which three types of certificates when implementing HTTPS decryption services on the ASA CX?

A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)

A network engineer may use which three types of certificates when implementing HTTPS
decryption services on the ASA CX? (Choose three.)

A.
Self Signed Server Certificate

B.
Self Signed Root Certificate

C.
Microsoft CA Server Certificate

D.
Microsoft CA Subordinate Root Certificate

E.
LDAP CA Server Certificate

F.
LDAP CA Root Certificate

G.
Public Certificate Authority Server Certificate

H.
Public Certificate Authority Root Certificate



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Jonas Rickne

Jonas Rickne

New 300-207 Exam Questions and Answers Updated Recently (14/June/2016):

NEW QUESTION 226
On which plateforms can you run CWS connector? (choose two)

A. Cisco ASA Firewall
B. Cisco IPS module
C. Standalone deployment
D. Cisco ISR router
E. Cisco Firepower NGIPS

Answer: AD

NEW QUESTION 227
Refer to the exhibit, which description of the result of this configuration is true?
Router(config)#line vty 5 15
Router(config-line)#access-class 23 in

A. Only clients denied in access list 23 can manage the router.
B. Only telnet access (TCP) is allowed on the VTY lines of this router.
C. Only clients permitted in access list 23 can manage the router.
D. Only SSH access (TCP 23) is allowed on the VTY lines of this router.

Answer: C

NEW QUESTION 228
What does the anomaly detection Cisco IOS IPS component detection ?

A. ARP Spoofing
B. Worm-infected hosts
C. Signature changes
D. Network Congestion

Answer: B

NEW QUESTION 229
Refer to the exhibit. The security engineer has configured cisco cloud web security redirection on a cisco ASA firewall. Which statement describes what can be determined from exhibit?
authUserName: LAB\user1
authenticated: true
companyName: Companyl
countryCode: US
externalIP: 209.165.200.241
groupNames:
– Test Lab
– “LAB://testgroup’l
logicalTowerNumber: 197
staticGroupNames:
– Test Lab
– “LAB://testgroup’l
userName: userl

A. In case of issues, the next step should be to perform debugging on the cisco ASA.
B. The URL visited by the user was LAB://testgroup.
C. This out has been obtained by browsing to whoami.scansafe.net
D. The IP address of the Scansafe tower is 209.165.200.241

Answer: C

NEW QUESTION 230
Refer to the exhibit. How is the “cisco” password stored?
Router (config) #username admin secret cisco
Router (config) #no service password-encryption

A. As MD5 hash
B. As Type 0
C. As Type 7
D. As Clear Text

Answer: A

NEW QUESTION 231
Refer to the exhibit. What type of password is “cisco”?
Router(config)#service password-encryption
Router(config)#username admin password cisco

A. Enhanced
B. CHAP
C. Type 7
D. Type 0

Answer: C

NEW QUESTION 232
When does the Cisco ASA send traffic to the Cisco ASA IPS module for analysis?

A. before firewall policy are applied
B. after outgoing VPN traffic is encrypted
C. after firewall policies are applied
D. before incoming VPN traffic is decrypted

Answer: C

NEW QUESTION 233
Which technique is deployed to harden network devices?

A. port-by-port router ACLs
B. infrastructure ACLs
C. transmit ACLs
D. VLAN ACLs

Answer: B

NEW QUESTION 234
Refer to the exhibit. Which option describe the result of this configuration on a Cisco ASA firewall?
asafwl (config) #http server enable
asafw1(config)#http 10.10.10.1 255.255.255.255 inside

A. The firewall allows command-line access from 10.10.10.1
B. The firewall allows ASDM access from a client on 10.10.10.1
C. The management IP address of the firewall is 10.10.10.1
D. The inside interface IP address of the firewall is 10.10.10.1

Answer: B

NEW QUESTION 235
……

P.S. These New 300-207 Exam Questions Were Just Updated From The Real 300-207 Exam, You Can Get The Newest 300-207 Dumps In PDF And VCE From — http://j.mp/300-207-exam-dumps (251q)

Good Luck !!!