Q91. An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address? 

A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address 

B. a username, because traps are only sent to a configured user 

C. SSH, so the user can connect to the Cisco ASA 

D. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic. 


Explanation: The username can be seen here on the ASDM simulator screen shot: 

Q92. If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified? 

A. admin (the default administrator account) 

B. casuser (the default service account) 

C. guest (the default guest account) 

D. user (the default user account) 


Q93. Which two statements about Cisco IDS are true? (Choose two.) 

A. It is preferred for detection-only deployment. 

B. It is used for installations that require strong network-based protection and that include sensor tuning. 

C. It is used to boost sensor sensitivity at the expense of false positives. 

D. It is used to monitor critical systems and to avoid false positives that block traffic. 

E. It is used primarily to inspect egress traffic, to filter outgoing threats. 

Answer: A,D 

Q94. Which command enables the HTTP server daemon for Cisco ASDM access? 

A. http server enable 

B. http server enable 443 

C. crypto key generate rsa modulus 1024 

D. no http server enable 


Q95. Which two parameters must be configured before you enable SCP on a router? (Choose two.) 


B. authorization 

C. ACLs 



Answer: A,B 

Q96. Which configuration keyword will configure SNMPv3 with authentication but no encryption? 

A. Auth 

B. Priv 

C. No auth 

D. Auth priv 


Q97. In which two modes is zone-based firewall high availability available? (Choose two.) 

A. IPv4 only 

B. IPv6 only 

C. IPv4 and IPv6 

D. routed mode only 

E. transparent mode only 

F. both transparent and routed modes 

Answer: C,D 

Q98. A Cisco ASA is configured in multiple context mode and has two user-defined contexts—Context_A and Context_B. From which context are device logging messages sent? 

A. Admin 

B. Context_A 

C. Context_B 

D. System 


Q99. To which port does a firewall send secure logging messages? 

A. TCP/1500 

B. UDP/1500 

C. TCP/500 

D. UDP/500 


Q100. What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces? 

A. 1024 bytes 

B. 1518 bytes 

C. 2156 bytes 

D. 9216 bytes