CCNP Security Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 (300-206)

Page:    1 / 24   
Total 362 questions

Which URL matches the regex statement "http"*/"www.cisco.com/"*[^E]"xe"?

  • A. https://www.cisco.com/ftp/ios/tftpserver.exe
  • B. https://cisco.com/ftp/ios/tftpserver.exe
  • C. http:/www.cisco.com/ftp/ios/tftpserver.Exe
  • D. https:/www.cisco.com/ftp/ios/tftpserver.EXE


Answer : A

Which two statements about Cisco IOS Firewall are true? (Choose two.)

  • A. It provides stateful packet inspection.
  • B. It provides faster processing of packets than Cisco ASA devices provide.
  • C. It provides protocol-conformance checks against traffic.
  • D. It eliminates the need to secure routers and switches throughout the network.
  • E. It eliminates the need to secure host machines throughout the network.


Answer : AC

Which two VPN types can you monitor and control with Cisco Prime Security Manager? (Choose two.)

  • A. AnyConnect SSL
  • B. site-to-site
  • C. clientless SSL
  • D. IPsec remote-access


Answer : AD

Reference:
http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1.pdf

What are three attributes that can be applied to a user account with RBAC? (Choose three.)

  • A. domain
  • B. password
  • C. ACE tag
  • D. user roles
  • E. VDC group tag
  • F. expiry date


Answer : BDF

If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified?

  • A. admin (the default administrator account)
  • B. casuser (the default service account)
  • C. guest (the default guest account)
  • D. user (the default user account)


Answer : B

Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

  • A. a DES or 3DES license
  • B. a NAT policy server
  • C. a SQL database
  • D. a Kerberos key
  • E. a digital certificate


Answer : A

Which command configures the SNMP server group1 to enable authentication for members of the access list east?

  • A. snmp-server group group1 v3 auth access east
  • B. snmp-server group1 v3 auth access east
  • C. snmp-server group group1 v3 east
  • D. snmp-server group1 v3 east access


Answer : A

SIMULATION -






Answer : Please check the steps in explanation part below

Explanation:
1) Click on Service Policy Rules, then Edit the default inspection rule.
2) Click on Rule Actions, then enable HTTP as shown here:


3) Click on Configure, then add as shown here:

4) Create the new map in ASDM like shown:

5) Edit the policy as shown:

6) Hit OK




Which statement about how the Cisco ASA supports SNMP is true?

  • A. All SNMFV3 traffic on the inside interface will be denied by the global ACL
  • B. The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c, and 3, but do not support the use of all three versions simultaneously.
  • C. The Cisco ASA and ASASM have an SNMP agent that notifies designated management, stations if events occur that are predefined to require a notification, for example, when a link in the network goes up or down.
  • D. SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default.
  • E. SNMPv3 is more secure because it uses SSH as the transport mechanism.


Answer : C

This can be verified by this ASDM screen shot:





SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, and AES (which is available in
128,192, and 256 versions). When you create a user, with which option must you associate it?

  • A. an SNMP group
  • B. at least one interface
  • C. the SNMP inspection in the global_policy
  • D. at least two interfaces


Answer : A

This can be verified via the ASDM screen shot shown here:





An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address?

  • A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address
  • B. a username, because traps are only sent to a configured user
  • C. SSH, so the user can connect to the Cisco ASA
  • D. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic.


Answer : B

The username can be seen here on the ASDM simulator screen shot:


Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?

  • A. MACsec
  • B. Flex VPN
  • C. Control Plane Protection
  • D. Dynamic Arp Inspection


Answer : A

On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?

  • A. object-group
  • B. network group-object
  • C. object-group network
  • D. group-object


Answer : D

Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports?

  • A. complex threat detection
  • B. scanning threat detection
  • C. basic threat detection
  • D. advanced threat detection


Answer : B

What is the default behavior of an access list on a Cisco ASA?

  • A. It will permit or deny traffic based on the access list criteria.
  • B. It will permit or deny all traffic on a specified interface.
  • C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
  • D. It will allow all traffic.


Answer : C

Page:    1 / 24   
Total 362 questions