Latest CCNP Security 642-618 Real Exam Download 101-110

Ensurepass

QUESTION 101

Refer to the exhibit.

clip_image002

Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)

 

A.      object-group network testobj

B.      object network testobj

C.      ip address 10.1.1.0 255.255.255.0

D.      subnet 10.1.1.0 255.255.255.0

E.       nat (any,any) static 192.168.1.0 dns

F.       nat (outside,inside) static 192.168.1.0 dns

G.      nat (inside,outside) static 192.168.1.0 dns

H.      nat (inside,any) static 192.168.1.0 dns

I.        nat (any,inside) static 192.168.1.0 dns

 

Answer: B,D,E

 

 

QUESTION 102

On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)

 

A.      The NAT table has four sections.

B.      Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.

C.      Auto NAT also is referred to as Object NAT.

D.      Auto NAT configurations are found only in the first (top) section of the NAT table.

E.       The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.

F.       Twice NAT is required for hosts on the inside to be accessible from the outside.

 

Answer: B,C

 

 

QUESTION 103

The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)

 

A.      Access to the ROM monitor mode is required.

B.      The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.

C.      The copy tftp flash command is necessary to start the TFTP file transfer.

D.      The server command is necessary to set the TFTP server IP address.

E.       Cisco ASA password recovery must be enabled.

 

Answer: A,D

 

 

QUESTION 104

Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

 

A.      Identical licenses are not required on the primary and secondary Cisco ASA appliance.

B.      Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.

C.      Time-based licenses are stackable in duration but not in capacity.

D.      A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

 

Answer: A,C

 

 

QUESTION 105

Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)

 

A.      RIP (v1 and v2)

B.      OSPF

C.      ISIS

D.      BGP

E.       EIGRP

F.       Bidirectional PIM

G.      MOSPF

H.      PIM dense mode

 

Answer: A,B,E,F

 

 

QUESTION 106

On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)

 

A.      active mode, which initiates LACP negotiation

B.      passive mode, which responds to LACP negotiation from the peer

C.      auto mode, which automatically responds to either PAgP or LACP negotiation from the peer

D.      on mode, which enables static port-channel mode

E.       off mode, which disables dynamic negotiation

 

Answer: A,B,D

 

 

QUESTION 107

Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)

 

A.      Configure the Cisco ASA TCP normalizer to permit TCP option 19.

B.      Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).

C.      Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.

D.      Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.

E.       Configure TCP state bypass to allow the BGP flows.

 

Answer: A,D

 

 

QUESTION 108

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)

An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.

 

A.      access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001

access-group INSIDE in interface inside

 

B.      access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001

access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside

 

C.      access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500

access-group OUTSIDE in interface outside

 

D.      access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established

access-group OUTSIDE in interface outside

 

E.       established tcp 2001 permit udp 5000-5500

 

F.       established tcp 2001 permit from udp 5000-5500

 

G.      established tcp 2001 permit to udp 5000-5500

 

Answer: A,G

 

 

QUESTION 109

Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)

 

A.      drop

B.      priority

C.      log

D.      pass

E.       inspect

F.       reset

 

Answer: A,C,F

 

 

QUESTION 110

On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)

 

A.      2 active ports

B.      4 active ports

C.      6 active ports

D.      8 active ports

E.       2 standby ports

F.       4 standby ports

G.      6 standby ports

H.      8 standby ports

 

Answer: D,H

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.