CCSP 642-524 SNAF Real Exam Questions
The Securing Networks with ASA Fundamentals exam is one of the exams associated with the CCSP, CCNP Security, Cisco ASA Specialist and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNAF course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco ASA Security Appliance product.
1: The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. The network administrator then fixed the problem. Now the administrator wants to return the primary to active status. Which command, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to active status?
A.failover primary active
B.no failover active
E.failover exec standby
Correct Answers: C
2: Which three statements about protocol inspection on the Cisco ASA adaptive security appliance are true? (Choose three.)
A.All inspections are enabled by default.
B.If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.
C.If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you must edit the default global policy; you cannot disable the default global policy and apply a new global policy.
D.For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
E.The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
F.If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Correct Answers: B E F
3: Multimedia applications can pose challenges to a firewall because they transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination. Which three statements accurately describe how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A.It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B.It supports multimedia without NAT only.
C.It supports multimedia with or without NAT.
D.It supports RTSP applications, including RealNetworks RDP multicast.
E.It supports RTSP, H.323, Skinny, and CTIQBE.
F.It supports SIP with NAT but not with PAT.
Correct Answers: A C E
4: Which two statements accurately describe the effects of this configuration? (Choose two.)
match access-list TOINSIDEHOST
match access-list TOOUTSIDEHOST
set connection conn-max 100
service-policy MYOTHERPOLICY interface inside
service-policy MYPOLICY interface outside
A.Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to maximum connection limits only.
B.Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection and connection limits.
C.Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
D.Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection.
E.Traffic that matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
F.Traffic that enters the security appliance through the inside interface is subject to HTTP inspection.
Correct Answers: C D
5: Why might you want to configure VLANs on a security appliance interface?
A.for use in transparent firewall mode, where only VLAN interfaces are used
B.for use in multiple context mode, where you can map only VLAN interfaces to contexts
C.to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances
D.for use in conjunction with device-level failover to increase the reliability of your security appliance
Correct Answers: C
6: Which command will provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
A.show run ipsec sa
B.show ipsec sa
C.show crypto map
D.show run crypto map
Correct Answers: D
7: Which three features are supported by the Cisco ASA adaptive security appliance? (Choose three.)
C.OSPF dynamic routing
D.BGP dynamic routing
E.IS-IS dynamic routing
Correct Answers: B C F
8: Which two statements accurately describe multiple context mode? (Choose two.)
A.Multiple context mode does not support IPS, IPsec, and SSL VPNs, or dynamic routing protocols.
B.Multiple context mode enables you to create multiple independent virtual firewalls with their own security policies and interfaces.
C.When you convert from single mode to multiple context mode, a context named "admin," from which you must create all other contexts, is automatically created.
D.When you convert from single mode to multiple mode, the original startup configuration is saved as old_startup.cfg in the root directory of the internal flash memory.
E.When you convert from single mode to multiple mode, the security appliance automatically adds an entry for the admin context to the system configuration with the name "admin."
F.Multiple context mode enables you to add to the security appliance a hardware module that supports up to four independent virtual firewalls.
Correct Answers: B E
9: Which three tasks are mandatory for creating and configuring a security context? (Choose three.)
A.allocating interfaces to the context
B.within the context configuration, enabling the interfaces assigned to the context
C.assigning resources to the context
D.creating a context name
E.assigning MAC addresses to context interfaces
F.specifying the location of the context startup configuration
Correct Answers: A D F
Download | Password: ciscobibles.com