CCNP SECURITY FIREWALL 642-617 Q&AS – Pre-Production Design (21-25)

Section 1 -  Pre-Production Design

QUESTION 21
Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
A.    Group Setup
B.    User Setup
C.    Shared Profile Components
D.    Network Access Profiles
E.    Network Configuration
F.    Interface Configuration
Answer: C

QUESTION 22
Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
A.    initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
B.    connecting to the console port on the Cisco AIP-SSM
C.    using the setup command on the Cisco ASA CLI
D.    using the session 1 command on the Cisco ASA CLI
E.    using the hw-module command on the Cisco ASA CLI
Answer: AD

QUESTION 23
Refer to the exhibit. Which three CLI configuration commands result from this configuration? (Choose three.)

9

 

 

 

 

 

 

 

 

 

A.    global (outside) 1 192.168.11
B.    nat (inside) 110.16.1.1
C.    static(inside.outside) 192.168.1.1 10.16.1.1 netmask 255.255.255.255 tcp 0 0 udp 0
D.    static(inside,outside) tcp 192.168.1.1 80 10.16.1.1 80
E.    access-list outside_access_in line 1 extended permit tcp any host 192.168.1.1 eq http
F.    access-list outside_access_in line 1 extended permit tcp any host 10.16.1.1 eq http
G.    access-group outside_access_in outside in
H.    access-group outside acces in inside in
Answer: CEG

QUESTION 24
Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
A.    Change the default metric (admin distance) from 1 to some other value.
B.    Enable route tracking.
C.    Specify the static route as the default tunnel gateway for VPN traffic.
D.    Specify that the static route will not be removed, even if the interface shuts down.
E.    Specify a tag value to the static route that can be used as a "match" value for controlling redistribution via route maps
Answer: ABC

QUESTION 25
On the Cisco ASA, what is the default access rule if no user-defined access lists are defined on the interfaces?
A.    All inbound connections from the lower-security interfaces to the higher-security interfaces are permitted.
B.    All outbound connections from the higher-security interfaces to the lower-security interfaces are permitted
C.    All IP traffic between interfaces with the same security levelare permitted.
D.    All IP traffic in and out of the same interface is permitted.
E.    All IP traffic is denied.
Answer: B