CCNP SECURITY FIREWALL 642-617 Q&AS – Pre-Production Design (21-25)

Section 1 -  Pre-Production Design

Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
A.    Group Setup
B.    User Setup
C.    Shared Profile Components
D.    Network Access Profiles
E.    Network Configuration
F.    Interface Configuration
Answer: C

Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
A.    initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
B.    connecting to the console port on the Cisco AIP-SSM
C.    using the setup command on the Cisco ASA CLI
D.    using the session 1 command on the Cisco ASA CLI
E.    using the hw-module command on the Cisco ASA CLI
Answer: AD

Refer to the exhibit. Which three CLI configuration commands result from this configuration? (Choose three.)











A.    global (outside) 1 192.168.11
B.    nat (inside)
C.    static(inside.outside) netmask tcp 0 0 udp 0
D.    static(inside,outside) tcp 80 80
E.    access-list outside_access_in line 1 extended permit tcp any host eq http
F.    access-list outside_access_in line 1 extended permit tcp any host eq http
G.    access-group outside_access_in outside in
H.    access-group outside acces in inside in
Answer: CEG

Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
A.    Change the default metric (admin distance) from 1 to some other value.
B.    Enable route tracking.
C.    Specify the static route as the default tunnel gateway for VPN traffic.
D.    Specify that the static route will not be removed, even if the interface shuts down.
E.    Specify a tag value to the static route that can be used as a "match" value for controlling redistribution via route maps
Answer: ABC

On the Cisco ASA, what is the default access rule if no user-defined access lists are defined on the interfaces?
A.    All inbound connections from the lower-security interfaces to the higher-security interfaces are permitted.
B.    All outbound connections from the higher-security interfaces to the lower-security interfaces are permitted
C.    All IP traffic between interfaces with the same security levelare permitted.
D.    All IP traffic in and out of the same interface is permitted.
E.    All IP traffic is denied.
Answer: B