution for his company. The solution includes the configuration of all Cisco routers. The solution must meet the following requirements: - Use a restrictive approach - Be configured using a static rulebase - Work best with Layer 3 only filtering - Be transparent and provide high performance Which firewall filtering technology should be used?
Identify the statements that describe the features of Network Time Protocol, or NTP. (Choose three)
What are the main components that make up the Cisco modular network architecture? (Choose two)
Which command would be issued to set the GigabitEthernet0/0 as the dedicated management interface and allow only ssh? (Choose two)
What are two advantages of using a next-generation, context-aware firewall over a standard firewall? (Choose two)
Identify statements that describe NAT configuration on Cisco ASA. (Choose two)
Where do you navigate to on the Firewall to configure an identity-based access rule?
How can you verify your object groups on the Cisco ASA? (Choose two)
Which two features correctly identify the DHCP snooping feature? (Choose two)
Which of the following are characteristics of Cisco ASA global ACLs? (Choose three)
Which of the following guidelines should be followed when combining firewall filtering technologies? (Choose two)
How can storm control prevent LAN traffic from being disrupted by storms? (Choose three)
Which statements describe characteristics of the Cisco ASA FTP inspector? (Choose three)
Which switch security feature measures bandwidth-based or packet-based traffic activity and can shut down a port if excessive activity is reached?
You plan on tuning basic Cisco ASA OSI layer 3-4 inspection parameters. Which are the correct statements about options available within the default inspection policy for tuning the basic stateful inspection functionality of the Cisco ASA? (Choose two)
The Cisco IOS Zone-Based Policy Firewall can inspect protocols such as eDonkey, FastTrack, and Gnutella v2. What type of protocols are these?
You are troubleshooting an SSH connectivity issue with a Cisco ASA adaptive security appliance. The host has an interface address of 10.0.0.101 using port 1024 and the Cisco ASA adaptive security appliance has an interface address of 172.16.1.2. Which CLI command will allow you to quickly pinpoint the cause of the connectivity issue?
Which of the following best describes a parameter map?
Where should network infrastructure protection controls be placed within the Cisco modular network architecture design?
When configuring Cisco ASA support for dynamic protocols, you will perform specific configuration tasks. Identify the statements about configuring Cisco ASA support for dynamic protocols. (Choose two)