1. Which statement describes the function provided to a network administratorwho uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Start application?
The administrator can connect to and manage a single ASA.*
The administrator can connect to and manage multiple ASA devices.
The administrator can connect to and manage multiple ASA devices and Cisco routers.
The administrator can connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
2. What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?
It does not require any initial device configuration.
It hides the complexity of security commands.*
ASDM provides increased configuration security.
It does not require a remote connection to a Cisco device.
3. Which type of security is required for initial access to the Cisco ASDM by using the local application option?
SSL*
WPA2 corporate
biometric
AES
4. Which minimum configuration is required on most ASAs before ASDM can be used?
SSH
a dedicated Layer 3 management interface*
a logical VLAN interface and an Ethernet port other than 0/0
Ethernet 0/0
5. What must be configured on an ASA before it can be accessed by ASDM?
web server access*
Telnet or SSH
an Ethernet port other than 0/0
Ethernet 0/0 IP address
6. How is an ASA interface configured as an outside interface when using ASDM?
Select a check box from the Interface Type option that shows inside, outside, and DMZ.
Select outside from the Interface Type drop-down menu.
Enter the name “outside” in the Interface Name text box.*
Drag the interface to the port labeled “outside” in the ASA drawing.
7. Refer to the exhibit. Which Device Management menu item would be used to access theASA command line from within Cisco ASDM?
Licensing
System Image/Configuration
Management Access*
Advanced
8. Which ASDM configuration option is used to configure the ASA enable secret password?
Device Setup*
Monitoring
Interfaces
Device Management
9. Refer to the exhibit. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?
Startup Wizard
Device Name/Password
Routing
Interfaces
System Time*
10. True or False?
The ASA can be configured through ASDM as a DHCP server.
false
true*
11. Which ASDM interface option would be used to configure an ASA as a DHCP server for local corporate devices?
DMZ
outside
local
inside*
12. Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?
security master
super encryption
master passphrase*
device protection
13. Which type of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?
3DES
public/private key
AES*
128-bit
14. When the CLI is used to configure an ISR for a site-to-site VPN connection, which two items must be specified to enable a crypto map policy? (Choose two.)
the hash
the peer*
encryption
the ISAKMP policy
a valid access list*
IP addresses on all active interfaces
15. What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connection?
to permit only secure protocols
to log denied traffic
to identify the peer
to define interesting traffic*
16. When ASDM is used to configure an ASA site-to-site VPN, what can be customized to secure traffic?
ISAKMP
IKE
IKE and ISAKMP*
preshared key
17. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?
clientless SSL*
site-to-site using an ACL
site-to-site using a preshared key
client-based SSL
18. Which remote-access VPN connection allows the user to connect by using a web browser?
IPsec (IKEv2) VPN
site-to-site VPN
clientless SSL VPN*
IPsec (IKEv1) VPN
19. Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
IPsec (IKEv2) VPN*
site-to-site VPN
clientless SSL VPN
IPsec (IKEv1) VPN
20. Which statement describes available user authentication methods when using an ASA 5505 device?
The ASA 5505 can use either a AAA server or a local database.*
The ASA 5505 only uses a AAA server for authentication.
The ASA 5505 only uses a local database for authentication.
The ASA 5505 must use both a AAA server and a local database.
21. Which remote-access VPN connection needs a bookmark list?
IPsec (IKEv1) VPN
IPsec (IKEv2) VPN
site-to-site VPN
clientless SSL VPN*
22. What occurs when a user logs out of the web portal on a clientless SSL VPN connection?
The browser cache is cleared.
Downloaded files are deleted.
The user no longer has access to the VPN.*
The web portal times out.
23. If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless VPN connection using a compliant web browser to download the client.*
The Cisco AnyConnect client is installed by default on most major operating systems.
The host initiates a clientless connection to an FTP server to download the client.
24. What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN establishment phase?
security optimization
host-based ACL installation
posture assessment*
quality of service security
25. Which item describes secure protocol support provided by Cisco AnyConnect?
neither SSL nor IPsec
SSL only
both SSL and IPsec*
IPsec only
26. What is the purpose of configuring an IP address pool to be used for client-based SSL VPN connections?
to assign addresses to the interfaces on the ASA
to identify which users are allowed to download the client image
to assign IP addresses to clients when they connect*
to identify which clients are allowed to connect
No comments:
Post a Comment