Implementing Cisco Network Security
Question No: 1
Which feature allows a dynamic PAT pool to select the next address in the PAT pool instead of the next port of an existing address?
NAT address rotation
Question No: 2
What VPN feature allows traffic to exit the security appliance through the same interface it entered?
Question No: 3
Which three statements about Cisco host-based IPS solutions are true? (Choose three.)
It can view encrypted files.
It can have more restrictive policies than network-based IPS.
It can generate alerts based on behavior at the desktop level.
It can be deployed at the perimeter.
It uses signature-based policies.
It works with deployed firewalls.
Question No: 4
The command debug crypto isakmp results in ?
A. Troubleshooting ISAKMP (Phase 1) negotiation problems
Question No: 5
With which preprocesor do you detect incomplete TCP handshakes
rate based prevention
Question No: 6
What IPSec mode is used to encrypt traffic between a server and VPN endpoint?
Question No: 7 CORRECT TEXT
Given the new additional connectivity requirements and the topology diagram, use ASDM to accomplish the required ASA configurations to meet the requirements.
New additional connectivity requirements:
Once the correct ASA configurations have been configured:
To access ASDM, click the ASA icon in the topology diagram.
To access the Firefox Browser on the Outside PC, click the Outside PC icon in the topology diagram.
To access the Command prompt on the Inside PC, click the Inside PC icon in the topology diagram.
After you make the configuration changes in ASDM, remember to click Apply to apply the configuration changes.
Not all ASDM screens are enabled in this simulation, if some screen is not enabled, try to use different methods to configure the ASA to meet the requirements.
In this simulation, some of the ASDM screens may not look and function exactly like the real ASDM.
Answer: Follow the explanation part to get answer on this sim question.
First, for the HTTP access we need to creat a NAT object. Here I called it HTTP but it can be given any name.
Then, create the firewall rules to allow the HTTP access:
You can verify using the outside PC to HTTP into 126.96.36.199.
For step two, to be able to ping hosts on the outside, we edit the last service policy shown below:
And then check the ICMP box only as shown below, then hit Apply.
After that is done, we can pingwww.cisco.comagain to verify:
Question No: 8
which port should (or would) be open if VPN NAT-T was enabled
port 500 outside interface
port 4500 outside interface
port 4500 ipsec
Question No: 9
What is an advantage of implementing a Trusted Platform Module for disk encryption?
It provides hardware authentication.
It allows the hard disk to be transferred to another device without requiring re- encryption.dis
It supports a more complex encryption algorithm than other disk-encryption technologies.
It can protect against single points of failure.
Question No: 10
What encryption technology has broadest platform support
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|