Latest CCNP Security 642-618 Real Exam Download 81-90



Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?


A.      The clock has not been set on the Cisco ASA appliance using the clock set command.

B.      The HTTP server has not been enabled using the http server enable command.

C.      The domain name has not been configured using the domain-name command.

D.      The inside interface IP address has not been configured using the ip address command.

E.       The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.


Answer: E




Which statement about the Cisco ASA 5585-X appliance is true?


A.      The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).

B.      The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.

C.      The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).

D.      The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/s.

E.       All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.


Answer: E




Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?


A.      SDEE

B.      Secure SYSLOG

C.      XML

D.      NSEL

E.       SNMPv3


Answer: D




Refer to the exhibit.


Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?

object network insidenatted



object network insidenet



object network outnatted



nat (inside,outside) after-auto 1 _______________?________________


A.      source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted

B.      source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted

C.      source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted interface

D.      source dynamic insidenet interface destination static Partner-internal-subnets outnatted

E.       source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted

F.       source dynamic insidenatted interface destination static Partner-internal-subnets outnatted


Answer: B




By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?


A.      show policy-map global_policy

B.      show policy-map inspection_default

C.      show class-map inspection_default

D.      show class-map default-inspection-traffic

E.       show service-policy global


Answer: E




Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?


A.      Configuration > Firewall > Service Policy Rules

B.      Configuration > Firewall > Advanced > IP Audit > IP Audit Policy

C.      Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures

D.      Configuration > Firewall > Advanced > TCP options

E.       Configuration > Firewall > Objects > TCP Maps

F.       Configuration > Firewall > Objects > Inspect Maps


Answer: E




Refer to the exhibit.


Which two configurations are required on the Cisco ASAs so that the return traffic from the outside server back to the inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)


A.      stateful active/active failover

B.      dynamic routing (EIGRP or OSPF or RIP)

C.      ASR-group

D.      no NAT-control

E.       policy-based routing

F.       TCP/UDP connections replication


Answer: A,C




Refer to the exhibit.

clip_image006Which two statements about the class maps are true? (Choose two.)


A.      These class maps are referenced within the global policy by default for HTTP inspection.

B.      These class maps are all type inspect http class maps.

C.      These class maps classify traffic using regular expressions.

D.      These class maps are Layer 3/4 class maps.

E.       These class maps are used within the inspection_default class map for matching the default inspection traffic.


Answer: B,C




Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)


A.      logging list test message 711001

B.      logging debug-trace

C.      logging trap debugging

D.      logging message 711001 level 7

E.       logging trap test


Answer: A,B,E




Which five options are valid logging destinations for the Cisco ASA? (Choose five.)


A.      AAA server

B.      Cisco ASDM

C.      buffer

D.      SNMP traps

E.       LDAP server

F.       email

G.      TCP-based secure syslog server


Answer: B,C,D,F,G



Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Leave a Reply