Q21. Which two voice protocols can the Cisco ASA inspect? (Choose two.) 



C. Skype 


Answer: A,D 

Q22. Refer to the exhibit. 

Which two statements about the SNMP configuration are true? (Choose two.) 

A. The router's IP address is 

B. The SNMP server's IP address is 

C. Only the local SNMP engine is configured. 

D. Both the local and remote SNMP engines are configured. 

E. The router is connected to the SNMP server via port 162. 

Answer: B,D 

Q23. When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true? 

A. It is replaced by the Cisco AIP-SSM home page. 

B. It must reconnect to the NAT policies database. 

C. The administrator can manually update the page. 

D. It displays a new Intrusion Prevention panel. 


Q24. Which two TCP ports must be open on the Cisco Security Manager server to allow the server to communicate with the Cisco Security Manager client? (Choose two.) 

A. 1741 

B. 443 

C. 80 

D. 1740 

E. 8080 

Answer: A,B 

Q25. Which statement about Cisco ASA NetFlow v9 (NSEL) is true? 

A. NSEL events match all traffic classes in parallel 

B. NSEL is has a time interval locked at 20 seconds and is not user configurable 

C. NSEL tracks flow-create, flow-teardown, and flow-denied events and generates appropriate NSEL data records 

D. You cannot disable syslog messages that have become redundant because of NSEL 

E. NSEL tracks the flow continuously and provides updates every 10 second 

F. NSEL provides stateless IP flow tracking that exports all record od a specific flow 



http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/monitor _nsel. Html 

Q26. A network administrator is creating an ASA-CX administrative user account with the following parameters: 

The user will be responsible for configuring security policies on network devices. 

The user needs read-write access to policies. 

The account has no more rights than necessary for the job. 

What role will the administrator assign to the user? 

A. Administrator 

B. Security administrator 

C. System administrator 

D. Root Administrator 

E. Exec administrator 


Q27. Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection 


Q28. What are three ways to add devices in Cisco Prime Infrastruture? ( Choose three ) 

A. Use Cisco Security manager 

B. Use Radius 

C. Import devices from a CSV file 

D. Add devices manually 

E. Use an automated process 

F. Use the Access Control Server 

Answer: C,D,E 

Q29. What are three attributes that can be applied to a user account with RBAC? (Choose three.) 

A. domain 

B. password 

C. ACE tag 

D. user roles 

E. VDC group tag 

F. expiry date 

Answer: B,D,F 

Q30. Refer to the exhibit. What is the effect of this configuration? 

A. The firewall will inspect IP traffic only between networks and 

B. The firewall will inspect all IP traffic except traffic to and 

C. The firewall will inspect traffic only if it is defined within a standard ACL. 

D. The firewall will inspect all IP traffic.