[2017-5-NEW] High Success Rate CCNP Security 300-206 Dumps SENSS 223Q&As Share[1- 8] Is Your Reliable Partner

Have you ever used Actualcert 300-206 Dumps senss? The braindump is latest updated certification training material, which includes all questions in the real exam that can 100% guarantee to pass your exam.

Exam Code: 300-206
Exam Name: Implementing Cisco Edge Network Security Solutions
Updated: May 21, 2017
Q&As: 222

Actualcert 300-206 Dumps Related Job Functions:

  • Network Analyst
  • Network Engineer
  • Network Technician
  • Network Designer
  • Security Analyst
  • Security Auditor
  • Penetration Tester
  • Security Architect
  • Technical Manager

These real questions and answers can lead to some really great things. Actualcert 300-206 dumps are used with no problem. Using Actualcert exam dumps, you will achieve success.
300-206

Actualcert Latest and Most Accurate Cisco 300-206 Dumps Exam Q&As

QUESTION 1
Which command configures the SNMP server group1 to enable authentication for members of the access
list east?
A. snmp-server group group1 v3 auth access east
B. snmp-server group1 v3 auth access east
C. snmp-server group group1 v3 east
D. snmp-server group1 v3 east access
Correct Answer: A

QUESTION 2
Which statement about Cisco ASA multicast routing support is true?
A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from
multicastreceivers to the upstream multicast router.
C. The Cisco ASA appliance supports DVMRP and PIM.
D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled at
thesame time.
E. The Cisco ASA appliance supports only IGMP v1.
Correct Answer: D

QUESTION 3
Enabling what security mechanism can prevent an attacker from gaining network topology information from
CDP via a man-in-the-middle attack?
A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection
Correct Answer: A

QUESTION 4
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?
A. object-group
B. network group-object
C. object-group network
D. group-object
Correct Answer: D

QUESTION 5
Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose
two.)
A. NAT
B. dynamic routing
C. SSL remote access VPN
D. IPSec remote access VPN
Correct Answer: AB

QUESTION 6
Which option is the Cisco ASA on-box graphical management solution?
A. SSH
B. ASDM
C. Console
D. CSM
Correct Answer: B

QUESTION 7
Which action is needed to set up SSH on the Cisco ASA firewall?
A. Create an ACL to aloew the SSH traffic to the Cisco ASA.
B. Configure DHCP for the client that will connect via SSH.
C. Generate a crypto key
D. Specify the SSH version level as either 1 or 2.
E. Enable the HTTP server to allow authentication.
Correct Answer: C

QUESTION 8
Which command is the first that you enter to check whether or not ASDM is installed on the ASA?
A. Show ip
B. Show running-config asdm
C. Show running-config boot
D. Show version
E. Show route
Correct Answer: D

CCNP Security 300-206 Dumps: SENSS Part 1-1

Actualcert can provide professional and high quality products. It is the industry leader in providing IT certification information. To selecte Actualcert is to choose success. Actualcert’s Cisco 300-206 Training online is your magic weapon to success. With it, you will pass the exam and achieve excellent results, towards your ideal place.

Notes for the SENSS exam, mapped against Cisco’s blueprint for the Actualcert 300-206 dumps. As there are no books for this exam, my sources for this primarily came from various manuals and documentation available on Cisco’s site. Whether a blueprint item is listed as “implement” or “describe” determined how far in depth I studied the particular topic. Notes focus on CLI

Free Download Realistic Cisco 300-207 Dumps with PDF Format

300-207 dumps

Cisco 300-207

QUESTION 26
What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?
A. filterconfig
B. filters new
C. messagefilters
D. policyconfig– inbound or outbound– filters Correct Answer: B
Explanation Explanation/Reference:
QUESTION 27
A Cisco Email Security Appliance uses which message filter to drop all executable attachments entering and leaving the Cisco Email Security Appliance?
A. drop-exE. if (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”) { drop(); }
B. drop-exE. if (recv-listener == “InboundMail” ) AND ( (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”)) { drop(); }
C. drop-exe! if (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”) { drop(); }
D. drop-exe! if (recv-listener == “InboundMail” ) AND ( (attachment-filename == “\\.exe$”) OR (attachment-filetype == “exe”)) { drop(); }
Correct Answer: A Explanation
Explanation/Reference: QUESTION 28
What can Cisco Prime Security Manager (PRSM) be used to achieve?
A. Configure and Monitor Cisco CX Application Visibility and Control, web filtering, access and decryption policies
B. Configure Cisco ASA connection limits
C. Configure TCP state bypass in Cisco ASA and IOS
D. Configure Cisco IPS signature and monitor signature alerts
E. Cisco Cloud Security on Cisco ASA
Correct Answer: A Explanation
Explanation/Reference:

 

QUESTION 29
Which is the default IP address and admin port setting for https in the Cisco Web Security Appliance?
A. http://192.168.42.42:8080
B. http://192.168.42.42:80
C. https://192.168.42.42:443
D. https://192.168.42.42:8443
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 30
Which port is used for CLI Secure shell access?
A. Port 23
B. Port 25
C. Port 22
D. Port 443
Correct Answer: C Explanation
Explanation/Reference:

300-207 dumps
QUESTION 31
Which Cisco technology prevents targeted malware attacks, provides data loss prevention and spam protection, and encrypts email?
A. SBA
B. secure mobile access
C. IPv6 DMZ web service
D. ESA
Correct Answer: D Explanation
Explanation/Reference: QUESTION 32
Which Cisco technology combats viruses and malware with virus outbreak filters that are downloaded from Cisco SenderBase?
A. ASA
B. WSA
C. Secure mobile access
D. IronPort ESA
E. SBA
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 33
Which Cisco WSA is intended for deployment in organizations of up to 1500 users?
A. WSA S370
B. WSA S670
C. WSA S370-2RU
D. WSA S170
Correct Answer: D Explanation
Explanation/Reference:

Now we are one step ahead in providing updated real exam dumps for Cisco 300-207 dumps Passsoon for Cisco. Buy Cisco 300-207 dumps and get Cisco 300-207 certified. We provide Cisco 300-207 dumps passing guarantee as we will provide you same questions of CCNA Routing and Switching exam with their answers. Our Cisco 300-207 questions answers are verified by experts. If you fail then mail us your result scan copy on [email protected] and get full refund.

Read More: http://www.work2you.org/latest-full-training-70-410-exam-questions/

http://cisco-200-120-dumps.myfreesites.net/cisco-200-120-dumps     

 

Cisco 642-648 Certification, Buy Latest Cisco 642-648 Study Guides Latest Version PDF&VCE

Welcome to download the newest Flydumps 70-470 dumps 

FLYDUMPS Cisco 642-648 exam sample questions that we can provide are based on the extensive research and real-world experiences from our online trainers, with so many years of IT and certification experience. flydumps Checkpoint 156-315 exam sample questions covers all the practice test objectives to pass Cisco 642-648 exam. It includes Checkpoint 156-315 study guide, Cisco 642-648 test questions, as well as PDF and Interactive Testing Engine. The Cisco 642-648 exam sample questions as well as our other Citrix Cisco 642-648 exam training are not only priced to be easy on your budget – but each one is also backed with our guarantee. flydumps guarantees that after using our Citrix certification Cisco 642-648 exam sample questions, you will be prepared to take and pass your Citrix Cisco 642-648 exam. So do not neglect the so good chance, FLYDUMPS will help you get Microsoft certification.

QUESTION 82
Refer to the exhibit. A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?

A. “engineering” Group Policy
B. “contractor” Connection Profile
C. DefaultWEBVPNGroup Group Policy
D. DefaultRAGroup Group Policy
E. “engineer1” AAA/Local Users

Correct Answer: A Section: (none) Explanation Explanation/Reference:
“First Test, First Pass” – www.lead2pass.com 35 Cisco 642-648 Exam
QUESTION 83
Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel groups from a drop-down menu on the Cisco WebVPN login page. As the Cisco ASA administrator, how would you accomplish this task?

