Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams
Exam : 642-617 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0) Vendor : Cisco Version : DEMO Get Latest & Valid 642-617 Exam's Question and Answers 1 from Actual4test.com. 1
NO.1 Refer to the Exhibit. Which statement about the NAT/PAT configuration is true? A. Dynamic PAT is used for any IP traffic that is sourced from the dmz_emailserver to the outside. B. Dynamic PAT is used for any IP traffic that is sourced from any host on the inside network to the outside. C. Static NAT is used for any IP traffic that is sourced from the dmz_webserver to the outside. D. Static PAT is used for any IP traffic that is sourced from the dmz_ emailserver to the outside. E. Dynamic NAT is used for any IP traffic that is sourced from the dmz_emailserver to the outside. F. Dynamic NAT is used for any IP traffic that is sourced from any host on the guest network to the outside. Answer: B NO.2 A Cisco ASA requires an additional feature license to enable which feature? A. transparent firewall B. cut-thru proxy C. threat detection D. botnet traffic filtering E. TCP normalizer Answer: D NO.3 On the Cisco ASA, where are the Layer 5-7 policy maps applied? A. inside the Layer 3-4 policy map B. inside the Layer 3-4 class map C. inside the Layer 5-7 class map D. inside the Layer 3-4 service policy E. inside the Layer 5-7 service policy Answer: A NO.4 Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping? A. 5540 B. 5550 C. 5580-20 D. 5580-40 Answer: B NO.5 Get Latest & Valid 642-617 Exam's Question and Answers 2 from Actual4test.com. 2
Which two statements about the Cisco ASA configuration is true? (Choose two.) A. NAT Control is enabled B. The Cisco ASA is setup as the DHCP server for hosts on the inside and outside interfaces C. All IP traffic is permitted from the inside host to the outside D. All hosts on the inside and on the outside can access Cisco ASDM E. Access to the CLI in privileged mode will be authenticated using the LOCAL database on the Cisco ASA F. The ASA is using a persistent self-signed certificated so users can authenticate the Cisco ASA when accessing it via Cisco ASDM Answer: A,B Explanation: Verify each of the configuration options related to an answer option as shown below: For answer A. NAT Control is enabled Get Latest & Valid 642-617 Exam's Question and Answers 3 from Actual4test.com. 3
If the box is checked "NAT Control" is enabled. For answer B. The Cisco ASA is setup as the DHCP server for hosts on the inside and outside interface s Verify which "DHCP Enabled" field is enabled next to each interface. For answer C. All IP traffic is permitted from the inside host to the outside Get Latest & Valid 642-617 Exam's Question and Answers 4 from Actual4test.com. 4
Verify the access rules on the inside interface; note that the access rule in the example above reflects the all traffic from the inside to any destination - but option C asks if there is access rule from the inside to outside specifically - so this does not satisfy option C. For answer D. All hosts on the inside and on the outside can access Cisco ASDM Verify that access is permitted from the inside and outside for ASDM access. Get Latest & Valid 642-617 Exam's Question and Answers 5 from Actual4test.com. 5
For answer E. Access to the CLI in privileged mode will be authenticated using the LOCAL database on the Cisco ASA Verify if the "Require authentication to allow use of privileged mode commands" is configured for local access. For answer F. The ASA is using a persistent self-signed certificated so users can authenticate the Cisco ASA when accessing it via Cisco ASDM Get Latest & Valid 642-617 Exam's Question and Answers 6 from Actual4test.com. 6
Verify if a certificate has been configured. NO.6 In which type of environment is the Cisco ASA MPF set connection advanced-options tcp- state -bypass option the most useful? A. SIP proxy B. WCCP C. BGP peering through the Cisco ASA D. asymmetric traffic flow E. transparent firewall Answer: D NO.7 Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.) A. Change the default metric (admin distance) from 1 to some other value. B. Enable route tracking. C. Specify the static route as the default tunnel gateway for VPN traffic. D. Specify that the static route will not be removed, even if the interface shuts down. E. Specify a tag value to the static route that can be used as a "match" value for controlling redistribution via route maps Answer: A,B,C NO.8 By default, how does the Cisco ASA authenticate itself to the Cisco ASDM users? A. The administrator validates the Cisco ASA by examining the factory built-in identity certificate thumbprint of the Cisco ASA. B. The Cisco ASA automatically creates and uses a persistent self-signed X.509 certificate to authenticate itself to the administrator Get Latest & Valid 642-617 Exam's Question and Answers 7 from Actual4test.com. 7
C. The Cisco ASA automatically creates a self-signed X.509 certificate on each reboot to authenticate itself to the administrator. D. The Cisco ASA and the administrator use a mutual password to authenticate each other. E. The Cisco ASA authenticates itself to the administrator using a one-time password. Answer: C Get Latest & Valid 642-617 Exam's Question and Answers 8 from Actual4test.com. 8