CCNP Security Implementing Cisco Threat Control Solutions v1.0 (300-210)

Page:    1 / 31   
Total 451 questions

Which two methods are used to deploy transparent mode traffic redirection? (Choose two.)

  • A. Microsoft GPO
  • B. policy-based routing
  • C. DHCP server
  • D. PAC files
  • E. Web Cache Communication Protocol


Answer : BE

When deploying Cisco FirePOWER appliances, which option must you configure to enable VLAN rewriting?

  • A. hybrid interfaces
  • B. virtual switch
  • C. virtual router
  • D. inline set


Answer : B

Which policy must you edit to make changes to the Snort preprocessors?

  • A. access control policy
  • B. network discovery policy
  • C. intrusion policy
  • D. file policy
  • E. network analysis policy


Answer : E

Which three access control actions permit traffic to pass through the device when using Cisco FirePOWER? (Choose three)

  • A. pass
  • B. trust
  • C. monitor
  • D. allow
  • E. permit
  • F. inspect


Answer : BCD

Reference:
https://www.network-node.com/blog/2016/8/12/firepower-basic-setup

Which two TCP ports can allow the Cisco Firepower Management Center to communicate with FireAMP cloud for the disposition information? (Choose two.)

  • A. 8080
  • B. 22
  • C. 8305
  • D. 32137
  • E. 443


Answer : DE

When creating an SSL policy on Cisco FirePOWER, which three options do you have for Default Action? (Choose three.)

  • A. do not decrypt
  • B. trust
  • C. allow
  • D. block with reset
  • E. block
  • F. encrypt


Answer : ADE

Which command establishes a virtual console session to a CX module within a Cisco Adaptive Security Appliance?

  • A. session 1 ip address
  • B. session 2 ip address
  • C. session 1
  • D. session ips console
  • E. session cxsc xonsole


Answer : E

What is the default CX Management 0/0 IP address on a Cisco ASA 5512-X appliance?

  • A. 192.168.1.1
  • B. 192.168.1.2
  • C. 192.168.1.3
  • D. 192.168.1.4
  • E. 192.168.1.5
  • F. 192.168.8.8


Answer : F

An ASA with an IPS module must be configured to drop traffic matching IPS signatures and block all traffic if the module fails. Which describes the correct configuration?

  • A. Inline Mode, Permit Traffic
  • B. Inline Mode, Close Traffic
  • C. Promiscuous Mode, Permit Traffic
  • D. Promiscuous Mode, Close Traffic


Answer : B

A new Cisco IPS device has been placed on the network without prior analysis. Which CLI command shows the most fired signature?

  • A. Show statistics virtual-sensor
  • B. Show event alert
  • C. Show alert
  • D. Show version


Answer : A

What CLI command configures IP-based access to restrict GUI and CLI access to a Cisco Email Security appliance’s administrative interface?

  • A. adminaccessconfig
  • B. sshconfig
  • C. sslconfig
  • D. ipaccessconfig


Answer : A

When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or PAT, which type of VPN tunneling should be used to allow the
VPN traffic through the stateful firewall?

  • A. clientless SSL VPN
  • B. IPsec over TCP
  • C. Smart Tunnel
  • D. SSL VPN plug-ins


Answer : B

Upon receiving a digital certificate, what are three steps that a Cisco ASA will perform to authenticate the digital certificate? (Choose three.)

  • A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
  • B. Identity certificates are exchanged during IPsec negotiations.
  • C. The identity certificate signature is validated by using the stored root certificate.
  • D. The signature is validated by suing the stored identity certificate.
  • E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.


Answer : ACE

To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have which two Cisco ASA licenses enabled on its security appliance?
(Choose two.)

  • A. Cisco AnyConnect Premium license
  • B. Cisco AnyConnect Essentials license
  • C. Cisco AnyConnect Mobile license
  • D. Host Scan license
  • E. Advanced Endpoint Assessment license
  • F. Cisco Security Agent license


Answer : AE

After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the
IPsec policy parameters in Cisco ASDM?

  • A. IPsec user profile
  • B. Crypto Map
  • C. Group Policy
  • D. IPsec policy
  • E. IKE policy


Answer : D

Page:    1 / 31   
Total 451 questions