CCNP SECURITY FIREWALL 642-617 Q&AS – New Questions (11-15)

Section 4 – New Questions

QUESTION 11
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?
A.    each security context
B.    system configuration
C.    admin context (context within the admin role)
D.    context startup configuration file (.cfg file)
Answer: B

QUESTION 12
Which statement about NAT/PAT is true?
A.    Dynamic PAT is used for any traffic that is sourced from the dmz_emailserver to the outside
B.    Dynamic PAT is used for any traffic that is sourced from any host on the inside network to the outside
C.    Static NAT is used for any traffic that is sourced from the dmz_emailserver to the outside
D.    Static PAT is used for any traffic that is sourced from the dmz_emailserver to the outside
E.    Dynamic NAT is used for any traffic that is sourced from the dmz_emailserver to the outside
F.    Dynamic NAT is used for any traffic that is sourced from and host on the guest-network to the outside
Answer: B

QUESTION 13
Which statement about SNMP support is true for the Cisco ASA running 8.2.2 is true?
A.    Only support running SNMP version 1 and 2c simultaenously
B.    Support both read-only and read/write access
C.    Support three SNMP Groups: Authentication and Encryption, Authentication Only and No Authentication.
D.    The Cisco ASA can send SNMP traps the the Network Management Station only using SNMPv2
Answer: C

QUESTION 14
How many failover group are supported by Active/Active failover?
A.    1
B.    2
C.    1 on each contect
D.    2 on each context
Answer: B

QUESTION 15
Which feature is not supported on the Cisco ASA 5505 with Security Plus license?
A.    security contexts
B.    stateless Active/Standby Failover
C.    transparent firewall
D.    threat detection
E.    traffic shaping
Answer: A