According to the logging configuration on the Cisco ASA, what will happen if syslog server
10.10.2.40 fails?
A.
New connections through the ASA will be blocked and debug system logs will be sent to the
internal buffer.
B.
New connections through the ASA will be blocked and informational system logs will be sent to
the internal buffer.
C.
New connections through the ASA will be blocked and system logs will be sent to server
10.10.2.41.
D.
New connections through the ASA will be allowed and system logs will be sent to server
10.10.2.41.
E.
New connections through the ASA will be allowed and informational system logs will be sent to
the internal buffer.
F.
New connections through the ASA will be allowed and debug system logs will be sent to the
internal buffer.
Explanation:
This is shown by the following screen shot:
Can someone explain why “B” is the correct answer. I believe that the ASA will have no reason to drop all new connections if the log server is unavailable and thus answer “E” should be the correct one.
0
0
Keith i did some research. Apparently if u use TCP for syslog and the syslog server fails new connections will be blocked. In the screenshot it is not clear if tcp syslog is enabled.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_syslog.html#wp1541683
0
0
E is the correct one here. There’s no logic to block all traffic through ASA because syslog server is not reachable anymore.
0
0
guys, I will recommend you to chek what protocol is the ASA using under Syslog servers tab.
If using UDP, the ASA will keep sending syslogs even if syslog is not reachable.
When using TCP, the ASA will start dropping connections unless you specify the keyword “permit-hostdown” from CLI and from ASDM it is located at the bottom of Syslog Servers tab, there is a check to ‘Allow user traffic to pass when TCP syslog server is down’
More reference on the below link:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/monitor_syslog.html#wp1092814
Hope it helps.
0
0
Hi Josh, assuming it’s the same simulation as previous question – it uses UDP (see picture in the link), is the answer D – it will (try to) send to the server?
https://cdn.briefmenow.org/wp-content/uploads/300-206-v2/46.jpg
0
0
Questions no valid.
0
0
New 300-206 Exam Questions and Answers Updated Recently (6/Feb/2016):
NEW QUESTION 197
How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment?
A. 1GB
B. 5GB
C. 2GB
D. 10GB
Answer: C
NEW QUESTION 198
Which feature is a limitation of a Cisco ASA 5555-X running 8.4.5 version with multiple contexts?
A. Deep packet inspection
B. Packet tracer
C. IPsec
D. Manual/auto NAT
E. Multipolicy packet capture
Answer: C
NEW QUESTION 199
When access rule properties are configured within ASDM, which traffic direction type is required by global and management access rule?
A. Any
B. Both in and out
C. In
D. Out
Answer: C
NEW QUESTION 200
Which option is a different type of secondary VLAN?
A. Transparent
B. Promiscuous
C. Virtual
D. Community
Answer: B
NEW QUESTION 201
Refer to the exhibit. Which statement about this access list is true?
access-list test: extended premit ip 2001:DB5:7::/64
192.168.1.0 255.255.255.0
A. This access list does not work without 6to4 NAT
B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default
C. This access list is valid and works without additional configuration
D. This access list is not valid and does not work at all
E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic
Answer: D
NEW QUESTION 202
Which option must be configured on a transparent Cisco ASA adaptive security appliance for it to be managed over Layer 3 networks?
A. Static routes
B. Routed interface
C. Security context
D. BVI
Answer: D
NEW QUESTION 203
Which statement about Dynamic ARP Inspection is true ?
A. In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted
B. DAI associates a trust state with each switch
C. DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database
D. DAI intercepts all ARP requests and responses on trusted ports only
E. DAI cannot drop invalid ARP packets
Answer: C
NEW QUESTION 204
Which command is the first that you enter to check whether or not ASDM is installed on the ASA?
A. Show ip
B. Show running-config asdm
C. Show running-config boot
D. Show version
E. Show route
Answer: B
NEW QUESTION 205
Which option is the Cisco ASA on-box graphical management solution?
A. SSH
B. ASDM
C. Console
D. CSM
Answer: B
NEW QUESTION 206
……
P.S. These New 300-206 Exam Questions Were Just Updated From The Real 300-206 Exam, You Can Get The Newest 300-206 Dumps In PDF And VCE From — http://bitly.com/1Pg5mjR (222q)
Good Luck !!!
0
0
Hi Keith Morison, crazybat, Thomas Jobergessen, Josh:
In the screen shot above is showing partially “Teardown UDP connection” is that you mean?
If so, is the answer E?
0
0