642-618 Exam Details

  • Exam Code
    :642-618
  • Exam Name
    :Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0)
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :137 Q&As
  • Last Updated
    :Dec 06, 2021

Cisco 642-618 Online Questions & Answers

  • Question 1:

    Refer to the exhibit.

    A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?

    A. extended ACL on the outside and inside interface to permit the multicast traffic
    B. EtherType ACL on the outside and inside interface to permit the multicast traffic
    C. stateful packet inspection
    D. static ARP mapping
    E. static MAC address mapping

  • Question 2:

    Refer to the exhibit.

    Which option describes the problem with this botnet traffic filter configuration on the Cisco ASA appliance?

    A. The traffic classification ACL is not defined.
    B. The use of the dynamic database is not enabled.
    C. DNS snooping is not enabled.
    D. The threat level range for the traffic to be dropped is not defined.
    E. The static black and white list entries should use domain name instead of IP address.

  • Question 3:

    Which option is one requirement before a Cisco ASA appliance can be upgraded from Cisco ASA Software Version 8.2 to 8.3?

    A. Remove all the pre 8.3 NAT configurations in the startup configuration.
    B. Upgrade the memory on the Cisco ASA appliance to meet the memory requirement of Cisco ASA Software Version 8.3.
    C. Request new Cisco ASA licenses to meet the 8.3 licensing requirement.
    D. Upgrade Cisco ASDM to version 6.2.
    E. Migrate interface ACL configurations to include interface and global ACLs.

  • Question 4:

    By default, how does a Cisco ASA appliance process IP fragments?

    A. Each fragment passes through the Cisco ASA appliance without any inspections.
    B. Each fragment is blocked by the Cisco ASA appliance.
    C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the full IP packet is forwarded out.
    D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet have been received.

  • Question 5:

    Which Cisco ASA show command groups the xlates and connections information together in its output?

    A. show conn
    B. show conn detail
    C. show xlate
    D. show asp
    E. show local-host

  • Question 6:

    Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)

    A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
    B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
    C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
    D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
    E. Configure TCP state bypass to allow the BGP flows.

  • Question 7:

    Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)

    A. Enable the EIGRP routing process and specify the AS number.
    B. Define the EIGRP default-metric.
    C. Configure the EIGRP router ID.
    D. Use the neighbor command(s) to specify the EIGRP neighbors.
    E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

  • Question 8:

    Refer to the exhibit.

    On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)

    A. nat (inside) 1 10.1.1.10 global (outside) 1 192.168.1.1
    B. nat (outside) 1 192.168.1.1 global (inside 1 10.1.1.10
    C. static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0
    D. static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80
    E. object network 192.168.1.1 nat (inside,outside) static 10.1.1.10
    F. object network 10.1.1.10 nat (inside,outside) static 192.168.1.1
    G. access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http access-group outside_access_in in interface outside
    H. access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http access-group outside_access_in in interface outside

  • Question 9:

    Refer to the exhibit.

    What can be determined about the connection status?

    A. The output is showing normal activity to the inside 10.1.1.50 web server.
    B. Many HTTP connections to the 10.1.1.50 web server have successfully completed the three- way TCP handshake.
    C. Many embryonic connections are made from random sources to the 10.1.1.50 web server.
    D. The 10.1.1.50 host is triggering SYN flood attacks against random hosts on the outside.
    E. The 10.1.1.50 web server is terminating all the incoming HTTP connections.

  • Question 10:

    With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?

    A. 1
    B. 2
    C. 3
    D. 4
    E. 5

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-618 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.