642-617 - Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)
Go back to Cisco
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
unique interface MAC address
unique global mapped IP addresses
A Cisco ASA requires an additional feature license to enable which feature?
botnet traffic filtering
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
logging trap debugging
logging message 711001 level 7
Which statement about the default ACL logging behavior of the Cisco ASA is true?
The Cisco ASA generates system message 106023 for each denied packet when a deny ACE is configured
By default, how does the Cisco ASA authenticate itself to the Cisco ASDM users?
The Cisco ASA automatically creates a self-signed X.509 certificate on each reboot to authenticate itself to the administrator.
Which statement about the Cisco ASA 5505 configuration is true?
With the default factory configuration, Cisco ASDM access is not enabled.
With Cisco ASA active/active or active/standby stateful failover, which state information or table is not passed between the active and standby Cisco ASA by default?
HTTP connection table
A Cisco ASA is operating in transparent firewall mode, but the MAC address table of the Cisco ASA is always empty, which causes connectivity issues. What should you verify to troubleshoot this issue?
if MAC learning has been disabled
By default, which access rule is applied inbound to the inside interface?
All IP traffic sourced from any source to any less secure network destinations is permitted.
Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)
With active/active failover, failover link troubleshooting should be done in the system execution space.
With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.
When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?
if NAT is configured
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
Decrease the defaultunitfailover polltime to 300 msec and the unitfailover holdtime to 900 msec
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
HTTP flows statefully inspected using TCP stateful inspection.
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are "platform specific" to the Cisco ASA 5505? (Choose two.)
internal user licenses
Security Plus license
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
using thesession 1 command on the Cisco ASA CLI
In which type of environment is the Cisco ASA MPF set connection advanced-options tcp-statebypass option the most useful?
asymmetric traffic flow
Which three statements about traffic shaping capability on the Cisco ASA are true? (Choose three.)
Traffic shaping can be applied to all outgoing traffic on a physical interface or in the case of the Cisco ASA 5505, on a VLAN
Traffic shaping can cause jitter and delay.
Traffic shaping is not supported on the Cisco ASA 5580.
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
Verify the interface status in the system execution space.
Verify the interface status in the user context.
Which feature is not supported on the Cisco ASA 5505 with the Security Plus license? O A. security contexts
stateless active/standby failover
Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
Change the default metric (admin distance) from 1 to some other value.
Enable route tracking.
Specify the static route as the default tunnel gateway for VPN traffic.
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
inside the Layer 3-4 policy map
Which Cisco ASA show command groups the xiates and connections information together in its output?
When troubleshooting a Cisco ASA (running 8.2.2) that is operating in transparent firewall mode, what should you verify to ensure proper operation?
The Cisco ASA global IP address belongs to the same subnet as the directly connected interfaces.
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
The IP address configuration on the logical redundant interface is correct.