Latest CCNP Security 642-618 Real Exam Download 21-30

Ensurepass

QUESTION 21

A Cisco ASA is operating in transparent firewall mode, but the MAC address table of the Cisco ASA is always empty, which causes connectivity issues. What should you verify to troubleshoot this issue?

 

A.      if ARP inspection has been disabled

B.      if MAC learning has been disabled

C.      if NAT has been disabled

D.      if ARP traffic is explicitly allowed using EtherType ACL

E.       if BPDU traffic is explicitly allowed using EtherType ACL

 

Answer: B

 

 

QUESTION 22

When active/active failover is implemented on the Cisco ASA, how many failover groups are supported on the Cisco ASA?

 

A.      1

B.      2

C.      1 failover group per configured security context

D.      2 failover groups per configured security context

 

Answer: B

 

 

QUESTION 23

Refer to the exhibit.

clip_image002

What is the resulting CLI command?

 

A.      match request uri regex _default_GoToMyPC-tunnel drop-connection log

B.      match regex _default_GoToMyPC-tunnel drop-connection log

C.      class _default_GoToMyPC-tunnel drop-connection log

D.      match class-map _default_GoToMyPC-tunnel drop-connection log

 

Answer: C 

 

 

QUESTION 24

Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?

 

A.      http 10.1.16.0 0.0.0.0 inside

B.      http 10.1.16.0 0.0.15.255 inside

C.      http 10.1.16.0 255.255.240.0 inside

D.      http 10.1.16.0 255.255.255.255

 

Answer: C

 

 

QUESTION 25

What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?

 

A.      Create a new class map.

B.      Create a new policy map and apply actions to the traffic classes.

C.      Create a new service policy rule.

D.      Create the ACLs to be referenced by any of the new class maps.

E.       Disable the default global inspection policy.

F.       Create a new firewall access rule.

 

Answer: C

 

 

QUESTION 26

Which feature is not supported on the Cisco ASA 5505 with the Security Plus license?

 

A.      security contexts

B.      stateless active/standby failover

C.      transparent firewall

D.      threat detection

E.       traffic shaping

 

Answer: A

 

 

QUESTION 27

Refer to the exhibit.

clip_image004

Which statement about the Telnet session from 10.0.0.1 to 172.26.1.200 is true?

 

A.      The Telnet session should be successful.

B.      The Telnet session should fail because the route lookup to the destination fails.

C.      The Telnet session should fail because the inside interface inbound access list will block it.

D.      The Telnet session should fail because no matching flow was found.

E.       The Telnet session should fail because inside NAT has not been configured.

 

Answer: C

 

 

QUESTION 28

With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?

 

A.      1

B.      2

C.      3

D.      4

E.       5

 

Answer: A

 

 

QUESTION 29

Which statement about SNMP support on the Cisco ASA appliance is true?

 

A.      The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.

B.      The Cisco ASA appliance supports read-only and read-write access.

C.      The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.

D.      The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.

 

Answer: C

 

 

QUESTION 30

Which command option/keyword in Cisco ASA 8.3 NAT configurations makes the NAT policy interface independent?

 

A.      interface

B.      all

C.      auto

D.      global

E.       any

 

Answer: E

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

 

Leave a Reply