IT인증,IT자격증,IT자격증시험,IT인증시험

http://www.pass4test.net/

CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0))덤프공부

현재 많은 IT인사들이 같은 생각을 하고 있습니다. 그것은 바로   CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREW ALL v1.0)) 인증시험 자격증 취득으로 하여 IT업계의 아주 중요한 한걸음을 내딛이는 것입니다.그만큼  CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)) 인증시험의 인기는 말 그대로 하늘을 찌르고 있습니다.Pass4Test는 많은 IT인사들이  CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0))  인증시험에 참가하는데 완벽한   CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)) 인증시험자료를 제공해드려 여러분들이 안전하게  CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)) 인증시험 자격증을 취득하게 하는 사이트입니다. Pass4Test의 자료들은 모두 Pass4Test의 전문가들의 연구와 노력 끝에  퍼펙트하게 만들어진 것입니다.우리 덤프들은 최고의 품질을 보장하며 업데이트스피드 또한 아주 빠릅니다.우리의 덤프는 모두 실제시험을 커버하여 최고의 적중율을 약속합니다.Pass4Test의 제품은 고난이도인   CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0))  시험을 한방에 패스하는데 도움드려 여러분의 사업에 많은 이익이 되어드립니다.Pass4Test가 제공하는 제품을 사용함으로 여러분은 IT업계 하이클래스와 멀지 않았습니다.Pass4Test 가 제공하는 인증시험 덤프는 여러분이  CCNP 642-617 (Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)) 시험을 안전하게 통과하는데는  물론 관연 전업 지식 장악에도 많은 도움을 드립니다.

 

 

NO.1 Refer to the exhibit.
A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be
configured on the Cisco ASA to allow the denied traffic?
A. extended ACL on the outside and inside interface to permit the multicast traffic
B. EtherType ACL on the outside and inside interface to permit the multicast traffic
C. stateful packet inspection
D. static ARP mapping
E. static MAC address mapping
Answer: A

NO.2 By default, which access rule is applied inbound to the inside interface?
A. All IP traffic is denied.
B. All IP traffic is permitted.
C. All IP traffic sourced from any source to any less secure network destinations is permitted.
D. All IP traffic sourced from any source to any more secure network destinations is permitted
Answer: C

NO.3 In which type of environment is the Cisco ASA MPF set connection advanced-options tcp-statebypass
option the most useful?
A. SIP proxy
B. WCCP
C. BGP peering through the Cisco ASA
D. asymmetric traffic flow
E. transparent firewall
Answer: D

NO.4 Refer to the exhibit.
Which two CLI commands will result? (Choose two. )
A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server
Answer: C,D

NO.5 Refer to the exhibit.
What is the resulting CLI command?
A. match request uri regex _default_GoToMyPC-tunnel drop-connection log
B. match regex _default_GoToMyPC-tunnel drop-connection log
C. class _default_GoToMyPC-tunnel drop-connection log
D. match class-map _default_GoToMyPC-tunnel drop-connection log
Answer: C

NO.6 Referto the exhibit.
Which Cisco ASA feature can be configured using this Cisco ASDM screen?
A. Cisco ASA command authorization using TACACS+
B. AAA accounting to track serial, ssh, and telnet connections to the Cisco ASA C. Exec Shell access
authorization using AAA
D. cut-thru proxy
E. AAA authentication policy for Cisco ASDM access
Answer: D

NO.7 By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without
explicitly allowing it using an ACL.?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP
Answer: A

NO.8 Refer to the exhibits.
Which five options should be entered into the five fields in the Cisco ASDM Add Static Policy NAT Rule
screen? (Choose five.)
access-list POLICY_NAT_ACL extended permit ip host 172.16.0.10 10.0.1.0 255.255.255.0 static
(dmz,outside) 192.168.2.10 access-list POLICY_NAT_ACL
A. dmz = Original Interface
B. outside = Original Interface
C. 172.16.0.10 = Original Source
D. 192.168.2.10 = Original Source
E. 10.0.1.0/24 = Original Destination
F. 192.168.2.10 = Original Destination
G. dmz = Translated Interface
H. outside = Translated Interface
I. 192.168.2.10 = Translated Use IP Address
J. 172.16.0.10 = Translated Use IP Address
Answer: A,C,E,H,I

NO.9 The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA
options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control
Answer: A,B,D

NO.10 Refer to the exhibit.
Which two statements about the class maps are true? (Choose two.)
A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within the inspection_default class map for matching the default inspection
traffic.
Answer: B,E

NO.11 hich Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and
generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back
from the client, the Cisco ASA authenticates the client and allows the connection to the server.
A. TCP normalizer
B. TCP state bypass
C. TCP intercept
D. basic threat detection
E. advanced threat detection
F. botnet traffic filter
Answer: C

NO.12 Which four types of ACL object group are supported on the Cisco ASA (release 8.2)? (Choose four.)
A. protocol
B. network
C. port
D. service
E. icmp-type
F. host
Answer: A,B,D,E

NO.13 Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections
per second, 600,000 maximum connections, and traffic shaping?
A. 5540
B. 5550
C. 5580-20
D. 5580-40
Answer: B

NO.14 Refer to the exhibit.
The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security
context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?
A. The Cisco ASA has NAT control disabled on each security context.
B. The Cisco ASA is using inside dynamic NAT on each security context.
C. The Cisco ASA is using a unique MAC address on each security context outside interface.
D. The Cisco ASA is using a unique dynamic routing protocol process on each security context.
E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the
packets to each security context.
Answer: C

NO.15 A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they
are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses
must they order that are "platform specific" to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license
Answer: D,E
Posted 2013/1/21 6:40:15  |  Category: 미분류  |  Tag: