1.
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?
2.
When the Cisco ASA detects scanning attacks, how long is the attacker who is performing the scan shunned?
3.
By default, which access rule is applied inbound to the inside interface?
4.
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
5.
Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
6.
the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks: 1. Enable HTTP inspection globally on the Cisco ASA 2. Create a new HTTP inspect Map named: http-inspect-map to: a. Enable the dropping of any HTTP connections that encounter HTTP protocol violations b. Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional. After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are filly functional. Correct Answer: Answer: Here are the step by step Solution for this: Section: (none) Explanation Explanation/Reference: Explanation: 1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name "http-inspect-map">>click on detail>> a. select "check for protocol violations" b. Action: Drop connection c. Log: Enable d. Click on Inspection: Click Add e. Select Single Match>>Match type: No Match f. Criterion: response header field g. Field: Predefined: Content type h. value: Content type i. Action: Drop connection j. Log: Enable h. ok>>>ok>>>Apply HTTP inspection is disabled in global policy by default - we need to enable and use this Inspect Map Achieve this through command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection match req-resp content-type mismatch drop-connection log policy-map global_policy class inspaection_default inspect http http-inspect-map also you have to edit the global policy to apply this inspection into it. Add/Edit HTTP Map The Add/Edit HTTP Map dialog box is accessible as follows: Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View > Add/Edit HTTP Inspect The Add/Edit HTTP Inspect dialog box lets you define the match criterion and value for the HTTP inspect map. Fields
7.
What are four properties of an IPS signature? (Choose four.)
8.
What must be configured to enable Cisco IPS appliance reputation filtering and global correlation?

 
9.
What is a best practice to follow before tuning a Cisco IPS signature?
10.
What is the status of OS Identification?