A. Define a special identity certificate with multiple groups, which are defined in the certificate OU field, that will grant the certificate holder access to the named groups on the login page.
B. Under Group Policies, define a default group that encompasses the required individual groups that will appear on the login page.
C. Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that will appear on the login page.
D. Under Connection Profiles, enable “Allow user to select connection profile.”

Correct Answer: D Section: (none) Explanation
QUESTION 84
Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have “admin” privileges to their PCs. What is the correct way to configure the SSL VPN tunnel to allow this application to run?
A. Configure a smart tunnel for the application.
B. Configure a “finance tool” VNC bookmark on the employee clientless SSL VPN portal.
C. Configure the plug-in that best fits the application.
D. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

Correct Answer: A Section: (none) Explanation
QUESTION 85
Refer to the exhibit. A junior network engineer configured the corporate Cisco ASA appliance to accommodate a new temporary worker. For security reasons, the IT department wants to restrict the internal network access of the new temporary worker to the corporate server, with an IP address of 10.0.4.10. After the junior network engineer finished the configuration, an IT security specialist tested the account of the temporary worker. The tester was able to access the URLs of additional secure servers from the WebVPN user account of the temporary worker.
“First Test, First Pass” – www.lead2pass.com 36 Cisco 642-648 Exam
What did the junior network engineer configure incorrectly?

A. The ACL was configured incorrectly.
B. The ACL was applied incorrectly or was not applied.
C. Network browsing was not restricted on the temporary worker group policy.
D. Network browsing was not restricted on the temporary worker user policy.

Correct Answer: B Section: (none) Explanation
QUESTION 86
Which statement about plug-ins is false?
A. Plug-ins do not require any installation on the remote system.
B. Plug-ins require administrator privileges on the remote system.
C. Plug-ins support interactive terminal access.
D. Plug-ins are not supported on the Windows Mobile platform.

Correct Answer: B Section: (none) Explanation
QUESTION 87
A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security
auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are
the network engineer who is responsible for the network access of the temporary user.
What should you do to restrict SSH access to the one projects.xyz.com server?

A. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.
B. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.
C. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.
D. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker. “First Test, First Pass” – www.lead2pass.com 37 Cisco 642-648 Exam

Correct Answer: C Section: (none) Explanation
QUESTION 88
Refer to the exhibit.You are the network security administrator. You have received calls from site-to-site IPsec VPN users saying that they cannot connect into the network. In troubleshooting this problem, you discover that some sites can connect, but other sites cannot. It is not always the same sites experiencing problems. You suspect that the permitted number of simultaneous logins has been reached and needs to be increased. In which configuration window or tab should you accomplish this task?

A. in the IKE Policies window
B. in the IKE Parameters window
C. in the System Options window
D. in the Device Management tab

Correct Answer: C Section: (none) Explanation
QUESTION 89
When troubleshooting a site-to-site IPsec VPN deployment, you see a QM FSM message. What is “First Test, First Pass” – www.lead2pass.com 38 Cisco 642-648 Exam
the most likely cause of this message?
A. The Quick Mode timers have expired.
B. There are mismatched proxy identities.
C. Forward Secrecy Mode has failed.
D. IKE Phase 1 has failed authentication due to mismatched DH groups.

Correct Answer: B Section: (none) Explanation
QUESTION 90
Refer to the exhibit. Given the example that is shown, what can you determine?

A. Users are required to perform RADIUS or LDAP authentication when connecting with the Cisco AnyConnect client.
B. Users are required to perform AAA authentication when connecting via WebVPN.
C. Users are required to perform double AAA authentication.
D. The user access identity is prefilled at login, requiring users to enter only their password.

Correct Answer: C Section: (none) Explanation
QUESTION 91
You are the network security administrator. You receive a call from a user stating that he cannot log onto the network. In the process of troubleshooting, you determine that this user is accessing the network via certificate-based Cisco AnyConnect SSL VPN. What is a troubleshooting step that you should perform to determine the cause of the access problem?
A. Revoke and reissue the certificate, and have the user try again.
B. Verify that a connection can be made without using certificates.
C. Ask the user to use IPsec, and test the connection attempts.
D. Check the WebACLs on the Cisco ASA.

Correct Answer: B Section: (none) Explanation
QUESTION 92
When deploying clientless SSL VPNs, what should you do to support external unmanaged VPN clients?
A. Deploy a private PKI service.
B. Issue self-signed identity certificates for the external clients that you wish to provide with access to your enterprise.
C. Configure policies specifically for the clients that have a group userID and password. “First Test, First Pass” – www.lead2pass.com 39 Cisco 642-648 Exam
D. Implement a global PKI service.

Correct Answer: D Section: (none) Explanation
QUESTION 93
Which option limits a clientless SSL VPN user to specific resources upon successful login?
A. modify the Cisco ASA Modular Policy Framework access control
B. user-defined bookmarks
C. RADIUS authorization
D. disable portal features

Correct Answer: B Section: (none) Explanation
QUESTION 94
Some users are having problems connecting via clientless SSL VPN, while other users are experiencing no problems. What is one possible cause of this issue?
A. The Cisco ASA identity certificates have not been generated.
B. SSL version checking is enabled, and clients are connecting with denied versions.
C. SSL VPN termination is not enabled.
D. The Cisco ASA identity certificate is not bound to the SSL interface.

Correct Answer: B Section: (none) Explanation
QUESTION 95
You have just configured new clientless SSL VPN access parameters. However, when users connect, they are not getting the expected access that was configured. What is one possible reason this is occurring?
A. The correct Tunnel Group Lock is not properly set.
B. The corresponding Cisco ASA interface is not enabled for SSL VPN access.
C. The Connection Alias is not enabled.
D. Portal features are disabled.

Correct Answer: A Section: (none) Explanation
QUESTION 96
When a VPN client that is using redundant peering and has obtained an IP address from the primary VPN gateway loses connection to that gateway, how is traffic rerouted?
A. The secondary VPN gateway automatically routes the traffic back to the client using the same IP address.
B. Redundant Internet routing protocols reroute the traffic to and from the client and the gateway.
C. The secondary VPN gateway issues the client a new IP address and routes traffic accordingly.
D. Traffic flow stops, and the client must reestablish connection. Once connection is established, the same IP address is issued to the client and similarly routed.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“First Test, First Pass” – www.lead2pass.com 40 Cisco 642-648 Exam
QUESTION 97
When configuring dead peer detection for remote-access VPN, what does the confidence level parameter represent?
A. It specifies the number of seconds the adaptive security appliance should allow a peer to idle before beginning keepalive monitoring.
B. It specifies the number of seconds to wait between IKE keepalive retries.
C. The higher the number, the more reliable the link is.
D. It is determined dynamically based on reliability, uptime, and load.

Correct Answer: A Section: (none) Explanation
QUESTION 98
Which statement is true regarding Cisco ASA stateful failover?
A. It is recommended to share the failover link with the inside interface for security purposes.
B. The failover link is encrypted by default to protect eavesdropping.
C. VPN users must reauthenticate, even though the connection remains established.
D. Clientless features, such as smart tunnels and plug-ins, are not supported.

Correct Answer: D Section: (none) Explanation
QUESTION 99
Which statement is true about configuring the Cisco ASA for Active/Standby failover?
A. All versions of Cisco ASA software need to have the same licensing on both devices.
B. Both devices perform load sharing until a failure occurs.
C. All VPN-related configurations and files are automatically replicated.
D. VPN images, profiles, and plug-ins must be manually provisioned to both devices.

Correct Answer: D Section: (none) Explanation
QUESTION 100
When configuring the Cisco ASA for VPN clustering, which IP address or addresses does the end- user device connect to?
A. It connects to individual device addresses of the cluster as provided in the connection profile.
B. It connects to the virtual address.
C. The virtual cluster manager sends the IP address of the least loaded device. The client then connects directly to that device.
D. The connection IP address is dependent upon whether the initiator is using SSL or IPsec.

