642-617考題下載

lidongfang211

<p align="left"><p align="left">最新642-617考題分享</p></p><p align="left"><p align="left">1.Which three parameters are set using the set connection command within a policy map on the Cisco ASA 8.2 release? (Choose three.)</p></p><p align="left"><p align="left">A. per-client TCP and/or UDP idle timeout</p></p><p align="left"><p align="left">B. per-client TCP and/or UDP maximum session time</p></p><p align="left"><p align="left">C. TCP sequence number randomization</p></p><p align="left"><p align="left">D. maximum number of simultaneous embryonic connections</p></p><p align="left"><p align="left">E. maximum number of simultaneous TCP and/or UDP connections</p></p><p align="left"><p align="left">F. fragments reassembly options</p></p><p align="left"><p align="left">Answer: C,D,E</p></p><p align="left"><p align="left">2.Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to the server.</p></p><p align="left"><p align="left">A. TCPnormalizer</p></p><p align="left"><p align="left">B. TCP state bypass</p></p><p align="left"><p align="left">C. TCP intercept</p></p><p align="left"><p align="left">D. basic threat detection</p></p><p align="left"><p align="left">E. advanced threat detection</p></p><p align="left"><p align="left">F. botnet traffic filter</p></p><p align="left"><p align="left">Answer: C</p></p><p align="left"><p align="left">3.By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?</p></p><p align="left"><p align="left">A. ARP</p></p><p align="left"><p align="left">B. BPDU</p></p><p align="left"><p align="left">C. CDP</p></p><p align="left"><p align="left">D. OSPF multicasts</p></p><p align="left"><p align="left">E. DHCP</p></p><p align="left"><p align="left">Answer: A</p></p><p align="left"><p align="left">4.Refertothe exhibit. Which Cisco ASA feature can be configured using this Cisco ASDM screen?</p></p><p align="left"><p align="left">A. Cisco ASA command authorization using TACACS+</p></p><p align="left"><p align="left">B. AAA accounting to track serial,ssh, and telnet connections to the Cisco ASA</p></p><p align="left"><p align="left">C. Exec Shell access authorization using AAA</p></p><p align="left"><p align="left">D. cut-thru proxy</p></p><p align="left"><p align="left">E. AAA authentication policy for Cisco ASDM access</p></p><p align="left"><p align="left">Answer: D</p></p><p align="left"><p align="left">5.Refer to the exhibit. The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?</p></p><p align="left"><p align="left">A. The Cisco ASA has NAT control disabled on each security context.</p></p><p align="left"><p align="left">B. The Cisco ASA is using inside dynamic NAT on each security context.</p></p><p align="left"><p align="left">C. The Cisco ASA is using a unique MAC address on each security context outside interface.</p></p><p align="left"><p align="left">D. The Cisco ASA is using a unique dynamic routing protocol process on each security context.</p></p><p align="left"><p align="left">E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.</p></p><p align="left"><p align="left">Answer: C</p></p><p align="left"><p align="left">6.Which four types of ACL object group are supported on the Cisco ASA (release 8.2)? (Choose four.)</p></p><p align="left"><p align="left">A. protocol</p></p><p align="left"><p align="left">B. network</p></p><p align="left"><p align="left">C. port</p></p><p align="left"><p align="left">D. service</p></p><p align="left"><p align="left">E. icmp-type</p></p><p align="left"><p align="left">F. host</p></p><p align="left"><p align="left">Answer: A,B,D,E</p></p><p align="left"><p align="left">7.Refer to the exhibit. Which two CLI commands will result? (Choose two. ) </p></p><p align="left"><p align="left">A. aaa authorization network LOCAL</p></p><p align="left"><p align="left">B. aaa authorization network default authentication-server LOCAL</p></p><p align="left"><p align="left">C. aaa authorization command LOCAL</p></p><p align="left"><p align="left">D. aaa authorization exec LOCAL</p></p><p align="left"><p align="left">E. aaa authorization exec authentication-server LOCAL</p></p><p align="left"><p align="left">F. aaa authorization exec authentication-server</p></p><p align="left"><p align="left">Answer: C,D</p></p><p align="left"><p align="left">8.Refer to the exhibit. Which two statements about the class maps are true? (Choose two.)</p></p><p align="left"><p align="left">A. These class maps are referenced within the global policy by default for HTTP inspection.</p></p><p align="left"><p align="left">B. These class maps are all type inspect http class maps.</p></p><p align="left"><p align="left">C. These class maps classify traffic using regular expressions.</p></p><p align="left"><p align="left">D. These class maps are Layer 3/4 class maps.</p></p><p align="left"><p align="left">E. These class maps are used within theinspection_default class map for matching the default inspection traffic.</p></p><p align="left"><p align="left">Answer: C,E</p></p>