CCNP Security 642-618 Practice Exam (86-90)

QUESTION NO: 86
Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?
A.Create a class map to identify which traffic to match.
Create a policy map and apply action(s) to the traffic class(es).
Apply the policy map to an interface or globally using a service policy.
B.Create a service policy rule.
Identify which traffic to match.
Apply action(s) to the traffic.
C. Create a Layer 3 and 4 type inspect policy map.
Create class map(s) within the policy map to identify which traffic to match.
Apply the policy map to an interface or globally using a service policy.
D. Identify which traffic to match.
Apply action(s) to the traffic.
Create a policy map.
Apply the policy map to an interface or globally using a service policy.
Answer: B

Read More …

CCNP Security 642-618 Practice Exam (81-85)

QUESTION NO: 81
Refer to the exhibit.
***Exhibit is Missing***
Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)
A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns nat (outside,inside) static 192.168.1.0 dns
F. nat (inside,outside) static 192.168.1.0 dns nat (inside,any) static 192.168.1.0 dns
G. nat (any,inside) static 192.168.1.0 dns
Answer: B,D,E

Read More …

CCNP Security 642-618 Practice Exam (76-80)

QUESTION NO: 76
Which statement about SNMP support on the Cisco ASA appliance is true?
A. The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.
B. The Cisco ASA appliance supports read-only and read-write access.
C. The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.
D. The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.
Answer: C

Read More …

CCNP Security 642-618 Practice Exam (66-70)

QUESTION NO: 66
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.
Answer: B,E

Read More …

CCNP Security 642-618 Practice Exam (56-60)

QUESTION NO: 56
Refer to the exhibit.
Which two configurations are required on the Cisco ASAs so that the return traffic from the
10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)
A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication
Answer: A,C

Read More …

CCNP Security 642-618 Practice Exam (51-55)

QUESTION NO: 51
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation
Answer: A,B,D

Read More …

CCNP Security 642-618 Practice Exam (46-50)

QUESTION NO: 46
Which statement about the Cisco ASA botnet traffic filter is true?
A. The four threat levels are low, moderate, high, and very high.
B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.
C. Static blacklist entries always have a very high threat level.
D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry.
Answer: C

Read More …