QUESTION NO: 86
Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?
A.Create a class map to identify which traffic to match.
Create a policy map and apply action(s) to the traffic class(es).
Apply the policy map to an interface or globally using a service policy.
B.Create a service policy rule.
Identify which traffic to match.
Apply action(s) to the traffic.
C. Create a Layer 3 and 4 type inspect policy map.
Create class map(s) within the policy map to identify which traffic to match.
Apply the policy map to an interface or globally using a service policy.
D. Identify which traffic to match.
Apply action(s) to the traffic.
Create a policy map.
Apply the policy map to an interface or globally using a service policy.
Answer: B
QUESTION NO: 87
Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?
A. match tunnel-group
B. match access-list
C. match default-inspection-traffic
D. match port
E. match dscp
Answer: A
QUESTION NO: 88
Which configuration step (if any) is necessary to enable FTP inspection on TCP port 2121?
A. None. FTP inspection is enabled by default using the global policy.
B. Create a new class map to match TCP port 2121, then edit the global policy to inspect FTP for traffic matched by the new class map.
C. Edit default-inspection-traffic to match FTP on port 2121.
D. Add a new traffic class using the match protocol FTP option within the inspect_default class map.
Answer: B
QUESTION NO: 89
With Cisco ASA active/active or active/standby stateful failover, which state information or table is not passed between the active and standby Cisco ASA by default?
A. NAT translation table
B. TCP connection states
C. UDP connection states
D. ARP table
E. HTTP connection table
Answer: E
QUESTION NO: 90
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service
Answer: E
CCNP Security 642-618 exam has been changed by cisco, so if you want get latest 642-618 exam questions please visit http://www.lead2pass.com/642-618.html