There is No need to hassle if you are stuck in the Cisco 642-618 exam difficulties,Flydumps will assist you right through exam specific preparation material.Flydumps delivers the most comprehensive preparation material,covering each and every aspect of Cisco 642-618 exam curriculum.
QUESTION 80
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists
Correct Answer: B Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 81
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.
Correct Answer: E Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 82
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/
s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.
Correct Answer: E Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 83
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3
Correct Answer: D Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 84
Refer to the exhibit.
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration? object network insidenatted range 10.1.2.10 10.1.2.20 ! object network insidenet
range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 _______________?________________
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted interface
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted
Correct Answer: B Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 85
By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?
A. show policy-map global_policy
B. show policy-map inspection_default
C. show class-map inspection_default
D. show class-map default-inspection-traffic
E. show service-policy global
Correct Answer: E Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 86
Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?
A. Configuration > Firewall > Service Policy Rules
B. Configuration > Firewall > Advanced > IP Audit > IP Audit Policy
C. Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures
D. Configuration > Firewall > Advanced > TCP options
E. Configuration > Firewall > Objects > TCP Maps
F. Configuration > Firewall > Objects > Inspect Maps
Correct Answer: E Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 87
Refer to the exhibit.
Which two configurations are required on the Cisco ASAs so that the return traffic from the 10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active Ctx B context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)
A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication
Correct Answer: AC Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 88
Refer to the exhibit.
Which two statements about the class maps are true? (Choose two.)
A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within the inspection_default class map for matching the default inspection traffic.
Correct Answer: BC Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 89
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test
Correct Answer: ABE Section: Section9 (81-90) Explanation
Explanation/Reference:
Explanation:
QUESTION 90
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based secure syslog server
Correct Answer: BCDFG Section: Section9 (81-90) Explanation
Explanation/Reference:
Answer: B,C,D,F,G Explanation:
QUESTION 91
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate
Correct Answer: CEF Section: Section10 (91-100) Explanation
Explanation/Reference:
Explanation:
QUESTION 92
Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)
A. Each redundant interface can have up to four physical interfaces as its member.
B. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.
C. Interface duplex and speed configurations are configured under the redundant interface.
D. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.
E. Each Cisco ASA supports up to eight redundant interfaces.
Correct Answer: BE Section: Section10 (91-100) Explanation
Explanation/Reference:
Explanation:
QUESTION 93
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode F. no NAT-control
Correct Answer: ABD Section: Section10 (91-100) Explanation
Explanation/Reference:
Explanation:
QUESTION 94
Refer to the exhibit.
Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)
A. enables role based privilege levels to most Cisco ASA commands
B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
C. enables command authorization with a remote TACACS+ server
D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)
Correct Answer: AD Section: Section10 (91-100) Explanation
Explanation/Reference:
Explanation:
The Cisco contains more than 400 practice questions for the Cisco 642-618 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Cisco 642-618 exams network simulation software.