Latest CCNP Security 642-618 Real Exam Download 101-110



Refer to the exhibit.


Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)


A.      object-group network testobj

B.      object network testobj

C.      ip address

D.      subnet

E.       nat (any,any) static dns

F.       nat (outside,inside) static dns

G.      nat (inside,outside) static dns

H.      nat (inside,any) static dns

I.        nat (any,inside) static dns


Answer: B,D,E




On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)


A.      The NAT table has four sections.

B.      Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.

C.      Auto NAT also is referred to as Object NAT.

D.      Auto NAT configurations are found only in the first (top) section of the NAT table.

E.       The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.

F.       Twice NAT is required for hosts on the inside to be accessible from the outside.


Answer: B,C




The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)


A.      Access to the ROM monitor mode is required.

B.      The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.

C.      The copy tftp flash command is necessary to start the TFTP file transfer.

D.      The server command is necessary to set the TFTP server IP address.

E.       Cisco ASA password recovery must be enabled.


Answer: A,D




Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)


A.      Identical licenses are not required on the primary and secondary Cisco ASA appliance.

B.      Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.

C.      Time-based licenses are stackable in duration but not in capacity.

D.      A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.


Answer: A,C




Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)


A.      RIP (v1 and v2)

B.      OSPF

C.      ISIS

D.      BGP

E.       EIGRP

F.       Bidirectional PIM

G.      MOSPF

H.      PIM dense mode


Answer: A,B,E,F




On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)


A.      active mode, which initiates LACP negotiation

B.      passive mode, which responds to LACP negotiation from the peer

C.      auto mode, which automatically responds to either PAgP or LACP negotiation from the peer

D.      on mode, which enables static port-channel mode

E.       off mode, which disables dynamic negotiation


Answer: A,B,D




Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)


A.      Configure the Cisco ASA TCP normalizer to permit TCP option 19.

B.      Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).

C.      Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.

D.      Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.

E.       Configure TCP state bypass to allow the BGP flows.


Answer: A,D




Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)

An inside client on the network connects to an outside server on the network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.


A.      access-list INSIDE line 1 permit tcp eq 2001

access-group INSIDE in interface inside


B.      access-list INSIDE line 1 permit tcp eq 2001

access-list INSIDE line 2 permit udp eq established access-group INSIDE in interface inside


C.      access-list OUTSIDE line 1 permit tcp eq 2001 access-list OUTSIDE line 2 permit udp eq 5000-5500

access-group OUTSIDE in interface outside


D.      access-list OUTSIDE line 1 permit tcp eq 2001 access-list OUTSIDE line 2 permit udp eq established

access-group OUTSIDE in interface outside


E.       established tcp 2001 permit udp 5000-5500


F.       established tcp 2001 permit from udp 5000-5500


G.      established tcp 2001 permit to udp 5000-5500


Answer: A,G




Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)


A.      drop

B.      priority

C.      log

D.      pass

E.       inspect

F.       reset


Answer: A,C,F




On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)


A.      2 active ports

B.      4 active ports

C.      6 active ports

D.      8 active ports

E.       2 standby ports

F.       4 standby ports

G.      6 standby ports

H.      8 standby ports


Answer: D,H


Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.


Leave a Reply