The 100% valid latest Cisco 642-618 question answers ensure you 100% pass! And now we are offering the free Cisco 642-618 version along with the VCE format Cisco 642-618 practice test. Free download more newCisco 642-618 PDF and VCE on https://www.pass4itsure.com/642-618.html.
QUESTION 65
Which flags should the show conn command normally show after a TCP connection has successfully been established from an inside host to an outside host?
A. aB
B. saA
C. sIO
D. AIO
E. UIO
F. F
Correct Answer: E Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 66
Which Cisco ASA show command groups the xlates and connections information together in its output?
A. show conn
B. show conn detail
C. show xlate
D. show asp
E. show local-host
Correct Answer: E Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 67
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?
A. each security context
B. system configuration
C. admin context (context with the “admin” role)
D. context startup configuration file (.cfg file)
Correct Answer: B Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 68
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. The nameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.
Correct Answer: D Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 69
Which statement about the Cisco ASA 5505 configuration is true?
A. The IP address is configured under the physical interface (ethernet 0/0 to ethernet 0/7).
B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address.
C. With the default factory configuration, Cisco ASDM access is not enabled.
D. The switchport access vlan command can be used to assign the VLAN to each physical interface (ethernet 0/0 to ethernet 0/7).
E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.
Correct Answer: D Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 70
What is the correct regular expression to match HTTP requests whose URI is /welcome.jpg?
A. ^/welcome.jpg
B. ^/welcome\.jpg
C. ^*/welcome\.jpg
D. ^\/welcome\.jpg
E. ^\*/welcome\.jpg
Correct Answer: D Section: Section7 (61-70) Explanation
Explanation/Reference:
Explanation:
QUESTION 71
Refer to the exhibit.
A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?
A. extended ACL on the outside and inside interface to permit the multicast traffic
B. EtherType ACL on the outside and inside interface to permit the multicast traffic
C. stateful packet inspection
D. static ARP mapping
E. static MAC address mapping
Correct Answer: A Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 72
With active/standby failover, what happens if the standby Cisco ASA does not receive three consecutive hello messages from the active Cisco ASA on the LAN failover interface?
A. The standby ASA immediately becomes the active ASA.
B. The standby ASA eventually becomes the active ASA after three times the hold-down timer interval expires.
C. The standby ASA runs network activity tests, including ARP and ping, to determine if the active ASA has failed.
D. The standby ASA sends additional hellos packets on all monitored interfaces, including the LAN failover interface, to determine if the active ASA has failed.
E. Both ASAs go to the “unknown” state until the LAN interface becomes operational again.
Correct Answer: D Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 73
Refer to the exhibit.
The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?
A. The Cisco ASA has NAT control disabled on each security context.
B. The Cisco ASA is using inside dynamic NAT on each security context.
C. The Cisco ASA is using a unique MAC address on each security context outside interface.
D. The Cisco ASA is using a unique dynamic routing protocol process on each security context.
E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.
Correct Answer: C Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 74
Refer to the exhibit.
The Cisco ASA is operating in transparent mode. What is required on the Cisco ASA so that R1 and R2 can form OSPF neighbor adjacency?
A. Map the R1 and R2 MAC address in the Cisco ASA MAC address table using the mac-address- table static if_name MAC_address command.
B. Configure OSPF stateful packet inspection using MPF.
C. Apply an EtherType ACL to the inside and outside interfaces to permit OSPF multicast traffic.
D. Apply an extended ACL to the inside and outside interfaces to permit OSPF multicast traffic.
E. Enable Advanced Application Inspection using MPF.
Correct Answer: D Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 75
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy E. inside the Layer 5-7 service policy
Correct Answer: A Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 76
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer
Correct Answer: D Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 77
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
A. Use redundant interfaces.
B. Enable the stateful failover interface between the primary and secondary Cisco ASA.
C. Decrease the default unit failover polltime to 300 msec and the unit failover holdtime to 900 msec.
D. Decrease the default number of monitored interfaces to 1.
Correct Answer: C Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 78
Refer to the exhibit.
Which command options represent the inside local address, inside global address, outside local address, and outside global address?
A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global
Correct Answer: D Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
QUESTION 79
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, which configuration is mandatory?
A. NAT
B. static routes
C. ARP inspections
D. EtherType access-list
E. bridge group(s)
F. dynamic MAC address learning
Correct Answer: E Section: Section8 (71-80) Explanation
Explanation/Reference:
Explanation:
Cisco 642-618 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-618 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-618 review questions help you assess your knowledge and reinforce key concepts. Cisco 642-618 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.