Which VTP mode supports private VLANs on a switch?
Which VTP mode supports private VLANs on a switch?
Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud env
Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a
virtual cloud environment?
What is the best description of a unified ACL on a Cisco firewall?
What is the best description of a unified ACL on a Cisco firewall?
Which type of ACL is shown in this configuration?
Refer to the exhibit. Which type of ACL is shown in this configuration?
You have completed this exercise when you have configured and successfully tested Botnet traffic filter on the
CORRECT TEXT
You are the network security engineer for the Secure-X network. The company has recently
detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced
that some PCs in the internal networks are infected with malware and communicate with malware
infected destinations.
The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny
further connection attempts from infected PCs to malware destinations. You are also required to
test your configurations by initiating connections through the Cisco ASA and then display and
observe the Real-Time Log Viewer in ASDM.
To successfully complete this activity, you must perform the following tasks:
* Download the dynamic database and enable use of it.
• Enable the ASA to download of the dynamic database
• Enable the ASA to download of the dynamic database.
• Enable DNS snooping for existing DNS inspection service policy rules..
• Enable Botnet Traffic Filter classification on the outside interface for All Traffic.
• Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the
default Threat Level settings
NOTE: The database files are stored in running memory; they are not stored in flash memory.
NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20).
NOTE: Not all ASDM screens are active for this exercise.
• Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following:
• From the Employee PC, navigate to http://www.google.com to make sure that access to the
Internet is working.
• From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as
malware destination by the Cisco SIO database.
• From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified
as malware destination by the Cisco SIO database.
• From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer.
You have completed this exercise when you have configured and successfully tested Botnet traffic
filter on the Cisco ASA.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT w
CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the
Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP
address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
• Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT
using the following parameters:
• Network object name: Internal-Networks
• IP subnet: 10.10.0.0/16
• Translated IP address: 192.0.2.100
• Source interface: inside
• Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already
been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
• In the Cisco ASDM, display and view the auto-generated NAT rule.
• From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to
http://sp-srv.sp.public.
• At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured
policy and statistics for translated packets.
• At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations
for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP
address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic
network object NAT with PAT.
What type of attack is being mitigated on the Cisco ASA appliance?
Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance?
why isn’t the syslog server receiving any syslog messages?
In your role as network security administrator, you have installed syslog server software on a
server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server
receiving any syslog messages?
what will happen if syslog server 10.10.2.40 fails?
According to the logging configuration on the Cisco ASA, what will happen if syslog server
10.10.2.40 fails?
Which statement is true of the logging configuration on the Cisco ASA?
Which statement is true of the logging configuration on the Cisco ASA?