CCNP Security 642-618 Practice Exam (46-50)

QUESTION NO: 46
Which statement about the Cisco ASA botnet traffic filter is true?
A. The four threat levels are low, moderate, high, and very high.
B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.
C. Static blacklist entries always have a very high threat level.
D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry.
Answer: C

Read More …

CCNP Security 642-618 Practice Exam (36-40)

QUESTION NO: 36
By default, how does a Cisco ASA appliance process IP fragments?
A. Each fragment passes through the Cisco ASA appliance without any inspections.
B. Each fragment is blocked by the Cisco ASA appliance.
C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the full IP packet is forwarded out.
D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet have been received.
Answer: C

Read More …