Latest CCNP Security 642-618 Real Exam Download 41-50



For which purpose is the Cisco ASA CLI command aaa authentication match used?


A.      Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.

B.      Enable authentication for console connections to the Cisco ASA appliance.

C.      Enable authentication for connections through the Cisco ASA appliance.

D.      Enable authentication for IPsec VPN connections to the Cisco ASA appliance.

E.       Enable authentication for SSL VPN connections to the Cisco ASA appliance.

F.       Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.


Answer: C




On the Cisco ASA Software Version 8.3 and later, which type of NAT configuration can be used to translate the source and destination IP addresses of the packet?


A.      auto NAT

B.      object NAT

C.      one-to-one NAT

D.      many-to-one NAT

E.       manual NAT

F.       identity NAT


Answer: E




Which option is one requirement before a Cisco ASA appliance can be upgraded from Cisco ASA Software Version 8.2 to 8.3?


A.      Remove all the pre 8.3 NAT configurations in the startup configuration.

B.      Upgrade the memory on the Cisco ASA appliance to meet the memory requirement of Cisco ASA Software Version 8.3.

C.      Request new Cisco ASA licenses to meet the 8.3 licensing requirement.

D.      Upgrade Cisco ASDM to version 6.2.

E.       Migrate interface ACL configurations to include interface and global ACLs.


Answer: B




Which statement about the Cisco ASA botnet traffic filter is true?


A.      The four threat levels are low, moderate, high, and very high.

B.      By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.

C.      Static blacklist entries always have a very high threat level.

D.      A static or dynamic blacklist entry always takes precedence over the static whitelist entry.


Answer: C




Refer to the exhibit.


Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?


A.      route dmz route dmz

B.      route dmz 1 route dmz 1

C.      route dmz route dmz 2

D.      route dmz route dmz

E.       route dmz 1 route dmz 1

F.       route dmz route dmz 2


Answer: F




Which statement about static or default route on the Cisco ASA appliance is true?


A.      The admin distance is 1 by default.

B.      From the show route output, the [120/3] indicates an admin distance of 3.

C.      A default route is specified using the address/mask combination.

D.      The tunneled command option is used to enable route tracking.

E.       The interface-name parameter in the route command is an optional parameter if the static route points to the next-hop router IP address.


Answer: A




Refer to the exhibit.


Which Cisco ASA configuration has the minimum number of the required configuration commands to enable the Cisco ASA appliance to establish EIGRP neighborship with its two neighboring routers?


A.      router eigrp 1 network

B.      router eigrp 1 network network network

C.      router eigrp 1 network network

D.      router eigrp 1 network network network network

E.       router eigrp 1 network


Answer: A




Which configuration step is the first to enable PIM-SM on the Cisco ASA appliance?


A.      Configure the static RP IP address.

B.      Enable IGMP forwarding on the required interface(s).

C.      Add the required static mroute(s).

D.      Enable multicast routing globally on the Cisco ASA appliance.

E.       Configure the Cisco ASA appliance to join the required multicast groups.


Answer: D




Refer to the exhibit.


Which option describes the problem with this botnet traffic filter configuration on the Cisco ASA appliance?


A.      The traffic classification ACL is not defined.

B.      The use of the dynamic database is not enabled.

C.      DNS snooping is not enabled.

D.      The threat level range for the traffic to be dropped is not defined.

E.       The static black and white list entries should use domain name instead of IP address.


Answer: C




In the default global policy, which traffic is matched for inspections by default?


A.      match any

B.      match default-inspection-traffic

C.      match access-list

D.      match port

E.       match class-default


Answer: B


Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Leave a Reply