Correct Answer: B Section: (none) Explanation

The Flydumps New Cisco 642-648 practice tests helps the user to keep a check on their learning and understanding and improve for the Cisco 642-648 exam. Flydumps makes you pass your exam much easier.

Welcome to download the newest Pass4itsure 1Z0-803 dumps: http://www.pass4itsure.com/1Z0-803.html

ISEB BH0-005 Exam Collection, First-hand ISEB BH0-005 New Questions On Sale

Cisco 642-648 Actual Test, Most Popular Cisco 642-648 Study Guide Sale

Welcome to download the newest Dumpsoon 642-883 VCE dumps:

The Cisco 642-648 exams are conducted at some levels for testing the skills that are necessary for the networking fields. The  Cisco 642-648 Certification Exam exams are providing the methods for improving the quality of life. The  Cisco 642-648 exam sample questions is useful for solving the security integration problems. The Cisco 642-648 exam sample questions are found to be helpful not only for the job seekers, but also for the working professionals. Cisco 642-648 exam sample questions gives the solutions for the networking problems that are caused by latest developments.This Cisco 642-648 exam sample questions is a professional exam widely recognized by the professionals, it is highly focused by candidates.

QUESTION 57
Cisco Secure Desktop seeks to minimize the risks that are posed by the use of remote devices in establishing a Cisco clientless SSL VPN or Cisco AnyConnect VPN Client session. Which two statements concerning the Cisco Secure Desktop Host Scan feature are correct? (Choose two.)
A. It is performed before a user establishes a connection to the Cisco ASA.
B. It is performed after a user establishes a connection to the Cisco ASA but before logging in.
C. It is performed after a user logs in but before a group profile is applied.
D. It is supported on endpoints that run a Windows operating system only.
E. It is supported on endpoints that run Windows and MAC operating systems only.
F. It is supported on endpoints that run Windows, MAC, and Linux operating systems.

Correct Answer: BF Section: (none) Explanation
QUESTION 58
Which four statements about the Advanced Endpoint Assessment are correct? (Choose four.)
A. It examines the remote computer for personal firewall applications. “First Test, First Pass” – www.lead2pass.com 23 Cisco 642-648 Exam
B. It examines the remote computer for antivirus applications.
C. It examines the remote computer for antispyware applications.
D. It examines the remote computer for malware applications.
E. It does not perform any remediation, but it provides input that can be evaluated by DAP records.
F. It performs active remediation by applying rules, activating modules, and providing updates where applicable.

Correct Answer: ABCF Section: (none) Explanation
QUESTION 59
The software-based Cisco IPsec VPN Client solution uses bidirectional authentication, in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based Cisco IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)
A. Unified Client Certificate authentication
B. Secure Unit authentication
C. Hybrid authentication
D. Certificate authentication
E. Group authentication

Correct Answer: CDE Section: (none) Explanation
QUESTION 60
Which two options are correct regarding IKE and IPv6 VPN support on the Cisco ASA using version 8.4? (Choose two.)
A. The Cisco ASA supports full IKEv2 IPv6 for site-to-site VPNs only.
B. The Cisco ASA supports full IKEv2 IPv6 for remote-access VPNs.
C. The Cisco ASA supports IKEv1 and IKEv2 configuration on the same crypto map.
D. The Cisco ASA supports negotiation of authentication type using IKEv2 with IPv6.
E. The Cisco ASA supports all types of VPN configurations when using IPv6

Correct Answer: AC Section: (none) Explanation
QUESTION 61
In Cisco ASDM v6.4, what are four ways to implement single sign-on (SSO)? (Choose four.)
A. Use SSO for smart tunnels.
B. Use Kerberos SSO.
C. Use the HTTP Form protocol.
D. Use a dedicated SSO server.
E. Use SSO for application plug-ins.
F. Use auto sign-on for servers that do not require authentication credentials.

Correct Answer: ACDE Section: (none) Explanation
QUESTION 62
An on-screen keyboard is a programmable SSL VPN option. Which three options are keyboard-configurable parameters that the administrator can enable or disable? (Choose three.)
“First Test, First Pass” – www.lead2pass.com 24 Cisco 642-648 Exam
A. Show only if Secure Desktop Vault is disabled.
B. Do not show onscreen keyboard.
C. Show only for the login page.
D. Show for all user input fields.
E. Show for all portal pages that require authentication.
F. Show for all plug-in pages.

Correct Answer: BCE Section: (none) Explanation QUESTION 63
Which three statements concerning keystroke logger detection are correct? (Choose three.)
A. It requires administrative privileges in order to run.
B. It runs on Windows and MAC OS X systems.
C. It detects loggers that run as a process or kernel module.
D. It detects both hardware- and software-based keystroke loggers.
E. It allows the administrator to define “safe” keystroke logger applications.

Correct Answer: ACE Section: (none) Explanation
QUESTION 64
Cisco AnyConnect profiles can be used to set which three options? (Choose three.)
A. Define a list of VPN gateways that are presented to users upon login.
B. Define a quarantine VLAN for remote devices that fail a host scan.
C. Define a guest VLAN to all “noncompany” Cisco IOS WebVPN users.
D. Define a list of backup servers if primary gateways are unavailable.
E. Activate the SSL VPN tunnel as part of the Windows login sequence.
F. Configure the Cisco Secure Desktop vault.

Correct Answer: ADE Section: (none) Explanation
QUESTION 65
Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)
A. LDAP
B. FTP
C. TFTP
D. HTTP
E. SCEP
F. Manual

Correct Answer: EF Section: (none) Explanation
QUESTION 66
Which four parameters must be defined in an ISAKMP policy when you are creating an IPsec site-
“First Test, First Pass” – www.lead2pass.com 25 Cisco 642-648 Exam
to-site VPN using the Cisco ASDM? (Choose four.)
A. encryption algorithm
B. hash algorithm
C. authentication method
D. IP address of remote IPsec peer
E. D-H group
F. perfect forward secrecy

Correct Answer: ABCE Section: (none) Explanation
QUESTION 67
Refer to the exhibit. As the administrator of a Cisco ASA security appliance for remote-access IPsec VPNs,
you are assisting a user who has a digital certificate that is configured for the Cisco VPN Client.
Based on the exhibit, what do you do to find the MD5 thumbprint of the “level_2” certificate?
A. Choose the certificate, then click Status > Certificates from the menu bar.
B. Choose the certificate, then click the View button.
C. Choose the certificate, then click Options > Properties from the menu bar.
D. Choose the certificate, then click the Verify button.

Correct Answer: B Section: (none) Explanation
QUESTION 68
Which two statements about the Cisco ASA cluster load-balancing feature are correct? (Choose two.)
A. The Cisco ASA load-balances both site-to-site and remote-access VPN tunnels.
B. The Cisco ASA load-balances remote-access VPN tunnels only.
C. The Cisco ASA load-balances IPsec VPN tunnels only.
D. The Cisco ASA load-balances IPsec VPN and Cisco AnyConnect SSL VPN tunnels only.
E. The Cisco ASA load-balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels. “First Test, First Pass” – www.lead2pass.com 26 Cisco 642-648 Exam

Correct Answer: BE Section: (none) Explanation
QUESTION 69
Refer to the exhibit. When you are testing SSL VPN in a non-production environment, certain variables in the Cisco ASDM session details can be viewed or changed under Configuration > AnyConnect Connection
Profiles.
Which parameter can be viewed or changed in the AnyConnect Connection Profiles?
A. Assigned IP address 10.0.1.50
B. Client TypE. SSL VPN Client
C. Authentication ModE. Certificate and User Password
D. Client Ver: Cisco AnyConnect VPN Agent for Windows

