CCNP SECURITY FIREWALL 642-617 Q&AS – Pre-Production Design (16-20)

Section 1 -  Pre-Production Design

On Cisco ASA version 8.2, which four inspections are enabled by default in the global_policy? (Choose four.)
A.    HTTP
D.    ICMP
E.    TFTP
F.    SIP
Answer: BCEF
















A.    allows the configuration of predifined user account privileges
B.    allows tacacs
C.    allow backup for group fail
D.    allows AAA
Answer: A

Refer to the exhibit. Which two CLI commands will result? (Choose two. )











A.    aaa authorization network LOCAL
B.    aaa authorization network default authentication-server LOCAL
C.    aaa authorization command LOCAL
D.    aaa authorization exec LOCAL
E.    aaa authorization exec authentication-server LOCAL
F.    aaa authorization exec authentication-server
Answer: CD

What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?
A.    Create a new class map.
B.    Create a new policy map and apply actions to the traffic classes.
C.    Create a new service policy rule.
D.    Create the ACLs to be referenced by any of the new class maps.
E.    Disable the default global inspection policy.
F.    Create a new firewall access rule.
Answer: C

Which statement about the Cisco ASA 5505 configuration is true?
A.    The IP address is configured under the physical interface (ethemet 0/0 to ethemet 0/7).
B.    With the default factory configuration, the management interface (management 0/0) is configured with the IP address
C.    With the default factory configuration, Cisco ASDM access is not enabled.
D.    The switchport access vlan command can be used to assign the VLAN to each physical interface (ethemet 0/0 to ethemet 0/7).
E.    With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.
Answer: B
Official Guide – Page 51 – Chapter 2
In the initial configuration, the management interface is always configured to use IP address and subnet mask The DHCP server is configured to provide addresses from a range of to The HTTP server is con-figured to allow ASDM sessions from devices on the management network.
On ASA 5510 and higher platforms, the initial configuration always uses the Manage-ment0/0 physical interface for the management network, as shown in the top portion of
Figure 2-7. The ASA 5505, however, doesn’t have a dedicated management interface. Instead, it uses VLAN 1 for the secure “inside” network, which is assigned to physical interfaces Ethernet0/1 through 0/7.