Syslog Hotspot

• The Cisco ASA is not configured to log messages to the syslog server at that IP
address.
• New connections through the ASA will be allowed and informational system logs
will be sent to the internal.
• System log messages with a severity level of six and lower will be logged to the
internal buffer.

Which command in ASA allows ASDM connection from client PC over https with the Local AAA user
database?
A. aaa authentication enable console LOCAL
B. aaa authentication http console LOCAL
C. aaa authentication ssh console LOCAL
D. aaa authentication Telnet console LOCAL

2. When MACSec is enabled on a device which traffic types are unencrypted - choose 2
A. CDP
B. DHCP offer
C. DHCP Discovery
D. EAPOL-Start
E. EAPOL-Stop

3.What statements are true about IPv4 and IPv6 addresses on the ASA , which options are true-
Something like this (choose 2) - (Something like this)
A. IPv4 and IPv6 IPs can be included in the same ACL
B. IPv4 and IPv6 IPs cannot be included in the same ACL
C. IPv4 and IPv6 IPs can be added in the same Object group
D. IPv4 and IPv6 IPs cannot be added in the same Object group

4. Http traffic has been configured to connect through the ASA on port 1521. When web inspection
has been enabled with the default web policy, which inspection policy will be applied?
A. HTTP
B. HTTPS
C. IPX
D. SQL*net

5. What feature needs to be enabled along with Dynamic ARP inspection?

A. DHCP Snooping
B. IP source gaurd
C. CDP
D. ....

6. What option needs to be used to enable Authentication and Encryption in SNMPv3

A. Encry
B. Auth
C. Priv
D. ....

7. ACL config exibit:

-Shows an ACL called OUTSIDE-IN controlling whether IPSEC connections are allowed
-ACL has permits on it to allow IPSEC connections to and from an inside network address of
10.10.10.x to an outside IP of 198.x.x.x along with some explicit denies
-Shows the ACL being applied to the outside interface using something like:

access-group OUTSIDE-IN in interface outside control-plane

Which direction is traffic inspected on the interface

A. Controling IP traffic from the outside interface
B. Controling IPsec traffic from the outside interface
C. Controling IP traffic to the outside interface
D. Controling IPsec traffic to the outside interface

8. You need to group similar VMs together to classify traffic on the cisco ASA 1000V. Which
command would you use
A. network-port
B. network-profile
C. security-port
D. security-profile

9. Which are the most secure authentication and encryption options (choose two)
A. DES
B. 3DES
C. AES
D. MD5
E. SHA

10. You are using Cisco Security Manager to manage your infrastructure. What protocol is used by
the Cisco Security Manager client to connect to the ASA?
A. FTP
B. Telnet
C. SSH
D. HTTPS

Syslog Hotspot here I answered like this and my score was 100 in troubleshoot topic so i was
right:
Syslog
The Cisco ASA is not configured to log messages to the syslog server at that IP
address.
New connections through the ASA will be allowed and informational system logs
will be sent to the internal.
System log messages with a severity level of six and lower will be logged to the
internal buffer.

-SNMP hotspot was not

-Question about capture or packet tracer which command can be used to confirm or deny if
the ASA is responsible for this issue?
 Right Answer is Packet Tracer as my score in tshoot topic was 100
-Which action is considered a best practice for Cisco ASA firewall?
Right Answer is, Disable Console Logging

1) Which element ... ASA 1000V security policy based on a class of VMs instead of an IP
address?
security profile
security group
…
…

2) changes to snmp-server ID affects?

A- Earlier snmp configuration
B- Earlier snmp group
C- Earlier snmp user