Correct Answer: C Section: (none) Explanation
QUESTION 70
A Cisco AnyConnect user profile can be pushed to the PC of a remote user from a Cisco ASA. Which three user profile parameters are configurable? (Choose three.)
A. Backup Server list
B. DTLS Override
C. Auto Reconnect D. Simultaneous Tunnels
E. Connection Profile Lock “First Test, First Pass” – www.lead2pass.com 27 Cisco 642-648 Exam
F. Auto Update

Correct Answer: ACF Section: (none) Explanation
QUESTION 71
Lab

“First Test, First Pass” – www.lead2pass.com 28 Cisco 642-648 Exam

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Here is the solution step by step below:
ip local pool contractor 10.1.4.50-10.1.4.70 mask 255.255.255.0 group-policy contractor internal group-policy contractor attributes vpn-tunnel-protocol ssl-clientless ssl-client banner value Welcome Contractors exit tunnel-group contractor type remote-access tunnel-group contractor general-attributes default-group-policy Contractors address-pool contractor tunnel-group contractors webvpn-attributes group-alias contractor enable group-url https://192.168.4.2/Contractor enable username contractor1 password cisco privilege 2 username contractor1 attributes service-type remote-access vpn-group-policy contractors exit
QUESTION 72
Drag and Drop Question.

“First Test, First Pass” – www.lead2pass.com 29 Cisco 642-648 Exam
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

QUESTION 73
Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates
for authentication.
Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?
A. FTP
B. LDAP
C. HTTPS
D. SCEP
E. OCSP

Correct Answer: D Section: (none) Explanation
QUESTION 74
Which statement is correct concerning the trusted network detection (TND) feature?
“First Test, First Pass” – www.lead2pass.com 30 Cisco 642-648 Exam
A. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms.
B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network.
C. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client.
D. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session.

Correct Answer: D Section: (none) Explanation
QUESTION 75
When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use?
A. Configure the Cisco ASA appliance for split tunneling.
B. Configure network access exceptions in the SSL VPN customization editor.
C. Configure the Cisco ASA appliance to disable content rewriting.
D. Configure the Cisco ASA appliance to enable URL Entry bypass.
E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function.

Correct Answer: C Section: (none) Explanation
QUESTION 76
Refer to the exhibit. The “level_2” digital certificate was installed on a laptop. What can cause an “invaliD. not active” status message?

A. On first use, a CA server-supplied passphrase is entered to validate the certificate.
B. A “newly installed” digital certificate does not become active until it is validated by the peer device upon its first usage.
C. The user has not clicked the Verify button within the Cisco VPN Client.
D. The CA server and laptop PC clocks are out of sync. “First Test, First Pass” – www.lead2pass.com 31 Cisco 642-648 Exam

Correct Answer: D Section: (none) Explanation
QUESTION 77
Refer to the exhibit. A NOC engineer is in the process of entering information into the Create New VPN
Connection Entry fields.
Which statement correctly describes how to do this?
A. In the Connection Entry field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.
B. In the Host field, enter the IP address of the remote client device.
C. In the Authentication tab, click the Group Authentication or Mutual Group Authentication radio button to enable symmetrical pre-shared key authentication.
D. In the Name field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.

Correct Answer: D Section: (none) Explanation
QUESTION 78
An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do?
“First Test, First Pass” – www.lead2pass.com 32 Cisco 642-648 Exam
A. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.
B. Enable the local LAN access option on the IPsec client.
C. Enable the IPsec over TCP option on the IPsec client.
D. Enable the clientless SSL VPN option on the PC.

Correct Answer: C Section: (none) Explanation QUESTION 79
Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct?

A. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.
B. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2.
C. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.
D. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.
E. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets.

Correct Answer: B Section: (none) Explanation
QUESTION 80
Refer to the exhibit. While configuring a site-to-site VPN tunnel, a new NOC engineer encounters the
Reverse Route Injection parameter.
Assuming that static routes are redistributed by the Cisco ASA to the IGP, what effect does enabling
Reverse Route Injection on the local Cisco ASA have on a configuration?

“First Test, First Pass” – www.lead2pass.com 33
Cisco 642-648 Exam
A. The local Cisco ASA advertises its default routes to the distant end of the site-to-site VPN tunnel.
B. The local Cisco ASA advertises routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
C. The local Cisco ASA advertises routes that are at the distant end of the site-to-site VPN tunnel.
D. The local Cisco ASA advertises routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.

Correct Answer: C Section: (none) Explanation
QUESTION 81
Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes?
“First Test, First Pass” – www.lead2pass.com 34 Cisco 642-648 Exam

A. “engineering” Group Policy
B. “contractor” Connection Profile
C. “engineer1” AAA/Local Users
D. DfltGrpPolicy Group Policy

Correct Answer: B Section: (none) Explanation

Together with FLYDUMPS Cisco 642-648 exam sample questions, you may successfully pass quality inside initially look at. You’ll be able to get a hold of free of charge Cisco 642-648 certification books demo through yourself from web site immediately. Cisco 642-648 exam sample questions queries excellent and usablity individuals perform review prior to deciding to buy the idea. Cisco 642-648 exam sample questions is among the greatest qualification by CIW thus your competitors are actually difficult. FLYDUMPS gives you respond to. Growing Cisco 642-648 Other Certification review is difficult.Cisco 642-648 Other Certification good results are only able to become guaranteed by using proper training.

Welcome to download the newest Dumpsoon 642-883 VCE dumps: http://www.dumpsoon.com/642-883.html

SAP C-TADM51-70 Dumps, Sale Best SAP C-TADM51-70 Practice Test Sale

Cisco 642-066 Exam, Most Accurate Cisco 642-066 Dump With New Discount

Welcome to download the newest Dumpsoon OG0-093 VCE dumps:

Looking for Cisco 642-066 Certification Exam materials? Do you have unsolved questions? With so many online resources offering Cisco 642-618 test questions, it can be difficult to select the Cisco 642-618 Exam practice test that is best for you. With every purchase of our Cisco 642-618 exam sample questions, you will receive the Cisco 642-618 questions and answers. Flydumps is right here to help you do that. Flydumps provides you best quality Cisco 642-618 exam sample questions, Cisco 642-618 practice test, Cisco 642-618 tutorials and other related information to help you pass the Cisco 642-618 and be a Adobe Certified Specialist.

QUESTION 91
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)
A. SNMPv3 Local EngineID
B. SNMPv3 Remote EngineID
C. SNMP Users
D. SNMP Groups
E. SNMP Community Strings
F. SNMP Hosts

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 93
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Which two CLI commands result from this configuration? (Choose two.)

A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference: QUESTION 96
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.

Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected
10.10.10.10 web server.
3.
The security appliance should drop all requests that contain basic SQL injection attempts (the string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing thereferences to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 98

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Systems Execution SpaceUsed to define the context name, location of the context startup configuration and interface allocation Admin ContextUsed by the Cisco ASA appliance to access the required network resources Customer contextUsed to support virtual firewall with its own configuration
QUESTION 99

Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 100

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference: Explanation:
Interface access-list entries Global access-list entries Implicit deny ip any any interface access-list rule entry
QUESTION 101

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)
1 (exhibit):

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside destinations to be translated with dynamic port address transmission using the outside interface IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA when accessing it via ASDM

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 102

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?
1 (exhibit):

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. DNS snooping
B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
C. Periodic download of the dynamic botnet database from Cisco.
D. DNS inspection in the global policy.
E. Manual botnet black and white lists.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 103

Case Study Title (Case Study): Instructions
This item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens.

Scenario
Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks:
1.
Enable HTTP inspection globally on the Cisco ASA

2.
Create a new HTTP inspect Map named: http-inspect-map to:
a.
Enable the dropping of any HTTP connections that encounter HTTP protocol violations

b.
Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional.
After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are fully functional.

