Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNPA doubts


I came up with some questions which I need some right answers. Can you please confirm the answers

1. What design features enable Cisco Security Appliances, such as the PIX Firewall, to outperform conventional application firewalls?

a. Adaptive Security Algorithm

b. Super-packet filtering

c. Purpose-built, real-time operating environment

d. Hot standby proxy processing

e. Cut-through proxy support

My answer - A

Book answer - C

2. Which of the following is true with respect to Cisco Security Appliance RIP support?

a. RIP routing updates cannot be propagated by a Security Appliance.

b. A Security Appliance can advertise a default route.

c. Authentication is supported only for RIP version 2.

d. RIP version 1 supports classless addressing on a Security Appliance.

e. None of these answers are correct.

My answer - a, b, c

Book answer - d

3. What features of WebVPNs differ from IPSec VPNs?

a. WebVPNs are clientless.

b. WebVPNs allow port forwarding.

c. WebVPNs securely accesses e-mail systems.

d. WebVPNs are supported only by ASA 55X0 firewalls.

e. None of these answers are correct.

My answer - ad

Book answer - ac

4. What is a new feature of Cisco Secure ACS for Windows version 3.3?

a. A password generator

b. A password database

c. Additional configuration steps for your Cisco IOS Network Access Server

d. New graphics and tables

5. Which of the following are not connection types for authenticating to a Security

Appliance? (Select all that apply.)

a. Telnet

b. SSH

c. FTP


My answer - c

book - bd

6. Which options are mandatory in every aaa authentication command on the PIX

Firewall? (Select all that apply.)

a. include/exclude

b. inbound/outbound

c. local-ip/mask

d. group-tag

e. acl-name

my answer - cd

book - abd

7. You are installing Cisco Secure ACS on your new Windows 2000 Professional, but you

cannot get it to load correctly. What is most likely the problem?

a. Cisco Secure ACS requires server software.

b. Your patch level is not up to date.

c. You are running a personal firewall or host-based IDS that is blocking the


d. You do not have administrative privileges on that system.

e. All of these answers are correct.

my answer - a

book - b

8. What does the ICMP inspection feature on the Security Appliance do?

a. It prevents the Security Appliance from being flooded with water.

b. It protects the inside network from being engulfed by rain.

c. It protects against SYN flood attacks.

d. It protects against AAA attacks.

my answer - c

book answer - d

9. Which Security Appliance feature mitigates a DoS attack that uses port 53?

a. Floodguard

b. Incomplete guard

c. Fragguard

d. DNS inspection

My answer - d

Book - c

10. Two firewalls are configured in an Active/Active fashion. Which of these

statements regarding Active/Active failover configurations is correct?

A. Use the failover active command to enable Active/Active failover on the Cisco ASA

Security Appliance.

B. Allocate interfaces to a failover group using the failover group sub-command mode.

C. Configure two failover groups: group 1 and group 2.

D. Configure failover interface parameters in the "admin" context.

My answer - c (I think failover parameters are configured on system context)

book - cd

Appreciate your early response on this.