- All Exams Instant Download
Which statement about the Cisco ASA botnet traffic filter is true?
Which statement about the Cisco ASA botnet traffic filter is true?A . The four threat levels are low, moderate, high, and very high.B . By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level ofhigh or very high.C . Static blacklist entries always have a...
When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)
When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)A . Enable the use of dynamic databases.B . Add static entries to the database.C . Enable DNS snooping.D . Enable traffic classification and actions.E . Block traffic manually based on its syslog...
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)A . DHCP snoopingB . IP Source GuardC . TelnetD . Secure ShellE . SNMPView AnswerAnswer: A,B
Which three statements about the software requirements for a firewall failover configuration are true? (Choose three.)
Which three statements about the software requirements for a firewall failover configuration are true? (Choose three.)A . The firewalls must be in the same operating mode.B . The firewalls must have the same major and minor software version.C . The firewalls must be in the same context mode.D . The...
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)A . address translation rateB . Cisco ASDM session rateC . connections rateD . MAC-address learning rate (when in transparent mode)E . syslog messages rateF . stateful packet inspections...
Which action is considered a best practice for the Cisco ASA firewall?
Which action is considered a best practice for the Cisco ASA firewall?A . Use threat detection to determine attacksB . Disable the enable passwordC . Disable console loggingD . Enable ICMP permit to monitor the Cisco ASA interfacesE . Enable logging debug-trace to send debugs to the syslog serverView AnswerAnswer:...
Which two statements about Cisco IOS Firewall are true? (Choose two.)
Which two statements about Cisco IOS Firewall are true? (Choose two.)A . It provides stateful packet inspection.B . It provides faster processing of packets than Cisco ASA devices provide.C . It provides protocol-conformance checks against traffic.D . It eliminates the need to secure routers and switches throughout the network.E ....
Which VTP mode supports private VLANs on a switch?
Which VTP mode supports private VLANs on a switch?A . transparentB . serverC . clientD . offView AnswerAnswer: A
Which statement about how the Cisco ASA supports SNMP is true?
Which statement about how the Cisco ASA supports SNMP is true?A . All SNMFV3 traffic on the inside interface will be denied by the global ACLB . The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c, and 3, butdo not support the use of all...
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
On the Cisco ASA, where are the Layer 5-7 policy maps applied?A . inside the Layer 3-4 policy mapB . inside the Layer 3-4 class mapC . inside the Layer 5-7 class mapD . inside the Layer 3-4 service policyE . inside the Layer 5-7 service policyView AnswerAnswer: A
