Cisco 642-618 VCE Files, Most Accurate Cisco 642-618 PDF Download On Our Store

CCNP Security, Cisco Comments Off

Welcome to download the newest Pass4itsure eada10 VCE dumps: http://www.pass4itsure.com/eada10.html

FLYDUMPS bring you the best Cisco 642-618 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-618 exam updates as Microsoft announces a change in its Cisco 642-618 exam syllabus,we inform you about it without delay.

QUESTION 101
Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)

A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 103
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 106
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500

Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)
A. drop
B. priority
C. log
D. pass
E. inspect
F. reset

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 110
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports
H. 8 standby ports

Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 114
In which two directions are the Cisco ASA modular policy framework inspection policies applied? (Choose two.)
A. in the ingress direction only when applied globally
B. in the ingress direction only when applied on an interface
C. in the egress direction only when applied globally
D. in the egress direction only when applied on an interface
E. bi-directionally when applied globally
F. bi-directionally when applied on an interface

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)
A. SNMPv3 Local EngineID
B. SNMPv3 Remote EngineID
C. SNMP Users
D. SNMP Groups
E. SNMP Community Strings
F. SNMP Hosts

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license

Correct Answer: DE Section: (none) Explanation
Explanation/Reference: QUESTION 117
Which two statements are true? (Choose two.)

A. The connection is awaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 118
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which two CLI commands result from this configuration? (Choose two.)

A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference: QUESTION 121
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.

Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected
10.10.10.10 web server.
3.
The security appliance should drop all requests that contain basic SQL injection attempts (the string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing thereferences to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 123

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference: Explanation:
Inside Local: 10.0.1.0_obj Inside global: 192.168.1.7_obj Outside global: 209.165.200.226_server Outside Local: 209.165.201.21_server
QUESTION 124

Select and Place: Correct Answer:

Section: (none) Explanation
Explanation/Reference:
Systems Execution SpaceUsed to define the context name, location of the context startup configuration and interface allocation Admin ContextUsed by the Cisco ASA appliance to access the required network resources Customer contextUsed to support virtual firewall with its own configuration
QUESTION 125
Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 126

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference: Explanation:
Interface access-list entries Global access-list entries Implicit deny ip any any interface access-list rule entry
QUESTION 127

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question.
Which statement about the Cisco ASA configuration is true?
1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted.
Correct Answer: B Section: (none) Explanation Explanation/Reference:

QUESTION 128

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside destinations to be translated with dynamic port address transmission using the outside interface IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA when accessing it via ASDM

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 129

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. DNS snooping
B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
C. Periodic download of the dynamic botnet database from Cisco.
D. DNS inspection in the global policy.
E. Manual botnet black and white lists.
Correct Answer: A Section: (none)

Explanation
Explanation/Reference:
QUESTION 130

Case Study Title (Case Study): Instructions
This item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens.

Scenario
Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks:
1.
Enable HTTP inspection globally on the Cisco ASA

2.
Create a new HTTP inspect Map named: http-inspect-map to:
a.
Enable the dropping of any HTTP connections that encounter HTTP protocol violations

b.
Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional. After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are fully functional.

2-a (exhibit):

2-b (exhibit):

2-c (exhibit): 2-d (exhibit):
A.
Correct Answer: A

Section: (none) Explanation
Explanation/Reference:
Answer: Here are the step by step Solution for this:
Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name “httpinspect-map”>>click on detail>>
a.
select “check for protocol violations”

b.
Action: Drop connection

c.
Log: Enable

d.
Click on Inspection: Click Add

e.
Select Single Match>>Match type: No Match

f.
Criterion: response header field

g.
Field: Predefined: Content type

h.
value: Content type

i.
Action: Drop connection

j.
Log: Enable

h.
ok>>>ok>>>Apply Through achieve this command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection log policy-map type inspect http http-inspect-map match not response header content-type application/msword drop-connection log

Flydumps.com takes in the latest Cisco 642-618 questions in the Cisco 642-618 exam materials so that our material should be always the latest and the most relevant. We know that Cisco 642-618 examination  wouldn’t repeat the same set of questions all the time. Microsoft certification examinations are stringent and focus is often kept on updated technology trends. The Cisco 642-618 exam questions organized by the professionals will help to condition your mind to promptly grasp what you could be facing in the Cisco 642-618 cert examination.

Pass4itsure eada10 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/eada10.html

Cisco 642-618 VCE Files, Most Accurate Cisco 642-618 PDF Download On Our Store

Author

Back to Top