QUESTION NO: 1

During initial configuration, the Cisco ASA can be configured to drop all traffic if the ASA CX SSP fails by using which command in a policy-map?

A. cxsc fail

B. cxsc fail-close

C. cxsc fail-open

D. cxssp fail-close

Answer: B

QUESTION NO: 2

A network engineer may use which three types of certificates when implementing HTTPS

decryption services on the ASA CX? (Choose three.)

A. Self Signed Server Certificate

B. Self Signed Root Certificate

C. Microsoft CA Server Certificate

D. Microsoft CA Subordinate Root Certificate

E. LDAP CA Server Certificate

F. LDAP CA Root Certificate

G. Public Certificate Authority Server Certificate

H. Public Certificate Authority Root Certificate

Answer: B,D,F

QUESTION NO: 3

Cisco’s ASA CX includes which two URL categories? (Choose two.)

A. Proxy Avoidance

B. Dropbox

C. Hate Speech

D. Facebook

E. Social Networking

F. Instant Messaging and Video Messaging

Answer: C,E

QUESTION NO: 4

A Cisco Web Security Appliance’s policy can provide visibility and control of which two elements?

(Choose two.)

A. Voice and Video Applications

B. Websites with a reputation between -100 and -60

C. Secure websites with certificates signed under an unknown CA

D. High bandwidth websites during business hours

Answer: C,D

QUESTION NO: 5

Which Cisco Web Security Appliance design requires minimal change to endpoint devices?

A. Transparent Mode

B. Explicit Forward Mode

C. Promiscuous Mode

D. Inline Mode

Answer: A