Latest CCNP Security 642-618 Real Exam Download 91-100



When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)


A.      address translation rate

B.      Cisco ASDM session rate

C.      connections rate

D.      MAC-address learning rate (when in transparent mode)

E.       syslog messages rate

F.       stateful packet inspections rate


Answer: C,E,F




Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)


A.      Each redundant interface can have up to four physical interfaces as its member.

B.      When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.

C.      Interface duplex and speed configurations are configured under the redundant interface.

D.      Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.

E.       Each Cisco ASA supports up to eight redundant interfaces.


Answer: B,E




The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)


A.      transparent mode

B.      multiple context mode

C.      active/standby failover mode

D.      active/active failover mode

E.       routed mode

F.       no NAT-control


Answer: A,B,D




Refer to the exhibit.

clip_image002Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)


A.      enables role based privilege levels to most Cisco ASA commands

B.      enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands

C.      enables command authorization with a remote TACACS+ server

D.      enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)


Answer: A,D




Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)


A.      With active/active failover, failover link troubleshooting should be done in the system execution space.

B.      With active/active failover, ASR groups must be enabled.

C.      With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.

D.      The failed interface threshold is set to 1. Using the show monitor-interface command, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur.

E.       Syslog level 1 messages will be generated on the standby unit only if the logging standby command is used.


Answer: A,C




When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)


A.      Verify the interface status in the system execution space.

B.      Verify the mac-address-table on the Cisco ASA.

C.      Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.

D.      Verify the interface status in the user context.

E.       Verify the resource classes configuration by accessing the admin context.


Answer: A,D




Refer to the exhibit.

clip_image004On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)


A.      nat (inside) 1 global (outside) 1

B.      nat (outside) 1 global (inside 1

C.      static(inside,outside) netmask tcp 0 0 udp 0

D.      static(inside,outside) tcp 80 80

E.       object network nat (inside,outside) static

F.       object network nat (inside,outside) static

G.      access-list outside_access_in line 1 extended permit tcp any object eq http access-group outside_access_in in interface outside

H.      access-list outside_access_in line 1 extended permit tcp any object eq http access-group outside_access_in in interface outside


Answer: F,G




On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set connection command within a policy map? (Choose three.)


A.      per-client TCP and/or UDP idle timeout

B.      per-client TCP and/or UDP maximum session time

C.      TCP sequence number randomization

D.      maximum number of simultaneous embryonic connections

E.       maximum number of simultaneous TCP and/or UDP connections

F.       fragments reassembly options


Answer: C,D,E




On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)


A.      HTTP

B.      ESMTP

C.      SKINNY

D.      ICMP

E.       TFTP

F.       SIP


Answer: B,C,E,F




Which two statements about traffic shaping capability on the Cisco ASA appliance are true? (Choose two.)


A.      Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.

B.      Traffic shaping can be applied in the input or output direction.

C.      Traffic shaping can cause jitter and delay.

D.      You can configure traffic shaping and priority queuing on the same interface.

E.       With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.


Answer: A,C


Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Leave a Reply