1. Which two statements are true about ASA standard ACLs? (Choose two.)
- They identify only the destination IP address.
- They are the most common type of ACL.
- They are applied to interfaces to control traffic.
- They specify both the source and destination MAC address.
- They are typically only used for OSPF routes.
2. When dynamic NAT on an ASA is being configured, what two parameters must be specified by network objects? (Choose two.)
- the inside NAT interface
- the interface security level
- the outside NAT interface
- a range of private addresses that will be translated
- the pool of public global addresses
3. Which command is used on an ASA to enable password encryption and encrypt all user passwords?
- service password-encryption
- key config-key password-encryption [ new-pass [ old-pass ]]
- enable password password
- password encryption aes
4. Which type of NAT would be used on an ASA where 10.0.1.0/24 inside addresses are to be translated only if traffic from these addresses is destined for the 198.133.219.0/24 network?
- policy NAT
- dynamic NAT
- static NAT
- dynamic PAT
5. A network administrator has deployed object groups in order to make ACLs easier to implement and understand. Which two objects would be part of a service object group? (Choose two.)
- top-level protocol
- subnet
- ICMP type
- hostname
- IP address
6. What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?
- ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny ACEs.
- ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask.
- Multiple ASA ACLs can be applied on an interface in the ingress direction, whereas only one IOS ACL can be applied.
- ASA ACLs are always named, whereas IOS ACLs are always numbered.
- ASA ACLs do not have an implicit deny any at the end, whereas IOS ACLs do.
7. Which object or object group is required to implement NAT on an ASA 5506-X device?
- network object
- protocol object group
- service object
- network object group
8. Which statement describes a feature of AAA in an ASA device?
- Authorization is enabled by default.
- Accounting can be used alone.
- Both authorization and accounting require a user to be authenticated first.
- If authorization is disabled, all authenticated users will have a very limited access to the commands.
9. What type of ACL is designed for use in the configuration of an ASA to support filtering for clientless SSL VPNs?
- Standard
- Webtype
- EtherType
- Extended
10. A network technician is attempting to resolve problems with the NAT configuration on an ASA. The technician generates a ping from an inside host to an outside host. Which command verifies that addresses are being translated on the ASA?
- show ip address
- show xlate
- show running-config
- show ip nat translation
11. Which two types of objects can be configured on an ASA device? (Choose two.)
- protocol
- ICMP-type
- security
- network
- user
- service
12. Which option lists the four steps to configure the Modular Policy Framework on an ASA?
- 1) Configure extended ACLS to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a policy map to apply actions to the identified traffic.
4) Configure a service policy to identify which interface should be activated for the service. - 1) Configure a policy map to apply actions to the identified traffic.
2) Configure a service policy to identify which interface should be activated for the service.
3) Configure extended ACLS to identify specific granular traffic. This step may be optional.
4) Configure the class map to define interesting traffic. - 1) Configure extended ACLS to identify specific granular traffic. This step may be optional.
2) Configure the class map to define interesting traffic.
3) Configure a service policy to identify which interface should be activated for the service.
4) Configure a policy map to apply actions to the identified traffic. - 1) Configure a service policy to identify which interface should be activated for the service.
2) Configure extended ACLS to identify specific granular traffic. This step may be optional.
3) Configure the class map to define interesting traffic.
4) Configure a policy map to apply actions to the identified traffic.
13. Which statement is true about ASA CLI and IOS CLI commands?
- Only the ASA CLI requires the use of Ctrl-C to interrupt show commands.
- The ASA CLI does not recognize the write erase command, but the IOS CLI does.
- The show ip interface brief command is valid for both CLIs.
- Both CLIs recognize the Tab key to complete a partial command.