Ensurepass

 

QUESTION 111

What type of attack consists of injecting traffic that is marked with the DSCP value of EF into the network?

 

A.        brute-force attack

B.        QoS marking attack

C.        DHCP starvation attack

D.        SYN flood attack

 

Answer: B

 

 

QUESTION 112

Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?

 

A.        The global access list is matched first before the interface access lists.

B.        Both the interface and global access lists can be applied in the input or output direction.

C.        When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing “global” as the interface will apply the access list entry globally.

D.        NAT control is enabled by default.

E.         The static CLI command is used to configure static NAT translation rules.

Answer: A

 

 

QUESTION 113

Which three multicast features are supported on the Cisco ASA? (Choose three.)

 

A.        PIM sparse mode

B.        IGMP forwarding

C.        Auto-RP

D.        NAT of multicast traffic

 

Answer: ABD

 

 

QUESTION 114

Which three configuration tasks are required for VPN clustering of AnyConnect clients that are connecting to an FQDN on the Cisco ASA? (Choose three.)

 

A.        The redirect-fqdn command must be entered under the vpn load-balancing sub-configuration.

B.        Each ASA in the VPN cluster must be able to resolve the IP of all DNS hostnames that are used in the cluster.

C.        The identification and CA certificates for the master FQDN hostname must be imported into each VPN cluster-member device.

D.        The remote-access IP pools must be configured the same on each VPN cluster-member interface.

 

Answer: ABC

 

 

QUESTION 115

Which three statements are true about objects and object groups on a Cisco ASA appliance that is running Software Version 8.4 or later? (Choose three.)

 

A.        TCP, UDP, ICMP, and ICMPv6 are supported service object protocol types.

B.        IPv6 object nesting is supported.

C.        Network objects support IPv4 and IPv6 addresses.

D.       Objects are not supported in transparent mode.

E.        Objects are supported in single- and multiple-context firewall modes.

 

Answer: ACE

 

 

QUESTION 116

policy-map type inspect ipv6 IPv6-map

match header routing-type range 0 255

drop

class-map outside-class

match any

policy-map outside-policy

class outside-class

inspect ipv6 IPv6-map

service-policy outside-policy interface outside

 

Refer to the exhibit. Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?

 

 

A.        policy-map type inspect ipv6 IPv6-map

match ipv6 header

count > 3

 

B.        policy-map outside-policy

class outside-class

inspect ipv6 header count gt 3

C.        class-map outside-class

match ipv6 header count greater 3

 

D.       policy-map type inspect ipv6 IPv6-map

match header count gt 3

drop

 

Answer: D

 

 

QUESTION 117

Which command is used to replicate HTTP connections from the Active to the Standby Cisco ASA appliance in failover?

 

A.        monitor-interface http

B.        failover link fover replicate http

C.        failover replication http

D.       interface fover replicate http standby

E.        No command is needed, as this is the default behavior.

 

Answer: C

 

 

QUESTION 118

Which C3PL configuration component is used to tune the inspection timers such as setting the tcp idle-time and tcp synwait-time on the Cisco ZBFW?

 

A.        class-map type inspect

B.        parameter-map type inspect

C.        service-policy type inspect

D.       policy-map type inspect tcp

E.        inspect-map type tcp

 

Answer: B

 

 

QUESTION 119

Which three NAT types support bidirectional traffic initiation? (Choose three.)

 

A.        static NAT

B.        NAT exemption

C.        policy NAT with nat/global

D.       static PAT

E.        identity NAT

 

Answer: ABD

 

 

QUESTION 120

Which IPS module can be installed on the Cisco ASA 5520 appliance?

 

A.  IPS-AIM

B.  AIP-SSM

C.  AIP-SSC

D.  NME-IPS-K9

E.  IDSM-2

 

Answer: B

 

DownloadLatest 2013 350-018 Pass4sure Free Tests , help you to pass exam 100%.