642-618 Exam Details

  • Exam Code
    :642-618
  • Exam Name
    :Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0)
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :137 Q&As
  • Last Updated
    :Dec 06, 2021

Cisco 642-618 Online Questions & Answers

  • Question 71:

    On which type of encrypted traffic can a Cisco ASA appliance running software version 8.4.1 perform application inspection and control?

    A. IPsec
    B. SSL
    C. IPsec or SSL
    D. Cisco Unified Communications
    E. Secure FTP

  • Question 72:

    Refer to the exhibit.

    Which statement about the MPF configuration is true?

    A. Any non-RFC complaint FTP traffic will go through additional deep FTP packet inspections.
    B. FTP traffic must conform to the FTP RFC, and the FTP connection will be dropped if the PUT command is used.
    C. Deep FTP packet inspections will be performed on all TCP inbound and outbound traffic on the outside interface.
    D. The ftp-pm policy-map type should be type inspect.
    E. Due to a configuration error, all FTP connections through the outside interface will not be permitted.

  • Question 73:

    Refer to the exhibit.

    What is the resulting CLI command?

    A. match request uri regex _default_GoToMyPC-tunnel drop-connection log
    B. match regex _default_GoToMyPC-tunnel drop-connection log
    C. class _default_GoToMyPC-tunnel drop-connection log
    D. match class-map _default_GoToMyPC-tunnel drop-connection log

  • Question 74:

    Click and drag the supported ASA QoS option on the left to the correct description on the right. (Some of the options on the left are not used)

    Select and Place:

  • Question 75:

    Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)

    A. SNMPv3 Local EngineID
    B. SNMPv3 Remote EngineID
    C. SNMP Users
    D. SNMP Groups
    E. SNMP Community Strings
    F. SNMP Hosts

  • Question 76:

    Refer to the exhibit.

    What does the * next to the CTX security context indicate?

    A. The CTX context is the active context on the Cisco ASA.
    B. The CTX context is the standby context on the Cisco ASA.
    C. The CTX context contains the system configurations.
    D. The CTX context has the admin role.

  • Question 77:

    Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:

    The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic.

    What else must be enabled in order to make it work?

    A. DNS snooping
    B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
    C. Periodic download of the dynamic botnet database from Cisco.
    D. DNS inspection in the global policy.
    E. Manual botnet black and white lists.

  • Question 78:

    Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?

    A. 1. Create a class map to identify which traffic to match. 2. Create a policy map and apply action(s) to the traffic class(es). 3. Apply the policy map to an interface or globally using a service policy.
    B. 1. Create a service policy rule. 2. Identify which traffic to match. 3. Apply action(s) to the traffic.
    C. 1. Create a Layer 3 and 4 type inspect policy map. 2. Create class map(s) within the policy map to identify which traffic to match. 3. Apply the policy map to an interface or globally using a service policy.
    D. 1. Identify which traffic to match. 2. Apply action(s) to the traffic. 3. Create a policy map. 4. Apply the policy map to an interface or globally using a service policy.

  • Question 79:

    When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)

    A. Verify the interface status in the system execution space.
    B. Verify the mac-address-table on the Cisco ASA.
    C. Verify that unique MAC addresses are configured if the contexts are using nonshared interfaces.
    D. Verify the interface status in the user context.
    E. Verify the resource classes configuration by accessing the admin context.

  • Question 80:

    Which Cisco ASA configuration is used to configure the TCP intercept feature?

    A. a TCP map
    B. an access list
    C. the established command
    D. the set connection command with the embryonic-conn-max option
    E. a type inspect policy map

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-618 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.