Latest CCNP Security 642-618 Real Exam Download 81-90

Ensurepass

QUESTION 81

Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?

 

A.      The clock has not been set on the Cisco ASA appliance using the clock set command.

B.      The HTTP server has not been enabled using the http server enable command.

C.      The domain name has not been configured using the domain-name command.

D.      The inside interface IP address has not been configured using the ip address command.

E.       The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

 

Answer: E

 

 

QUESTION 82

Which statement about the Cisco ASA 5585-X appliance is true?

 

A.      The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).

B.      The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.

C.      The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).

D.      The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/s.

E.       All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

 

Answer: E

 

 

QUESTION 83

Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?

 

A.      SDEE

B.      Secure SYSLOG

C.      XML

D.      NSEL

E.       SNMPv3

 

Answer: D

 

 

QUESTION 84

Refer to the exhibit.

clip_image002

Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?

object network insidenatted

range 10.1.2.10 10.1.2.20

!

object network insidenet

range 172.16.1.10 172.16.1.100

!

object network outnatted

range 192.168.3.100 192.168.3.150

!

nat (inside,outside) after-auto 1 _______________?________________

 

A.      source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted

B.      source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted

C.      source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted interface

D.      source dynamic insidenet interface destination static Partner-internal-subnets outnatted

E.       source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted

F.       source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

 

Answer: B

 

 

QUESTION 85

By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?

 

A.      show policy-map global_policy

B.      show policy-map inspection_default

C.      show class-map inspection_default

D.      show class-map default-inspection-traffic

E.       show service-policy global

 

Answer: E

 

 

QUESTION 86

Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?

 

A.      Configuration > Firewall > Service Policy Rules

B.      Configuration > Firewall > Advanced > IP Audit > IP Audit Policy

C.      Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures

D.      Configuration > Firewall > Advanced > TCP options

E.       Configuration > Firewall > Objects > TCP Maps

F.       Configuration > Firewall > Objects > Inspect Maps

 

Answer: E

 

 

QUESTION 87

Refer to the exhibit.

clip_image004

Which two configurations are required on the Cisco ASAs so that the return traffic from the

10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)

 

A.      stateful active/active failover

B.      dynamic routing (EIGRP or OSPF or RIP)

C.      ASR-group

D.      no NAT-control

E.       policy-based routing

F.       TCP/UDP connections replication

 

Answer: A,C

 

 

QUESTION 88

Refer to the exhibit.

clip_image006Which two statements about the class maps are true? (Choose two.)

 

A.      These class maps are referenced within the global policy by default for HTTP inspection.

B.      These class maps are all type inspect http class maps.

C.      These class maps classify traffic using regular expressions.

D.      These class maps are Layer 3/4 class maps.

E.       These class maps are used within the inspection_default class map for matching the default inspection traffic.

 

Answer: B,C

 

 

QUESTION 89

Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)

 

A.      logging list test message 711001

B.      logging debug-trace

C.      logging trap debugging

D.      logging message 711001 level 7

E.       logging trap test

 

Answer: A,B,E

 

 

QUESTION 90

Which five options are valid logging destinations for the Cisco ASA? (Choose five.)

 

A.      AAA server

B.      Cisco ASDM

C.      buffer

D.      SNMP traps

E.       LDAP server

F.       email

G.      TCP-based secure syslog server

 

Answer: B,C,D,F,G

 

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.