Cisco 642-618 Cert Exam, Free Cisco 642-618 Free Dumps With 100% Pass Rate

CCNP Security, Cisco Comments Off

Welcome to download the newest Pass4itsure hp0-m52 VCE dumps: http://www.pass4itsure.com/hp0-m52.html

Your worries about Cisco 642-618 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the Cisco 642-618 exam. All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-618 exam.It 100% ensure you pass the exam without any doubt.

QUESTION 111
Refer to the exhibit.
***Exhibit is Missing***
Which command options represent the inside local address, inside global address, outside local address, and outside global address?
A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 112
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, which configuration is mandatory?
A. NAT
B. static routes
C. ARP inspections
D. EtherType access-list
E. bridge group(s)
F. dynamic MAC address learning

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 113
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 114
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 115
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 116
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 117
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Refer to the exhibit.
object network insidenatted range 10.1.2.10 10.1.2.20 ! object network insidenet range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 ?
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted interface
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 120
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.
Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected
10.10.10.10 web server.
3.
The security appliance should drop all requests that contain basic SQL injection attempts (the

string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing the references to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 121
By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?
A. show policy-map global_policy
B. show policy-map inspection_default
C. show class-map inspection_default
D. show class-map default-inspection-traffic
E. show service-policy global

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 122
Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?
A. Configuration > Firewall > Service Policy Rules
B. Configuration > Firewall > Advanced > IP Audit > IP Audit Policy
C. Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures
D. Configuration > Firewall > Advanced > TCP options
E. Configuration > Firewall > Objects > TCP Maps
F. Configuration > Firewall > Objects > Inspect Maps

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:

QUESTION 124

Select and Place: Correct Answer: Section: (none)
Explanation

QUESTION 125

Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:
QUESTION 126

Select and Place: Correct Answer: Section: (none)
Explanation

QUESTION 127
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:

Which statement about the Cisco ASA configuration is true?
A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted. Explanation:

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)
A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside destinations to be translated with dynamic port address transmission using the outside interface IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA when accessing it via ASDM Explanation:

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?
A. DNS snooping
B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
C. Periodic download of the dynamic botnet database from Cisco.
D. DNS inspection in the global policy.
E. Manual botnet black and white lists.
F.
G.

Correct Answer: ABCDE Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Q130 CORRECT TEXT
Instructions
This item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens.
Scenario
Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks:
1.
Enable HTTP inspection globally on the Cisco ASA

2.
Create a new HTTP inspect Map named: http-inspect-map to:
a.
Enable the dropping of any HTTP connections that encounter HTTP protocol violations

b.
Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request
Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional.
After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are filly functional.
Hot Area:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Answer: Here are the step by step Solution for this:

Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name “httpinspect-map”>>click on detail>>
a.
select “check for protocol violations”

b.
Action: Drop connection

c.
Log: Enable

d.
Click on Inspection: Click Add

e.
Select Single Match>>Match type: No Match

f.
Criterion: response header field

g.
Field: Predefined: Content type

h.
value: Content type

i.
Action: Drop connection

j.
Log: Enable

h.
ok>>>ok>>>Apply
Through achieve this command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection log
policy-map type inspect http http-inspect-map match not response header content-type application/msword
drop-connection log

Flydumps.com is providing complete solutions for Cisco 642-618 that will help the candidates learn extensively and score exceptional in the Cisco 642-618 exam. Passing the Microsoft is not a dream anymore as our user friendly learning resources ensure guaranteed success.

Pass4itsure hp0-m52 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/hp0-m52.html

Cisco 642-618 Cert Exam, Free Cisco 642-618 Free Dumps With 100% Pass Rate

Author

Back to Top