2-a (exhibit): 2-b (exhibit):
2-c (exhibit): 2-d (exhibit):
A.
Correct Answer: A
Section: (none) Explanation
Explanation/Reference:
Answer: Here are the step by step Solution for this:
Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name “httpinspect-map”>>click on detail>>
a.
select “check for protocol violations”

b.
Action: Drop connection

c.
Log: Enable

d.
Click on Inspection: Click Add

e.
Select Single Match>>Match type: No Match

f.
Criterion: response header field

g.
Field: Predefined: Content type

h.
value: Content type

i.
Action: Drop connection

j.
Log: Enable

h.
ok>>>ok>>>Apply Through achieve this command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection log policy-map type inspect http http-inspect-map match not response header content-type application/msword drop-connection log

FLYDUMPS Cisco 642-618 exam sample questions presents to you the most tried and tested strategies. At FLYDUMPS Cisco 642-618 exam sample questions for exam page we have all the information which will increase your vision about solving the real on line problems. The basic aim of FLYDUMPS team is passing Cisco 642-618 exam on your first try. The best way to do this is to buy FLYDUMPS Cisco 642-618 exam sample questions. There are many sites which provide information on HP Cisco 642-618 exam and provide you study materials like Cisco 642-618 exam sample questions. To make a good preparation for Cisco 642-618 highly professional exam you must have a complete knowledge and for that you must use an authentic source.

Welcome to download the newest Dumpsoon OG0-093 VCE dumps: http://www.dumpsoon.com/OG0-093.html

ASQ CSSBB Preparation Materials, Provides Best ASQ CSSBB Test Engine With 100% Pass Rate

Cisco 642-618 VCE Files, Most Important Cisco 642-618 Study Guide Covers All Key Points

Welcome to download the newest Dumpsoon VCAN610 VCE dumps:

Top IT industry experts and professionals make sure that the students get thoroughly researched 100% authentic answers. Flydumps Cisco 642-618 exam sample questions includes Cisco 642-618 exam questions answers and online Cisco 642-618 is extremely important for the real Cisco 642-618 certification. Flydumps simulator exam containing 90 questions is designed in a way that could help you pass the exam with no other books or helping materials and more effective. With our Cisco 642-618 exam sample questions you will feel on top of the illusive Cisco 642-618 exam.

QUESTION 25
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map
Correct Answer: D Section: (none) Explanation Explanation/Reference:

QUESTION 26
Which configuration step (if any) is necessary to enable FTP inspection on TCP port 2121?
A. None. FTP inspection is enabled by default using the global policy.
B. Create a new class map to match TCP port 2121, then edit the global policy to inspect FTP for traffic matched by the new class map.
C. Edit default-inspection-traffic to match FTP on port 2121.
D. Add a new traffic class using the match protocol FTP option within the inspect_default class map.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 27
When the Cisco ASA appliance is processing packets, which action is performed first?
A. Check if the packet is permitted or denied by the inbound interface ACL.
B. Check if the packet is permitted or denied by the outbound interface ACL.
C. Check if the packet is permitted or denied by the global ACL.
D. Check if the packet matches an existing connection in the connection table.
E. Check if the packet matches an inspection policy.
F. Check if the packet matches a NAT rule.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which Cisco ASA (8.4.1 and later) CLI command is the best command to use for troubleshooting SSH connectivity from the Cisco ASA appliance to the outside 192.168.1.1 server?
A. telnet 192.168.1.1 22
B. ssh -l username 192.168.1.1
C. traceroute 192.168.1.1 22
D. ping tcp 192.168.1.1 22
E. packet-tracer input inside tcp 10.0.1.1 2043 192.168.4.1 ssh
Correct Answer: D Section: (none) Explanation Explanation/Reference:

QUESTION 29
Refer to the exhibit.

Which reason explains why the Cisco ASA appliance cannot establish an authenticated NTP session to the inside 192.168.1.1 NTP server?
A. The ntp server 192.168.1.1 command is incomplete.
B. The ntp source inside command is missing.
C. The ntp access-group peer command and the ACL to permit 192.168.1.1 are missing.
D. The trusted-key number should be 1 not 2.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 30
On which type of encrypted traffic can a Cisco ASA appliance running software version
8.4.1
perform application inspection and control?

A. IPsec
B. SSL
C. IPsec or SSL
D. Cisco Unified Communications
E. Secure FTP
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Exam D

QUESTION 1
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit.

Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)
A. enables role based privilege levels to most Cisco ASA commands
B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
C. enables command authorization with a remote TACACS+ server
D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)
A. With active/active failover, failover link troubleshooting should be done in the system execution space.
B. With active/active failover, ASR groups must be enabled.
C. With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.
D. The failed interface threshold is set to 1. Using the show monitor-interfacecommand, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur
E. Syslog level 1 messages will be generated on the standby unit only if the logging standbycommand is used.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 6
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A. Verify the interface status in the system execution space.
B. Verify the mac-address-table on the Cisco ASA
C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
D. Verify the interface status in the user context.
E. Verify the resource classes configuration by accessing the admin context.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit.

On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)
A. nat (inside) 1 10.1.1.10 global (outside) 1 192.168.1.1
B. nat (outside) 1 192.168.1.1
global (inside 1 10.1.1.10
C. static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80
E. object network 192.168.1.1 nat (inside,outside) static 10.1.1.10
F. object network 10.1.1.10 nat (inside,outside) static 192.168.1.1
G. access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http access-group outside_access_in in interface outside
H. access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http access-group outside_access_in in interface outside
Correct Answer: FG Section: (none) Explanation
Explanation/Reference:
QUESTION 8
On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set connection command within a policy map? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)
A. HTTP
B. ESMTP
C. SKINNY
D. ICMP
E. TFTP
F. SIP
Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which two statements about traffic shaping capability on the Cisco ASA appliance are
true?
(Choose two.)

A. Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure traffic shaping and priority queuing on the same interface.
E. With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit.

Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)
A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 12
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section
(s) of the
NAT table.

C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 13
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which four unicast or multicast routing protocols are supported by the Cisco ASA
appliance?
(Choose four.)

A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode
Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 16
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are
supported?
(Choose three.)

A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which two options show the required Cisco ASA command(s) to allow this scenario?
(Choose
two.)

An inside client on the 10.0.0.0/8 network connects to an outside server on the
172.16.0.0/16
network using TCP and the server port of 2001. The inside client negotiates a client port
in the
range between UDP ports 5000 to 5500. The outside server then can start sending UDP
data to
the inside client on the negotiated port within the specified UDP port range.

A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit from udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500
Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which three actions can be applied to a traffic class within a type inspect policy map?
(Choose
three.)

A. drop
B. priority
C. log
D. pass
E. inspect
F. reset
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 20
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports H. 8 standby ports
Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 24
In which two directions are the Cisco ASA modular policy framework inspection policies
applied?
(Choose two.)

A. in the ingress direction only when applied globally
B. in the ingress direction only when applied on an interface
C. in the egress direction only when applied globally
D. in the egress direction only when applied on an interface
E. bi-directionally when applied globally
F. bi-directionally when applied on an interface
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA?
(Choose
three.)

A. SNMPv3 Local EngineID
B. SNMPv3 Remote EngineID C. SNMP Users
D. SNMP Groups
E. SNMP Community Strings
F. SNMP Hosts
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 26
A customer is ordering a number of Cisco ASAs for their network. For the remote or
home office,
they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco
ASAs, which
two licenses must they order that are “platform specific” to the Cisco ASA 5505?
(Choose two.)

A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit.

Which two statements are true? (Choose two.)
A. The connection is awaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.
Correct Answer: BC Section: (none) Explanation Explanation/Reference:

QUESTION 28
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Refer to the exhibit.

Which two CLI commands result from this configuration? (Choose two.)
A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA
appliance?
(Choose two.)

A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: QUESTION 32
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.

Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected

3.
The security appliance should drop all requests that contain basic SQL injection attempts (the string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing thereferences to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.
Correct Answer: DE Section: (none) Explanation Explanation/Reference:
QUESTION 33

Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:

While your study aids will not be audio exams, your Cisco 642-618 exam sample questions will be the perfect Cisco 642-618 exam sample questions study materials to guarantee that you pass. Cisco 642-618 exam sample questions provide you with the experience of taking the actual test. Come to FLYDUMPS; choose your like to prepare your Cisco certification exams. FLYDUMPS  fully loaded Cisco 642-618 exam and Cisco test software are the absolute perfect and preferred way of get yourself ready for the Cisco exams by thousands of successful certified professionals across the world. Just about Cisco 642-618 exam sample questions are backed by our 100% pass guarantee. We guaranteed you will pass your Cisco 642-618 Exam on your first attempt. Get Cisco certified this week and download Apple certification with your computer today.

Welcome to download the newest Dumpsoon VCAN610 VCE dumps: http://www.dumpsoon.com/VCAN610.html

Software Certifications CSQA Questions, Helpful Software Certifications CSQA Exam Guide With New Discount

Cisco 642-627 Dump, Up To Date Cisco 642-627 Dumps PDF Sale

Good News!who Want to get Cisco 642-627 Certified? We know that the Cisco 642-627 certification exam is challenging, but with the new version Cisco 642-627 exam dumps, you will pass the exam easily and quickly.Free download the VCE and PDF files on Flydumps.com

QUESTION 50
W hat is a best practice to follow before tuning a Cisco IPS signature?
A. Disable all the alert actions on the signature to be tuned.
B . Disable the signature to be tuned.
B. Create a clone of the signature to be tuned.
C. Increase the number of events requ ired to trigger the signature to be tuned.
D. Decrease the attention span (maximum inter- event interval) of the signature to be tuned
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 51
W hich three statements about the Cisco IntelliShield Alert Manager are true? (Choose three.)
A. Alert information is analyzed and validated by Cisco security analysts.
B . Alert analysis is vendor-neutral.
B. The built-in workflow system provides a mechanism for tracking vulnera bility remediation and integration with Cisco Security Manager and Cisco Security MARS.
C. Users can customize the notification to deliver tailored information relevant to the needs o f the organization
D. Customers are automatically subscribed to use Cisco SecurityIntelliShield Alert Manager Service with the C isco IPS license.
E. More than 10 report types are available within the Cisco SecurityIntelliShield Alert Manage r Service.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 52
W hich two configurations are required on the Cisco IPS appliance to allow Cisco Security Manager to lo g into the Cisco IPS appliance? (Choose two.)
A. Enable SNMPv2.
B . Enable SSH access.
allow HTTPS access.

B. Enable TLS/SSL to
C. Enable NTP.
D. Enable Telnet access.
E. Enable the IP addre ss of the Cisco Security Manager server as an allowed host.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
H OTSPOT
Build Your Dreams PassGuide 642-627

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Build Your Dreams PassGuide 642-627
HOTSPOT
Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627

Build Your Dreams
PassGuide 642-627
A. Build Your Dreams PassGuide 642-627
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
HOTSPOT

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 56
HOTSPOT
Build Your Dreams PassGuide 642-627

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627

Build Your Dreams
PassGuide 642-627
A. Build Your Dreams PassGuide 642-627
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
HOTSPOT

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
HOTSPOT
Build Your Dreams PassGuide 642-627

Build Your Dreams
PassGuide 642-627
Build Your Dreams
PassGuide 642-627

Build Your Dreams
PassGuide 642-627
A. Build Your Dreams PassGuide 642-627
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which four statements about the blocking capabilities of the Cisco IPS appliance are true? (Choose four.)
A. The three types of blocks are: host, connection, and network.
B. Host and connection blocks can be initiated manually or automatically when a signature is triggered.
C. Network blocks can only be initiated manually.
D. The Device Login Profiles pane is used to configure the profiles that the network devices use when logging into the Cisco IPS appliance
E. Multiple Cisco IPS appliances can forward their blocking requests to the master blocking sensor.
F. Pre-Block and Post-Block ACLs are applicable for blocking or rate limiting.

Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value?
A. TVR
B. SFR
C. ARR
D. PD
E. ASR

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-627
QUESTION 61
Which signature engine is recommended for creating a custom signature for packet header matching?
A. MULTI-STRING
B. FLOOD.HOST
C. ATOMIC.IP
D. SERVICE
E. SWEEP
F. META

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.)
A. scanner threshold
B. packet per second rate limit
C. anomaly detection mode
D. histogram
E. total bytes transferred

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which four features are supported on the Cisco ASA AIP-SSM but are not supported on the Cisco ASA AIP-SSC? (Choose four.)
A. multiple virtual sensors
B. anomaly detection
C. promiscuous mode
D. custom signatures
E. fail open
F. global correlation

Correct Answer: ABDF Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which Cisco IPS appliance TCP session tracking mode should be used if packets of the same session are coming to the sensor over different interfaces, but should be treated as a single session?
Build Your Dreams PassGuide 642-627
A. interface and VLAN
B. virtual sensor
C. VLAN only
D. promiscuous
E. normalizer

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which two Cisco IPS appliance features are implemented using input data from the Cisco SensorBase? (Choose two.)
A. global correlation
B. anomaly detection
C. reputation filters
D. botnet traffic filters
E. OS fingerprinting
F. threat detection

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which four configuration elements can the virtual sensor of an Cisco IPS appliance have? (Choose four.)
A. interfaces or VLAN pairs
B. IPS reputation filters
C. signature set definition
D. global correlation rules
E. event action rules (filters and overrides)
F. anomaly detection policy

Correct Answer: ACEF Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which value is not used by the Cisco IPS appliance in the risk rating calculation?
A. attack severity rating
B. target value rating
C. signature fidelity rating
D. promiscuous delta E. threat rating adjustment
F. watch list rating Build Your Dreams PassGuide 642-627

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Refer to the exhibit.

Which General settings under the Event Action Rule affect the risk rating calculations?
A. Use Summarizer
B. Use Meta Event Generator
C. Use Threat Rating Adjustment
D. Use Event Action Filters
E. Enable One Way TCP Reset

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
In a centralized Cisco IPS appliance deployment, it may not be possible to connect an IPS appliance to every switch or segment in the network. So, an IPS appliance can be deployed to inspect traffic on ports that are located on multiple remote network switches. In this case, which two configurations required? (Choose two.)
A. IPS promiscuous mode operations
B. in-line IPS operations
C. RSPAN
D. SPAN
E. HSRP
F. SLB

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which three actions does the Cisco IDM custom signature wizard provide? (Choose three.)
Build Your Dreams PassGuide 642-627
A. selecting the signature engine to use or not to use any signature engine
B. selecting the Layer 3 or Layer 4 protocol that the sensor will use to match malicious traffic
C. selecting the attack relevancy rating
D. selecting the signature threat rating
E. selecting the scope of matching (for example, single packet)

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 71
You want your inline Cisco IPS appliance to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two parameters should you set to protect your DMZ servers in the most-time-efficient manner? (Choose two.)
A. event action filter
B. reputation filter
C. target value rating
D. signature fidelity rating
E. global correlation
F. event action override

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which Cisco IPS appliance feature is best used to detect these two conditions? 1) The network starts becoming congested by worm traffic. 2) A single worm-infected source enters the network and starts scanning for other vulnerable hosts.
A. global correlation
B. anomaly detection
C. reputation filtering
D. custom signature
E. meta signature
F. threat detection
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 73
What will happen if you try to recover the password on the Cisco IPS 4200 Series appliance on which password recovery is disabled?
A. The GRUB menu will be disabled.
B. The ROM monitor command to reset the password will be disabled.
C. The password recovery process will proceed with no errors or warnings; however, the Build Your Dreams PassGuide 642-627 password is not reset.
D. The Cisco IPS appliance will reboot immediately.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which four networking tools does Cisco IME include that can be invoked for specific events, to learn more about attackers and victims using basic network reconnaissance? (Choose four.)
A. ping
B. traceroute
C. packet tracer
D. nslookup
E. whois
F. nmap

Correct Answer: ABDE Section: (none) Explanation
Explanation/Reference:
Build Your Dreams

PDF format– Printable version, print Cisco 642-627 exam dumps out and study anywhere.Software format– Simulation version, test yourself like Cisco 642-627 exam real test.Credit Guarantee– Flydumps never sell the useless Cisco 642-627 exam dumps out.You will receive our Cisco 642-627 exam dumps in time and get CCIE Certified easily.

