Thanks to all participants in POST for sharing!!!
*** It would be great if any one has the time to collect all the questions in one place PDF or VCE with corrected answers.
Hereunder latest update for the exam
New Qs from 238 to 298 - (VCE) :
New questions posted in this topic:
here I answered like this and my score was 100 in troubleshoot topic so i was right:
The Cisco ASA is not configured to log messages to the syslog server at that IP address.
New connections through the ASA will be allowed and informational system logs will be sent to the internal.
System log messages with a severity level of six and lower will be logged to the internal buffer.
1. Which command in ASA allows ASDM connection from client PC over https with the Local AAA user database?
A. aaa authentication enable console LOCAL
B. aaa authentication http console LOCAL
C. aaa authentication ssh console LOCAL
D. aaa authentication Telnet console LOCAL
2. When MACSec is enabled on a device which traffic types are unencrypted - choose 2
B. DHCP offer
C. DHCP Discovery
3.What statements are true about IPv4 and IPv6 addresses on the ASA , which options are true- Something like this (choose 2) - (Something like this)
A. IPv4 and IPv6 IPs can be included in the same ACL
B. IPv4 and IPv6 IPs can not be included in the same ACL
C. IPv4 and IPv6 IPs can be added in the same Object group
D. IPv4 and IPv6 IPs can not be added in the same Object group
4. Http traffic has been configured to connect through the ASA on port 1521. When web inspection has been enabled with the default web policy, which inspection policy will be applied?
5. What feature needs to be enabled along with Dynamic ARP inspection?
A. DHCP Snooping
B. IP source gaurd
6. What option needs to be used to enable Authentication and Encryption in SNMPv3
7. ACL config exibit:
-Shows an ACL called OUTSIDE-IN controlling whether IPSEC connections are allowed
-ACL has permits on it to allow IPSEC connections to and from an inside network address of 10.10.10.x to an outside IP of 198.x.x.x along with some explicit denies
-Shows the ACL being applied to the outside interface using something like:
access-group OUTSIDE-IN in interface outside control-plane
Which direction is traffic inspected on the interface
A. Controling IP traffic from the outside interface
B. Controling IPsec traffic from the outside interface
C. Controling IP traffic to the outside interface
D. Controling IPsec traffic to the outside interface
8. You need to group similar VMs together to classify traffic on the cisco ASA 1000V. Which command would you use
9. Which are the most secure authentication and encryption options (choose two)
10. You are using Cisco Security Manager to manage your infrastructure. What protocol is used by the Cisco Security Manager client to connect to the ASA?
11. Which element ... ASA 1000V security policy based on a class of VMs instead of an IP address?
Options: security profile, security group... I chose security profile.
12. changes to snmp-server ID affects?
A- Earlier snmp configuration
B- Earlier snmp group
C- Earlier snmp user
According to cisco docs: [Hidden Content]
Changing the value of the SNMP engine ID has significant effects. A user's password (entered on the command line) is converted to a message digest5 algorithm (MD5) or Secure Hash Algorithm (SHA) security digest. This digest is based on both the password and the local engine ID. The command line password is then destroyed, as required by RFC 2274. Because of this deletion, if the local value of the engineID changes, the security digests of SNMPv3 users will become invalid, and the users will have to be reconfigured.
Similar restrictions require the reconfiguration of community strings when the engine ID changes. A remote engine ID is required when an SNMPv3 inform is configured. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.
13. Question about capture or packet tracer which command can be used to confirm or deny if the ASA is responsible for this issue?
Right Answer is Packet Tracer as my score in tshoot topic was 100
14. Which action is considered a best practice for Cisco ASA firewall?
Right Answer is, Disable Console Logging
REF: [Hidden Content]