Which feature is supported when deploying Cisco ASAv within AWS public cloud?
Correct Answer: B
Explanation The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. Explanation The ASAv on AWS supports the following features: + Support for Amazon EC2 C5 instances, the next generation of the Amazon EC2 Compute Optimized instance family. + Deployment in the Virtual Private Cloud (VPC) + Enhanced networking (SR-IOV) where available + Deployment from Amazon Marketplace + Maximum of four vCPUs per instance + User deployment of L3 networks + Routed mode (default) Note: The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs to deliver proven security functionality in a virtual form factor. The ASAv can be deployed in the public AWS cloud. It can then be configured to protect virtual and physical data center workloads that expand, contract, or shift their location over time. Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/asav/quick-start-book/asav-96 qsg/asavaws.html
Question 77
What is the result of running the crypto isakmp key ciscXXXXXXXX address 172.16.0.0 command?
Correct Answer: A
Explanation The syntax of above command is: crypto isakmp key enc-type-digit keystring {address peer-address [mask] | ipv6 ipv6-address/ ipv6-prefix | hostname hostname} [no-xauth] The peer-address argument specifies the IP or IPv6 address of the remote peer. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-crc4.html#wp6039879000 The syntax of above command is: crypto isakmp key enc-type-digit keystring {address peer-address [mask] | ipv6 ipv6-address/ ipv6-prefix | hostname hostname} [no-xauth] The peer-address argument specifies the IP or IPv6 address of the remote peer. Explanation The syntax of above command is: crypto isakmp key enc-type-digit keystring {address peer-address [mask] | ipv6 ipv6-address/ ipv6-prefix | hostname hostname} [no-xauth] The peer-address argument specifies the IP or IPv6 address of the remote peer. Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-crc4.html#wp6039879000
Question 78
Which two request methods of REST API are valid on the Cisco ASA Platform? (Choose two.)
Which RADIUS attribute can you use to filter MAB requests in an 802.1 x deployment?
Correct Answer: C
Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server. Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server. Reference: Because MAB uses the MAC address as a username and password, you should make sure that the RADIUS server can differentiate MAB requests from other types of requests for network access. This precaution will prevent other clients from attempting to use a MAC address as a valid credential. Cisco switches uniquely identify MAB requests by setting Attribute 6 (Service-Type) to 10 (Call-Check) in a MAB Access-Request message. Therefore, you can use Attribute 6 to filter MAB requests at the RADIUS server.
Question 80
Which two behavioral patterns characterize a ping of death attack? (Choose two)
Correct Answer: B,D
Explanation Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command. A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered, and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.
