Cisco 642-618 Study Guides, The Best Cisco 642-618 Questions And Answers Online

Flydumps just published the newest Cisco 642-618 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Cisco 642-618 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Cisco 642-618 version VCE Player along with your VCE dumps.

QUESTION 61
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which command options represent the inside local address, inside global address, outside local address, and outside global address?

A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/
s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?

object network insidenatted range 10.1.2.10 10.1.2.20 object network insidenet range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 _______________?________________
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?
A. Configuration > Firewall > Service Policy Rules
B. Configuration > Firewall > Advanced > IP Audit > IP Audit Policy
C. Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures
D. Configuration > Firewall > Advanced > TCP options
E. Configuration > Firewall > Objects > TCP Maps
F. Configuration > Firewall > Objects > Inspect Maps

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which two configurations are required on the Cisco ASAs so that the return traffic from the
10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)

A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which two statements about the class maps are true? (Choose two.)

A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within the inspection_default class map for matching the default inspection traffic.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based secure syslog server

Correct Answer: BCDFG Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)

A. enables role based privilege levels to most Cisco ASA commands
B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
C. enables command authorization with a remote TACACS+ server
D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)
A. With active/active failover, failover link troubleshooting should be done in the system execution space.
B. With active/active failover, ASR groups must be enabled.
C. With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.
D. The failed interface threshold is set to 1. Using the show monitor-interfacecommand, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur.
E. Syslog level 1 messages will be generated on the standby unit only if the logging standbycommand is used.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 76
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A. Verify the interface status in the system execution space.
B. Verify the mac-address-table on the Cisco ASA.
C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
D. Verify the interface status in the user context.
E. Verify the resource classes configuration by accessing the admin context.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 77
On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set connection command within a policy map? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 78
On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)
A. HTTP
B. ESMTP
C. SKINNY
D. ICMP
E. TFTP
F. SIP

Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which two statements about traffic shaping capability on the Cisco ASA appliance are true? (Choose two.)
A. Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure traffic shaping and priority queuing on the same interface.
E. With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)

A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 81
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 82
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 84
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500

Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 87
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports
H. 8 standby ports

Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: QUESTION 89
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

CCNA Cisco 642-618 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from CCNA Cisco 642-618.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 642-618 to the text and laying out a complete study plan for review.CCNA Cisco 642-618 also includes a wealth of hands-on practice exercises and a copy of the CCNA Cisco 642-618 network simulation software that allows you to practice your CCNA Cisco 642-618 hands-on skills in a virtual lab environment.The CCNA Cisco 642-618 supporting website keeps you fully informed of any exam changes