642-524 - SNAF Securing Networks with ASA Foundation
Go back to
What is the result of disabling ESMTP inspection?
All SMTP commands are allowed through the security appliance, and potential mail server vulnerabilities are exposeD.
Why might you want to configure VLANs on a security appliance interface?
to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances
Which list contains the correct steps for upgrading the license (activation key) for your security appliance from Cisco ASDM?
Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears in the show version command output. Step 2 Reboot the security appliance to ensure that the image in flash and the running image are the samE. Step 3 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with one space between each element. Step 4 Click Update Activation Key in the Activation Key panel. Step 5 Reload the security appliance to activate the flash activation key.
What is the purpose of the redundant interface feature of the security appliance?
to increase the reliability of your security appliance
Which event triggers failover at the failover group level in an active/active failover configuration?
The no failover active group group_id command is entered in the system configuration.
The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activateD. The network administrator then fixed the problem. Now the administrator wants to return the primary to active status. Which command, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to active status?
The network security administrator for XYZ Corporation wants to adjust the default DoS drop rate thresholds for basic threat detection so that logs are triggered properly for the XYZ Corporation network environment. This will give the administrator more accurate information about the possibility of a DoS attack. How can the administrator set the following values? --Rate interval: 600 sec --Average rate: 50 drops per sec --Burst rate: 100 drops per sec
Enter this command at the security appliance CLI: threat-detection rate dos-drop rate-interval 600 average-rate 50 burst-rate 100.
Which command will provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
show run crypto map
The network administrator for XYZ Corporation configured a site-to-site VPN by using the IPsec VPN Wizard in Cisco ASDM. Now the administrator wants to modify the crypto ACL to specify different protected traffiC. Where would the administrator go in CIsco ASDM to accomplish this task?
Configuration > Site-to-Site VPN > Connection Profiles
With an adaptive security appliance code of version 7.0 or later, which two requirements must be met for active/standby failover to work? (Choose two.)
The number and types of interfaces on the failover peers must be identical.
The failover peers must have the same amount of flash memory.
The network security administrator for XYZ Corporation used Cisco ASDM to configure active/standby failover between two Cisco ASA adaptive security appliances at corporate headquarters. The administrator used the Cisco ASDM High Availability and Scalability Wizard and feels confident that the configuration is correct on both security appliances. However, the show failover command output shows that one interface remains constantly in the waiting state and never normalizes. Which two troubleshooting steps should the administrator take?(Choose two.)
Verify that the line and protocol of the interface are up on the primary and secondary security appliance interfaces.
Verify that PortFast is enabled on any switch port that connects to the security appliances.