Latest CCNP Security 642-618 Real Exam Download 21-30



A Cisco ASA is operating in transparent firewall mode, but the MAC address table of the Cisco ASA is always empty, which causes connectivity issues. What should you verify to troubleshoot this issue?


A.      if ARP inspection has been disabled

B.      if MAC learning has been disabled

C.      if NAT has been disabled

D.      if ARP traffic is explicitly allowed using EtherType ACL

E.       if BPDU traffic is explicitly allowed using EtherType ACL


Answer: B




When active/active failover is implemented on the Cisco ASA, how many failover groups are supported on the Cisco ASA?


A.      1

B.      2

C.      1 failover group per configured security context

D.      2 failover groups per configured security context


Answer: B




Refer to the exhibit.


What is the resulting CLI command?


A.      match request uri regex _default_GoToMyPC-tunnel drop-connection log

B.      match regex _default_GoToMyPC-tunnel drop-connection log

C.      class _default_GoToMyPC-tunnel drop-connection log

D.      match class-map _default_GoToMyPC-tunnel drop-connection log


Answer: C 




Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the subnet?


A.      http inside

B.      http inside

C.      http inside

D.      http


Answer: C




What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?


A.      Create a new class map.

B.      Create a new policy map and apply actions to the traffic classes.

C.      Create a new service policy rule.

D.      Create the ACLs to be referenced by any of the new class maps.

E.       Disable the default global inspection policy.

F.       Create a new firewall access rule.


Answer: C




Which feature is not supported on the Cisco ASA 5505 with the Security Plus license?


A.      security contexts

B.      stateless active/standby failover

C.      transparent firewall

D.      threat detection

E.       traffic shaping


Answer: A




Refer to the exhibit.


Which statement about the Telnet session from to is true?


A.      The Telnet session should be successful.

B.      The Telnet session should fail because the route lookup to the destination fails.

C.      The Telnet session should fail because the inside interface inbound access list will block it.

D.      The Telnet session should fail because no matching flow was found.

E.       The Telnet session should fail because inside NAT has not been configured.


Answer: C




With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?


A.      1

B.      2

C.      3

D.      4

E.       5


Answer: A




Which statement about SNMP support on the Cisco ASA appliance is true?


A.      The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.

B.      The Cisco ASA appliance supports read-only and read-write access.

C.      The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.

D.      The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.


Answer: C




Which command option/keyword in Cisco ASA 8.3 NAT configurations makes the NAT policy interface independent?


A.      interface

B.      all

C.      auto

D.      global

E.       any


Answer: E


Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.


Leave a Reply