CCNP Security 642-618 Practice Exam (71-75)

QUESTION NO: 71
When active/active failover is implemented on the Cisco ASA, how many failover groups are supported on the Cisco ASA?
A. 1
B. 2
C. 1 failover group per configured security context
D. 2 failover groups per configured security context
Answer: B

QUESTION NO: 72
Refer to the exhibit.
What is the resulting CLI command?
A. match request uri regex _default_GoToMyPC-tunnel
B. drop-connection log
C. match regex _default_GoToMyPC-tunnel
D. drop-connection log
E. class _default_GoToMyPC-tunnel F. drop-connection log
G. match class-map _default_GoToMyPC-tunnel
H. drop-connection log
Answer: C

QUESTION NO: 73
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A. Verify the interface status in the system execution space.
B. Verify the mac-address-table on the Cisco ASA.
C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
D. Verify the interface status in the user context.
E. Verify the resource classes configuration by accessing the admin context.
Answer: A,D

QUESTION NO: 74
What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?
A. Create a new class map.
B. Create a new policy map and apply actions to the traffic classes.
C. Create a new service policy rule.
D. Create the ACLs to be referenced by any of the new class maps.
E. Disable the default global inspection policy.
F. Create a new firewall access rule.
Answer: C

QUESTION NO: 75
Which feature is not supported on the Cisco ASA 5505 with the Security Plus license?
A. security contexts
B. stateless active/standby failover
C. transparent firewall
D. threat detection
E. traffic shaping
Answer: A

Get more Cisco CCNP Security 642-618 exam questions, please visit http://www.lead2pass.com/642-618.html