Cisco 640-554 Study Guide Book, Most Popular Cisco 640-554 Prep Guide Are The Best Materials

100% Pass Guarantee You can download free Cisco 640-554 exam dumps with all new added questions and answers from Flydumps.com.With our Cisco 640-554 exam questions and answers in hand,a lot candidates pass the Cisco 640-554 exam at their first time. We make our promise that Flydumps is your best choice.

QUESTION 46
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?
A. to enable split tunneling when using clientless SSL VPN access
B. to enable users to login to a web portal to download and launch the AnyConnect client
C. to enable smart tunnel access for applications that are not web-based
D. to optimize the SSL VPN connections using DTLS
E. to enable single-sign-on so the SSL VPN users need only log in once

Correct Answer: B
QUESTION 47
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?
A. The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using the sender’s public key.
B. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the sender’s private key.
C. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the receiver’s public key.
D. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the receiver’s public key.
E. The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using the receiver’s private key.
F.     The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the sender’s public key.

Correct Answer: E
QUESTION 48
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)
A. SSL clientless remote-access VPNs
B. SSL full-tunnel client remote-access VPNs
C. SSL site-to-site VPNs
D. IPsec site-to-site VPNs
E. IPsec client remote-access VPNs
F. IPsec clientless remote-access VPNs

Correct Answer: ABDE
QUESTION 49
Which description of the Diffie-Hellman protocol is true?
A. It uses symmetrical encryption to provide data confidentiality over an unsecured communications channel.
B. It uses asymmetrical encryption to provide authentication over an unsecured communications channel.
C. It is used within the IKE Phase 1 exchange to provide peer authentication.
D. It provides a way for two peers to establish a shared-secret key, which only they will know, even though they are communicating over an unsecured channel.
E. It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of the message of the IKE exchanges.

Correct Answer: D
QUESTION 50
Which IPsec transform set provides the strongest protection?
A. crypto ipsec transform-set 1 esp-3des esp-sha-hmac
B. crypto ipsec transform-set 2 esp-3des esp-md5-hmac
C. crypto ipsec transform-set 3 esp-aes 256 esp-sha-hmac
D. crypto ipsec transform-set 4 esp-aes esp-md5-hmac
E. crypto ipsec transform-set 5 esp-des esp-sha-hmac
F. crypto ipsec transform-set 6 esp-des esp-md5-hmac

Correct Answer: C
QUESTION 51
Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)
A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement
B. has two modes of operation: interactive and non-interactive
C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router
D. uses interactive dialogs and prompts to implement role-based CLI
E. requires users to first identify which router interfaces connect to the inside network and which connect to the outside network

Correct Answer: AE
QUESTION 52
Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?
A. The show version command does not show the Cisco IOS image file location.
B. The Cisco IOS image file is not visible in the output from the show flash command.
C. When the router boots up, the Cisco IOS image is loaded from a secured FTP location.
D. The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
E. The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.

Correct Answer: B
QUESTION 53
Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router?
A. aaa accounting network start-stop tacacs+
B. aaa accounting system start-stop tacacs+
C. aaa accounting exec start-stop tacacs+
D. aaa accounting connection start-stop tacacs+
E. aaa accounting commands 15 start-stop tacacs+

Correct Answer: C
QUESTION 54
Which access list permits HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp any eq 3030
B. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E. access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F. access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80

Correct Answer: B
QUESTION 55
Which location is recommended for extended or extended named ACLs?
A. an intermediate location to filter as much traffic as possible
B. a location as close to the destination traffic as possible
C. when using the established keyword, a location close to the destination point to ensure that return traffic is allowed
D. a location as close to the source traffic as possible
Correct Answer: D
QUESTION 56
Which statement about asymmetric encryption algorithms is true?
A. They use the same key for encryption and decryption of data.
B. They use the same key for decryption but different keys for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use different keys for decryption but the same key for encryption of data.
Correct Answer: C
QUESTION 57
Which option can be used to authenticate the IPsec peers during IKE Phase 1?
A. Diffie-Hellman Nonce
B. pre-shared key
C. XAUTH
D. integrity check value
E. ACS
F. AH

Correct Answer: B
QUESTION 58
Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?
A. permit 172.16.80.0 0.0.3.255
B. permit 172.16.80.0 0.0.7.255
C. permit 172.16.80.0 0.0.248.255
D. permit 176.16.80.0 255.255.252.0
E. permit 172.16.80.0 255.255.248.0
F. permit 172.16.80.0 255.255.240.0

Correct Answer: B
QUESTION 59
You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key.
Which four configurations are required (with no defaults)? (Choose four.)
A. the interface for the VPN connection
B. the VPN peer IP address
C. the IPsec transform-set
D. the IKE policy
E. the interesting traffic (the traffic to be protected)
F. the pre-shared key
Correct Answer: ABEF
QUESTION 60
Which two options represent a threat to the physical installation of an enterprise network? (Choose two.)
A. surveillance camera
B. security guards
C. electrical power
D. computer room access
E. change control
Correct Answer: CD
QUESTION 61
Which option represents a step that should be taken when a security policy is developed?
A. Perform penetration testing.
B. Determine device risk scores.
C. Implement a security monitoring system.
D. Perform quantitative risk analysis.
Correct Answer: D QUESTION 62
Which type of network masking is used when Cisco IOS access control lists are configured?
A. extended subnet masking
B. standard subnet masking
C. priority masking
D. wildcard masking

Correct Answer: D
QUESTION 63
How are Cisco IOS access control lists processed?
A. Standard ACLs are processed first.
B. The best match ACL is matched first.
C. Permit ACL entries are matched first before the deny ACL entries.
D. ACLs are matched from top down.
E. The global ACL is matched first before the interface ACL.

Correct Answer: D
QUESTION 64
Which type of management reporting is defined by separating management traffic from production traffic?
A. IPsec encrypted
B. in-band
C. out-of-band
D. SSH

Correct Answer: C
QUESTION 65
Which syslog level is associated with LOG_WARNING?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
Correct Answer: D

Flydumps is ready to provide Cisco 640-554 candidates with Cisco 640-554 training materials which can be very much helpful for getting Cisco 640-554 certification, which means that candidates.Cisco 640-554 can easily get access to the services of Cisco 640-554 for practice exam, which will assure them 100% Cisco 640-554 success rate.Though Cisco 640-554 tests are not easy at all,but they do not make Cisco 640-554 things complicated.

Cisco 642-648 Cert, Latest Release Cisco 642-648 Exam Guide Latest Version PDF&VCE

100% valid Cisco 642-648 Flydumps with more new added questions.By training the Cisco 642-648 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass Cisco 642-648 ensure!

