Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com
QUESTION 1
Which two statements correctly describe configuring active active failover? (Choose two.)
A. You must assign contexts to failover groups from the admin context.
B. Both units must be in multiple mode.
C. You must configure two failover groups group 1 and group 2.
D. You must use a crossover cable to connect the failover links on the two failover peers.
Answer: B,C
QUESTION 2
Observe the following exhibit carefully. When TCP connections are tunneled over another TCP
connection and latency exists between the two endpoints, each TCP session would trigger a
retransmission, which can quickly spiral out of control when the latency issues persist. This issue
is often called TCP-over-TCP meltdown. According to the presented Cisco ASDM configuration,
which Cisco ASA security appliance configuration will most likely solve this problem?
A. Compression
B. MTU size of 500
C. Keepalive Messages
D. Datagram TLS
Answer: D
QUESTION 3
The IT department of your company must perform a custom-built TCP application within the
clientless SSL VPN portal configured on your Cisco ASA security appliance. The application
should be run by users who have either guest or normal user mode privileges. In order to allow
this application to run, how to configure the clientless SSL VPN portal?
A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application
Answer: A
QUESTION 4
According to the following exhibit. When a host on the inside network attempted an HTTP
connection to a host at IP address 172.26.10.100, which address pool will be used by the Cisco
ASA security appliance for the NAT?
A. 192.168.8.101 – 192.168.8.105
B. 192.168.8.20 – 192.168.8.100
C. 192.168.8.106 – 192.168.8.110
D. 192.168.8.20 – 192.168.8.110
Answer: B
QUESTION 5
Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance
with a connection profile and group policy for full network access SSL VPNs. During a test of the
configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of
troubleshooting, you determine to make configuration changes. According to the provided Cisco
ASDM configuration, which configuration change will you begin with?
A. Require a client certificate on the interface.
B. Enable an SSL VPN client type on the interface.
C. Enable DTLS on the interface.
D. Enable a different access port that doesn’t conflict with Cisco ASDM.
Answer: B
QUESTION 6
You are the network security administrator for the CKD company. You create an FTP inspection
policy including the strict option, and it is applied to the outside interface of the corporate adaptive
security appliance. How to handle FTP on the security appliance after this policy is applied?
(Choose three.)
A. FTP inspection is applied to traffic entering the inside interface.
B. Strict FTP inspection is applied to traffic entering the outside interface.
C. FTP inspection is applied to traffic exiting the inside interface.
D. Strict FTP inspection is applied to traffic exiting the outside interface.
Answer: A,B,D
QUESTION 7
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security
appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated
ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you
must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is notenabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you
want to globally disable inspection for a protocol, you can edit the default global policy.
Answer: A,C,D
QUESTION 8
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used
with a standard Web browser. After configuring port forwarding for a clientless SSL VPN
connection, if port forwarding is to work, which end user privilege level is required at the endpoint?
A. system level
B. guest level
C. user level
D. administrator level
Answer: D
QUESTION 9
Which two methods can be used to decrease the amount of time it takes for an active Cisco ASA
adaptive security appliance to fail over to its standby failover peer in an activeactive failover
configuration? (Choose two.)
A. decrease the interface failover poll time
B. decrease the unit failover poll time
C. use the special serial failover cable to connect the security appliances
D. use single mode
Answer: A,B
QUESTION 10
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic
ports, and use the same port for source and destination, so they can pose challenges to a firewall.
Which three items are true about how the Cisco ASA adaptive security appliance handles
multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not
need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A,C,D
Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com