Latest CCNP Security 642-618 Real Exam Download 71-80

Ensurepass

QUESTION 71

Refer to the exhibit.

clip_image002

A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?

 

A.      extended ACL on the outside and inside interface to permit the multicast traffic

B.      EtherType ACL on the outside and inside interface to permit the multicast traffic

C.      stateful packet inspection

D.      static ARP mapping

E.       static MAC address mapping

 

Answer: A 

 

 

QUESTION 72

With active/standby failover, what happens if the standby Cisco ASA does not receive three consecutive hello messages from the active Cisco ASA on the LAN failover interface?

 

A.      The standby ASA immediately becomes the active ASA.

B.      The standby ASA eventually becomes the active ASA after three times the hold-down timer interval expires.

C.      The standby ASA runs network activity tests, including ARP and ping, to determine if the active ASA has failed.

D.      The standby ASA sends additional hellos packets on all monitored interfaces, including the LAN failover interface, to determine if the active ASA has failed.

E.       Both ASAs go to the “unknown” state until the LAN interface becomes operational again.

 

Answer: D

 

 

QUESTION 73

Refer to the exhibit.

clip_image004

The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?

 

A.      The Cisco ASA has NAT control disabled on each security context.

B.      The Cisco ASA is using inside dynamic NAT on each security context.

C.      The Cisco ASA is using a unique MAC address on each security context outside interface.

D.      The Cisco ASA is using a unique dynamic routing protocol process on each security context.

E.       The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.

 

Answer: C

 

 

QUESTION 74

Refer to the exhibit.

clip_image006

The Cisco ASA is operating in transparent mode. What is required on the Cisco ASA so that R1 and R2 can form OSPF neighbor adjacency?

 

A.      Map the R1 and R2 MAC address in the Cisco ASA MAC address table using the mac-address-table static if_name MAC_address command.

B.      Configure OSPF stateful packet inspection using MPF.

C.      Apply an EtherType ACL to the inside and outside interfaces to permit OSPF multicast traffic.

D.      Apply an extended ACL to the inside and outside interfaces to permit OSPF multicast traffic.

E.       Enable Advanced Application Inspection using MPF.

 

Answer: D

 

 

QUESTION 75

On the Cisco ASA, where are the Layer 5-7 policy maps applied?

 

A.      inside the Layer 3-4 policy map

B.      inside the Layer 3-4 class map

C.      inside the Layer 5-7 class map

D.      inside the Layer 3-4 service policy

E.       inside the Layer 5-7 service policy

 

Answer: A

 

 

QUESTION 76

A Cisco ASA requires an additional feature license to enable which feature?

 

A.      transparent firewall

B.      cut-thru proxy

C.      threat detection

D.      botnet traffic filtering

E.       TCP normalizer

 

Answer: D

 

 

QUESTION 77

With Cisco ASA active/standby failover, what is needed to enable subsecond failover?

 

A.      Use redundant interfaces.

B.      Enable the stateful failover interface between the primary and secondary Cisco ASA.

C.      Decrease the default unit failover polltime to 300 msec and the unit failover holdtime to 900 msec.

D.      Decrease the default number of monitored interfaces to 1.

 

Answer: C

 

 

QUESTION 78

Refer to the exhibit.

clip_image008

Which command options represent the inside local address, inside global address, outside local address, and outside global address?

 

A.      1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local

B.      1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global

C.      1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local

D.      1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local

E.       1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

 

Answer: D

 

 

QUESTION 79

On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, which configuration is mandatory?

 

A.      NAT

B.      static routes

C.      ARP inspections

D.      EtherType access-list

E.       bridge group(s)

F.       dynamic MAC address learning

 

Answer: E

 

 

QUESTION 80

Which access rule is disabled automatically after the global access list has been defined and applied?

 

A.      the implicit global deny ip any any access rule

B.      the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces

C.      the implicit global access rule that permits all IP traffic from high security level to low security level interfaces

D.      the implicit deny ip any any rule on the global and interface access lists

E.       the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

 

Answer: B

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

 

Leave a Reply