QUESTION 41
In which three ways can a Cisco ASA security appliance obtain a certificate revocation list? (Choose three.)
A. FTP
B. SCEP
C. TFTP
D. HTTP
E. LDAP
F. SCP

Correct Answer: BDE Section: (none) Explanation
QUESTION 42
An IT manager and a Security manager are discussing the deployment options for clientless SSL VPN. They are trying to decide which groups are best suited for this new deployment option. Which two groups are the best candidates for the clientless SSL VPN rollout? (Choose two.)
A. an IT administrator who needs to manage servers from a corporate laptop
B. employees who need occasional access to check their email accounts
C. a vendor who needs access to confidential corporate presentations via Secure FTP
D. customers who need interactive access to the corporate invoice server

Correct Answer: BC Section: (none) Explanation
QUESTION 43
Your corporation has contractors that need remote access to server desktops, in order to diagnose issues and load software during nonbusiness hours. Which three clientless SSL VPN configurations allow these contractors to access the desktops of remote servers? (Choose three.)
A. XWindows bookmark by using the XWindows plug-in
B. RDP bookmark by using the RDP plug-in
C. SCP bookmark by using SCP plug-in “First Test, First Pass” – www.lead2pass.com 19 Cisco 642-648 Exam
D. VNC bookmark by using the VNC plug-in
E. SSH bookmark by using the SSH plug-in
F. Citrix plug-in by using the Citrix plug-in

Correct Answer: BDF Section: (none) Explanation
QUESTION 44
Which three Host Scan checks on a remote endpoint can you configure Cisco Secure Desktop to perform? (Choose three.)
A. registry checks
B. user rights checks
C. group policy objects checks
D. file checks
E. virus software checks
F. process checks

Correct Answer: ADF Section: (none) Explanation
QUESTION 45
Which three statements about clientless SSL VPN are true? (Choose three.)
A. Users are not tied to a particular PC or workstation.
B. Users have full application access to internal corporate resources.
C. Minimal IT support is required.
D. Cisco AnyConnect SSL VPN software is automatically downloaded to the remote user at the start of the clientless session.
E. For security reasons, browser cookies are disabled for clientless SSL VPN sessions.
F. Clientless SSL VPN requires an SSL-enabled web browser.

Correct Answer: ACF Section: (none) Explanation
QUESTION 46
A remote user who establishes a clientless SSL VPN session is presented with a web page. The administrator has the option to customize the “look and feel” of the page. What are three components of the VPN Customization Editor? (Choose three.)
A. Application page
B. Logon page
C. Networking page
D. Logout page
E. Home page
F. Portal page

Correct Answer: BDF Section: (none) Explanation
QUESTION 47
When establishing a Cisco AnyConnect SSL VPN tunnel, a system administrator wants to restrict remote home office users to either print to their local printer or send the remaining traffic down the
“First Test, First Pass” – www.lead2pass.com 20 Cisco 642-648 Exam
Cisco AnyConnect SSL VPN tunnel (with restricted Internet access). Choose both a tunnel policy option and an ACL type to accomplish this design goal. (Choose two.)
A. tunnel all networks
B. tunnel network list below
C. exclude network list from the tunnel
D. standard ACL
E. web ACL
F. extended ACL

Correct Answer: CD Section: (none) Explanation
QUESTION 48
The LAN-to-LAN tunnel is not established, but an administrator can ping the remote Cisco ASA. Which three IPsec LAN-to-LAN configuration parameters should the administrator verify at both ends of the tunnel? (Choose three.)
A. pre-shared key
B. extended authentication password
C. extended authentication username
D. crypto ACL source IP address
E. crypto ACL destination IP address
F. tunnel connection-typE. originate or answer

Correct Answer: ADE Section: (none) Explanation QUESTION 49
Upon receiving a digital certificate, what are three steps that a Cisco ASA performs to authenticate the digital certificate? (Choose three.)
A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
B. The identity certificate thumbprint is validated using the private key of the stored CA.
C. The identity certificate signature is validated by using the stored root certificate.
D. The signature is validated by using the stored identity certificate.
E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.

Correct Answer: ACE Section: (none) Explanation
QUESTION 50
You are configuring bookmarks for the clientless SSL VPN portal without the use of plug-ins. Which three bookmark types are supported? (Choose three.)
A. RDP
B. HTTP
C. FTP
D. CIFS
E. SSH
F. Telnet “First Test, First Pass” – www.lead2pass.com 21 Cisco 642-648 Exam

Correct Answer: BCD Section: (none) Explanation
QUESTION 51
What are three methods for VPN address assignment? (Choose three.)
A. RADIUS authentication server
B. Kerberos server
C. internal address pool
D. RSA SecureID authentication server
E. LDAP server

Correct Answer: ACE Section: (none) Explanation
QUESTION 52
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues. Choose three characteristics of DTLS. (Choose three.)
A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.

Correct Answer: ABE Section: (none) Explanation
QUESTION 53
Which three options are characteristics of WebType ACLs? (Choose three.)
A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.

Correct Answer: BDE Section: (none) Explanation
QUESTION 54
For clientless SSL VPN users, bookmarks can be assigned to their portal. What are three methods for assigning bookmarks? (Choose three.)
A. connection profiles
B. group policies
C. XML profiles
D. LDAP or RADIUS attributes
E. the portal customization tool
F. user policies “First Test, First Pass” – www.lead2pass.com 22 Cisco 642-648 Exam

Correct Answer: BDF Section: (none) Explanation
QUESTION 55
Your IT department needs to run a custom-built TCP application within the clientless SSL VPN tunnel. The network administrator suggests running the smart tunnel application. Which three statements concerning smart tunnel applications are true? (Choose three.)
A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.

Correct Answer: BDE Section: (none) Explanation
Cisco 642-648 Exam Certification Guide is part of a recommended study program from Cisco 642-648 that includes simulation and hands-on training from authorized Cisco 642-648 Learning Partners and self-study products from Cisco 642-648.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-648 Learning Partners worldwide

Cisco 642-618 Study Guides, The Best Cisco 642-618 Questions And Answers Online

Flydumps just published the newest Cisco 642-618 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Cisco 642-618 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Cisco 642-618 version VCE Player along with your VCE dumps.

QUESTION 61
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which command options represent the inside local address, inside global address, outside local address, and outside global address?

A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/
s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?

object network insidenatted range 10.1.2.10 10.1.2.20 object network insidenet range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 _______________?________________
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?
A. Configuration > Firewall > Service Policy Rules
B. Configuration > Firewall > Advanced > IP Audit > IP Audit Policy
C. Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures
D. Configuration > Firewall > Advanced > TCP options
E. Configuration > Firewall > Objects > TCP Maps
F. Configuration > Firewall > Objects > Inspect Maps

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which two configurations are required on the Cisco ASAs so that the return traffic from the
10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)

A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which two statements about the class maps are true? (Choose two.)

A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within the inspection_default class map for matching the default inspection traffic.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based secure syslog server

Correct Answer: BCDFG Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)

A. enables role based privilege levels to most Cisco ASA commands
B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
C. enables command authorization with a remote TACACS+ server
D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)
A. With active/active failover, failover link troubleshooting should be done in the system execution space.
B. With active/active failover, ASR groups must be enabled.
C. With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.
D. The failed interface threshold is set to 1. Using the show monitor-interfacecommand, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur.
E. Syslog level 1 messages will be generated on the standby unit only if the logging standbycommand is used.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 76
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A. Verify the interface status in the system execution space.
B. Verify the mac-address-table on the Cisco ASA.
C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
D. Verify the interface status in the user context.
E. Verify the resource classes configuration by accessing the admin context.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 77
On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set connection command within a policy map? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 78
On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)
A. HTTP
B. ESMTP
C. SKINNY
D. ICMP
E. TFTP
F. SIP

Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which two statements about traffic shaping capability on the Cisco ASA appliance are true? (Choose two.)
A. Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure traffic shaping and priority queuing on the same interface.
E. With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)

A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 81
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 82
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 84
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500

Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 87
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports
H. 8 standby ports

Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: QUESTION 89
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

CCNA Cisco 642-618 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from CCNA Cisco 642-618.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 642-618 to the text and laying out a complete study plan for review.CCNA Cisco 642-618 also includes a wealth of hands-on practice exercises and a copy of the CCNA Cisco 642-618 network simulation software that allows you to practice your CCNA Cisco 642-618 hands-on skills in a virtual lab environment.The CCNA Cisco 642-618 supporting website keeps you fully informed of any exam changes