1. What is a characteristic of ASA security levels?
- An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level.
- Each operational interface must have a name and be assigned a security level from 0 to 200.
- Inbound traffic is identified as the traffic moving from an interface with a higher security level to an interface with a lower security level.
- The lower the security level on an interface, the more trusted the interface.
2. What are the two biggest differences among various ASA firewall models. (Choose two.)
- in the VPN functionality
- in the operating system version support
- in the maximum traffic throughput supported
- in the configuration method using either CLI or ASDM
- in the number and types of interfaces
3. Which statement describes the Cisco ASAv product?
- It is a Cisco ASA feature added on a Cisco router.
- It is a cloud-based Cisco ASA firewall product.
- It is a Cisco FirePOWER service that can be added on a Cisco router.
- It is a virtual machine version of Cisco ASA product.
4. What two features must match between ASA devices to implement a failover configuration? (Choose two.)
- device model
- software configuration
- source IP address
- amount of RAM
- next-hop destination
5. Which feature is specific to the Security Plus upgrade license of an ASA and provides increased availability?
- routed mode
- transparent mode
- redundant ISP connections
- stateful packet inspection
6. What is the most trustworthy security level that can be configured on an ASA device interface?
- 100
- 255
- 50
- 0
7. Which two statements describe the 8 Gigabit Ethernet ports in the backplane of a Cisco ASA 5506-X device? (Choose two.)
- They are all routed ports.
- Three of them are routed ports and 5 of them are switch ports.
- Port 1 is a routed port and the rest are switch ports.
- They all can be configured as routed ports or switch ports.
- These ports all require IP addresses.
8. Which advanced ASA Firewall feature provides granular access control based on an association of IP addresses to Windows Active Directory login information?
- ASA virtualization
- high availability with failover
- threat control and containment services
- identity firewall
9. What are two basic configuration requirements for each operational interface on an ASA 5506-X device? (Choose two.)
- a name
- an encryption key
- an ACL assignment
- a security level
- a VLAN assignment
10. What is one of the drawbacks to using transparent mode operation on an ASA device?
- no support for IP addressing
- no support for QoS
- no support for management
- no support for using an ASA as a Layer 2 switch
11. Which service is added to the Cisco ASA 5500 by the ASA 5500-X?
- threat control and containment services
- ASA virtualization
- FirePOWER service
- high availability with failover
12. Which statement describes the default network access control on an ASA firewall device?
- Inbound traffic from the DMZ network to the inside network is allowed.
- Inbound traffic from the outside network to the DMZ network is allowed.
- Returning traffic from the outside network to the inside network is allowed.
- Outbound traffic from the inside network to the outside network is allowed without inspection.