Latest CCNP Security 642-618 Real Exam Download 31-40

Ensurepass

QUESTION 31

Refer to the exhibit.

clip_image002[4]

Which corresponding Cisco ASA Software Version 8.3 command accomplishes the same Cisco ASA Software Version 8.2 NAT configuration?

 

A.      nat (any,any) dynamic interface

B.      nat (any,any) static interface

C.      nat (inside,outside) dynamic interface

D.      nat (inside,outside) static interface

E.       nat (outside,inside) dynamic interface

F.       nat (outside,inside) static interface

 

Answer: C

 

 

QUESTION 32

Refer to the exhibit.

clip_image004[4]

Which traffic is permitted on the inside interface without any interface ACLs configured?

 

A.      any IP traffic input to the inside interface

B.      any IP traffic input to the inside interface destined to any lower security level interfaces

C.      only HTTP traffic input to the inside interface

D.      only HTTP traffic output from the inside interface

E.       No input traffic is permitted on the inside interface.

F.       No output traffic is permitted on the inside interface.

 

Answer: C

 

 

QUESTION 33

On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, how is the Cisco ASA management IP address configured?

 

A.      using the IP address global configuration command

B.      using the IP address GigabitEthernet 0/x interface configuration command

C.      using the IP address BVI x interface configuration command

D.      using the bridge-group global configuration command

E.       using the bridge-group GigabitEthernet 0/x interface configuration command

F.       using the bridge-group BVI x interface configuration command

 

Answer: C

 

 

QUESTION 34

Which statement about Cisco ASA multicast routing support is true?

 

A.      The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.

B.      The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from multicast receivers to the upstream multicast router.

C.      The Cisco ASA appliance supports DVMRP and PIM.

D.      The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled at the same time.

E.       The Cisco ASA appliance supports only IGMP v1.

 

Answer: D

 

 

QUESTION 35

Which statement about access list operations on Cisco ASA Software Version 8.3 and later is true?

 

A.      If the global and interface access lists are both configured, the global access list is matched first before the interface access lists.

B.      Interface and global access lists can be applied in the input or output direction.

C.      In the inbound access list on the outside interface that permits traffic to the inside interface, the destination IP address referenced is always the “mapped-ip” (translated) IP address of the inside host.

D.      When adding an access list entry in the global access list using the Cisco ASDM Add Access Rule window, choosing “any” for Interface applies the access list entry globally.

 

Answer: D

 

 

QUESTION 36

Refer to the exhibit.

clip_image006[4]

Which Cisco ASA CLI nat command is generated based on this Cisco ASDM NAT configuration?

 

A.      nat (dmz, outside) 1 source static any any

B.      nat (dmz, outside) 1 source static any outside

C.      nat (dmz,outside) 1 source dynamic any interface

D.      nat (dmz, outside) 1 source dynamic any interface destination dynamic outside outside

E.       nat (dmz, outside) 1 source static any interface destination static any any

F.       nat (dmz, outside) 1 source dynamic any outside destination static any any

 

Answer: C 

 

 

QUESTION 37

Refer to the exhibit.

clip_image008[4]

Which additional Cisco ASA Software Version 8.3 NAT configuration is needed to meet the following requirements?

When any host in the 192.168.1.0/24 subnet behind the inside interface accesses any destinations in the 10.10.1.0/24 subnet behind the outside interface, PAT them to the outside interface. Do not change the destination IP in the packet.

 

A.      nat (inside,outside) source static inside-net interface destination static outhosts outhosts

B.      nat (inside,outside) source dynamic inside-net interface destination static outhosts outhosts

C.      nat (outside,inside) source dynamic inside-net interface destination static outhosts outhosts

D.      nat (outside,inside) source static inside-net interface destination static outhosts outhosts

E.       nat (any, any) source dynamic inside-net interface destination static outhosts outhosts

F.       nat (any, any) source static inside-net interface destination static outhosts outhosts

 

Answer: B

 

 

QUESTION 38

A Cisco ASA appliance running software version 8.4.1 has an active botnet traffic filter license with 1 month left on the time-based license. Which option describes the result if a new botnet traffic filter with a 1 year time-based license is activated also?

 

A.      The time-based license for the botnet traffic filter is valid only for another month.

B.      The time-based license for the botnet traffic filter is valid for another 12 months.

C.      The time-based license for the botnet traffic filter is valid for another 13 months.

D.      The new 1 year time-based license for the botnet traffic filter cannot be activated until the current botnet traffic filter license expires in a month.

 

Answer: C

 

 

QUESTION 39

How many interfaces can a Cisco ASA bridge group support and how many bridge groups can a Cisco ASA appliance support?

 

A.      up to 2 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance

B.      up to 2 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance

C.      up to 4 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance

D.      up to 4 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance

E.       up to 8 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance

F.       up to 8 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance

 

Answer: D

 

 

QUESTION 40

Which addresses are considered “ambiguous addresses” and are put on the greylist by the Cisco ASA botnet traffic filter feature?

 

A.      addresses that are unknown

B.      addresses that are on the greylist identified by the dynamic database

C.      addresses that are blacklisted by the dynamic database but also are identified by the static whitelist

D.      addresses that are associated with multiple domain names, but not all of these domain names are on the blacklist

 

Answer: D

 

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Leave a Reply