Ensurepass

QUESTION 111

Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)

 

A.      control-plane

B.      regex

C.      inspect

D.      access-control

E.       management

F.       stack

 

Answer: B,C,E

 

 

QUESTION 112

Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

clip_image002Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)

 

A.      nat (inside,outside) static 192.168.1.100

B.      nat (inside,outside) static 172.31.0.100

C.      nat (inside,outside) static interface

D.      access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http

E.       access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http

F.       access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

 

Answer: A,D

 

 

QUESTION 113

Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)

 

A.      NAT operations can be implemented using the NAT, global, and static commands.

B.      If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.

C.      NAT configurations can use the any keyword as the input or output interface definition.

D.      The NAT table is read and processed from the top down until a translation rule is matched.

E.       Auto NAT links the translation to a network object.

 

Answer: A,B

 

 

QUESTION 114

In which two directions are the Cisco ASA modular policy framework inspection policies applied? (Choose two.)

 

A.      in the ingress direction only when applied globally

B.      in the ingress direction only when applied on an interface

C.      in the egress direction only when applied globally

D.      in the egress direction only when applied on an interface

E.       bi-directionally when applied globally

F.       bi-directionally when applied on an interface

 

Answer: A,F

 

 

QUESTION 115

Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)

 

A.      SNMPv3 Local EngineID

B.      SNMPv3 Remote EngineID

C.      SNMP Users

D.      SNMP Groups

E.       SNMP Community Strings

F.       SNMP Hosts

 

Answer: C,D,F

 

 

QUESTION 116

A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)

 

A.      AnyConnect Essentials license

B.      per-user Premium SSL VPN license

C.      VPN shared license

D.      internal user licenses

E.       Security Plus license

 

Answer: D,E

 

 

QUESTION 117

Refer to the exhibit.

clip_image004Which two statements are true? (Choose two.)

 

A.      The connection is awaiting outside ACK to SYN.

B.      The connection is initiated from the inside.

C.      The connection is active and has received inbound and outbound data.

D.      The connection is an incomplete TCP connection.

E.       The connection is a DNS connection.

 

Answer: B,C

 

 

QUESTION 118

The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)

 

A.      unique interface IP address

B.      unique interface MAC address

C.      routing table lookup

D.      MAC address table lookup

E.       unique global mapped IP addresses

 

Answer: B,E

 

 

QUESTION 119

Refer to the exhibit.

clip_image006Which two CLI commands result from this configuration? (Choose two.)

 

A.      aaa authorization network LOCAL

B.      aaa authorization network default authentication-server LOCAL

C.      aaa authorization command LOCAL

D.      aaa authorization exec LOCAL

E.       aaa authorization exec authentication-server LOCAL

F.       aaa authorization exec authentication-server

 

Answer: C,D

 

 

QUESTION 120

Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)

 

A.      Traffic that goes from a high security level interface to a lower security level interface is allowed.

B.      Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

C.      Traffic that goes from a low security level interface to a higher security level interface is allowed.

D.      Traffic between interfaces with the same security level is allowed by default.

E.       Traffic can enter and exit the same interface by default.

F.       When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.

G.      Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

 

Answer: A,B,F

 

 

Download Latest CCNP 642-618 Real Free Tests , help you to pass exam 100%.

Comments are closed.