Cisco 642-618 VCE Files, Most Important Cisco 642-618 Study Guide Covers All Key Points

Welcome to download the newest Dumpsoon VCAN610 VCE dumps:

Top IT industry experts and professionals make sure that the students get thoroughly researched 100% authentic answers. Flydumps Cisco 642-618 exam sample questions includes Cisco 642-618 exam questions answers and online Cisco 642-618 is extremely important for the real Cisco 642-618 certification. Flydumps simulator exam containing 90 questions is designed in a way that could help you pass the exam with no other books or helping materials and more effective. With our Cisco 642-618 exam sample questions you will feel on top of the illusive Cisco 642-618 exam.

QUESTION 25
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map
Correct Answer: D Section: (none) Explanation Explanation/Reference:

QUESTION 26
Which configuration step (if any) is necessary to enable FTP inspection on TCP port 2121?
A. None. FTP inspection is enabled by default using the global policy.
B. Create a new class map to match TCP port 2121, then edit the global policy to inspect FTP for traffic matched by the new class map.
C. Edit default-inspection-traffic to match FTP on port 2121.
D. Add a new traffic class using the match protocol FTP option within the inspect_default class map.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 27
When the Cisco ASA appliance is processing packets, which action is performed first?
A. Check if the packet is permitted or denied by the inbound interface ACL.
B. Check if the packet is permitted or denied by the outbound interface ACL.
C. Check if the packet is permitted or denied by the global ACL.
D. Check if the packet matches an existing connection in the connection table.
E. Check if the packet matches an inspection policy.
F. Check if the packet matches a NAT rule.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which Cisco ASA (8.4.1 and later) CLI command is the best command to use for troubleshooting SSH connectivity from the Cisco ASA appliance to the outside 192.168.1.1 server?
A. telnet 192.168.1.1 22
B. ssh -l username 192.168.1.1
C. traceroute 192.168.1.1 22
D. ping tcp 192.168.1.1 22
E. packet-tracer input inside tcp 10.0.1.1 2043 192.168.4.1 ssh
Correct Answer: D Section: (none) Explanation Explanation/Reference:

QUESTION 29
Refer to the exhibit.

Which reason explains why the Cisco ASA appliance cannot establish an authenticated NTP session to the inside 192.168.1.1 NTP server?
A. The ntp server 192.168.1.1 command is incomplete.
B. The ntp source inside command is missing.
C. The ntp access-group peer command and the ACL to permit 192.168.1.1 are missing.
D. The trusted-key number should be 1 not 2.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 30
On which type of encrypted traffic can a Cisco ASA appliance running software version
8.4.1
perform application inspection and control?

A. IPsec
B. SSL
C. IPsec or SSL
D. Cisco Unified Communications
E. Secure FTP
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Exam D

QUESTION 1
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit.

Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)
A. enables role based privilege levels to most Cisco ASA commands
B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
C. enables command authorization with a remote TACACS+ server
D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)
A. With active/active failover, failover link troubleshooting should be done in the system execution space.
B. With active/active failover, ASR groups must be enabled.
C. With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.
D. The failed interface threshold is set to 1. Using the show monitor-interfacecommand, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur
E. Syslog level 1 messages will be generated on the standby unit only if the logging standbycommand is used.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 6
When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A. Verify the interface status in the system execution space.
B. Verify the mac-address-table on the Cisco ASA
C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
D. Verify the interface status in the user context.
E. Verify the resource classes configuration by accessing the admin context.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit.

On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)
A. nat (inside) 1 10.1.1.10 global (outside) 1 192.168.1.1
B. nat (outside) 1 192.168.1.1
global (inside 1 10.1.1.10
C. static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80
E. object network 192.168.1.1 nat (inside,outside) static 10.1.1.10
F. object network 10.1.1.10 nat (inside,outside) static 192.168.1.1
G. access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http access-group outside_access_in in interface outside
H. access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http access-group outside_access_in in interface outside
Correct Answer: FG Section: (none) Explanation
Explanation/Reference:
QUESTION 8
On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set connection command within a policy map? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)
A. HTTP
B. ESMTP
C. SKINNY
D. ICMP
E. TFTP
F. SIP
Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which two statements about traffic shaping capability on the Cisco ASA appliance are
true?
(Choose two.)

A. Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure traffic shaping and priority queuing on the same interface.
E. With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit.

Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)
A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 12
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section
(s) of the
NAT table.

C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 13
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which four unicast or multicast routing protocols are supported by the Cisco ASA
appliance?
(Choose four.)

A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode
Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 16
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are
supported?
(Choose three.)

A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which two options show the required Cisco ASA command(s) to allow this scenario?
(Choose
two.)

An inside client on the 10.0.0.0/8 network connects to an outside server on the
172.16.0.0/16
network using TCP and the server port of 2001. The inside client negotiates a client port
in the
range between UDP ports 5000 to 5500. The outside server then can start sending UDP
data to
the inside client on the negotiated port within the specified UDP port range.

A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0
255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit from udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500
Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which three actions can be applied to a traffic class within a type inspect policy map?
(Choose
three.)

A. drop
B. priority
C. log
D. pass
E. inspect
F. reset
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 20
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports H. 8 standby ports
Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 24
In which two directions are the Cisco ASA modular policy framework inspection policies
applied?
(Choose two.)

A. in the ingress direction only when applied globally
B. in the ingress direction only when applied on an interface
C. in the egress direction only when applied globally
D. in the egress direction only when applied on an interface
E. bi-directionally when applied globally
F. bi-directionally when applied on an interface
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA?
(Choose
three.)

A. SNMPv3 Local EngineID
B. SNMPv3 Remote EngineID C. SNMP Users
D. SNMP Groups
E. SNMP Community Strings
F. SNMP Hosts
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 26
A customer is ordering a number of Cisco ASAs for their network. For the remote or
home office,
they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco
ASAs, which
two licenses must they order that are “platform specific” to the Cisco ASA 5505?
(Choose two.)

A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit.

Which two statements are true? (Choose two.)
A. The connection is awaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.
Correct Answer: BC Section: (none) Explanation Explanation/Reference:

QUESTION 28
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Refer to the exhibit.

Which two CLI commands result from this configuration? (Choose two.)
A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA
appliance?
(Choose two.)

A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: QUESTION 32
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.

Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected

3.
The security appliance should drop all requests that contain basic SQL injection attempts (the string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing thereferences to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.
Correct Answer: DE Section: (none) Explanation Explanation/Reference:
QUESTION 33

Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:

While your study aids will not be audio exams, your Cisco 642-618 exam sample questions will be the perfect Cisco 642-618 exam sample questions study materials to guarantee that you pass. Cisco 642-618 exam sample questions provide you with the experience of taking the actual test. Come to FLYDUMPS; choose your like to prepare your Cisco certification exams. FLYDUMPS  fully loaded Cisco 642-618 exam and Cisco test software are the absolute perfect and preferred way of get yourself ready for the Cisco exams by thousands of successful certified professionals across the world. Just about Cisco 642-618 exam sample questions are backed by our 100% pass guarantee. We guaranteed you will pass your Cisco 642-618 Exam on your first attempt. Get Cisco certified this week and download Apple certification with your computer today.

Welcome to download the newest Dumpsoon VCAN610 VCE dumps: http://www.dumpsoon.com/VCAN610.html

Software Certifications CSQA Questions, Helpful Software Certifications CSQA Exam Guide With New Discount