Q111. Refer to the exhibit. 

Which two statements about this firewall output are true? (Choose two.) 

A. The output is from a packet tracer debug. 

B. All packets are allowed to 192.168.1.0 255.255.0.0. 

C. All packets are allowed to 192.168.1.0 255.255.255.0. 

D. All packets are denied. 

E. The output is from a debug all command. 

Answer: A,C 


Q112. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ? 

A. TCP sessions 

B. DHCP lease 

C. NAT translations 

D. Routing tables 

Answer:


Q113. What is the default behavior of NAT control on Cisco ASA Software Version 8.3? 

A. NAT control has been deprecated on Cisco ASA Software Version 8.3. 

B. It will prevent traffic from traversing from one enclave to the next without proper access configuration. 

C. It will allow traffic to traverse from one enclave to the next without proper access configuration. 

D. It will deny all traffic. 

Answer:


Q114. You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context? 

A. Interfaces may not be shared between contexts in routed mode. 

B. Configure a unique MAC address per context with the no mac-address auto command. 

C. Configure a unique MAC address per context with the mac-address auto command. 

D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context. 

Answer:


Q115. Which command configures the SNMP server group1 to enable authentication for members of the access list east? 

A. snmp-server group group1 v3 auth access east 

B. snmp-server group1 v3 auth access east 

C. snmp-server group group1 v3 east 

D. snmp-server group1 v3 east access 

Answer:


Q116. Refer to the exhibit. 

Which statement about this access list is true? 

A. This access list does not work without 6to4 NAT 

B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default 

C. This access list is valid and works without additional configuration 

D. This access list is not valid and does not work at all 

E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic 

Answer:


Q117. Which four are IPv6 First Hop Security technologies? (Choose four.) 

A. Send 

B. Dynamic ARP Inspection 

C. Router Advertisement Guard 

D. Neighbor Discovery Inspection 

E. Traffic Storm Control 

F. Port Security 

G. DHCPv6 Guard 

Answer: A,C,D,G 


Q118. When configuring a new context on a Cisco ASA device, which command creates a domain for the context? 

A. domain config name 

B. domain-name 

C. changeto/domain name change 

D. domain context 2 

Answer:


Q119. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces? 

A. ASA 5505 with failover license option 

B. ASA 5510 Security+ license option 

C. ASA 5520 with any license option 

D. ASA 5540 with AnyConnect Essentials License option 

Answer:


Q120. Which three options describe how SNMPv3 traps can be securely configured to be sent by 

IOS? (Choose three.) 

A. An SNMPv3 group is defined to configure the read and write views of the group. 

B. An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials. 

C. An SNMPv3 host is configured to define where the SNMPv3 traps will be sent. 

D. An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps. 

E. An SNMPv3 view is defined to configure the address of where the traps will be sent. 

F. An SNMPv3 group is used to configure the OIDs that will be reported. 

Answer: A,B,C