642-618 Exam Details

  • Exam Code
    :642-618
  • Exam Name
    :Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0)
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :137 Q&As
  • Last Updated
    :Dec 06, 2021

Cisco 642-618 Online Questions & Answers

  • Question 81:

    Refer to the exhibit.

    Which traffic is permitted on the inside interface without any interface ACLs configured?

    A. any IP traffic input to the inside interface
    B. any IP traffic input to the inside interface destined to any lower security level interfaces
    C. only HTTP traffic input to the inside interface
    D. only HTTP traffic output from the inside interface
    E. No input traffic is permitted on the inside interface.
    F. No output traffic is permitted on the inside interface.

  • Question 82:

    Refer to the exhibit.

    Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)

    A. enables role based privilege levels to most Cisco ASA commands
    B. enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands
    C. enables command authorization with a remote TACACS+ server
    D. enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)

  • Question 83:

    Which statement about the Cisco ASA 5505 configuration is true?

    A. The IP address is configured under the physical interface (ethernet 0/0 to ethernet 0/7).
    B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address.
    C. With the default factory configuration, Cisco ASDM access is not enabled.
    D. The switchport access vlan command can be used to assign the VLAN to each physical interface (ethernet 0/0 to ethernet 0/7).
    E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.

  • Question 84:

    Refer to the exhibit.

    -Context C:

    static (inside,shared) 10.30.10.0 10.30.10.0 netmask 255.255.255.0

    Which two CLI commands result from this configuration? (Choose two.)

    A. aaa authorization network LOCAL
    B. aaa authorization network default authentication-server LOCAL
    C. aaa authorization command LOCAL
    D. aaa authorization exec LOCAL
    E. aaa authorization exec authentication-server LOCAL
    F. aaa authorization exec authentication-server

  • Question 85:

    Which statement about the Cisco ASA botnet traffic filter is true?

    A. The four threat levels are low, moderate, high, and very high.
    B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.
    C. Static blacklist entries always have a very high threat level.
    D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry.

  • Question 86:

    Which statement about Cisco ASA multicast routing support is true?

    A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
    B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from multicast receivers to the upstream multicast router.
    C. The Cisco ASA appliance supports DVMRP and PIM.
    D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled at the same time.
    E. The Cisco ASA appliance supports only IGMP v1.

  • Question 87:

    When the Cisco ASA detects scanning attacks, how long is the attacker who is performing the scan shunned?

    A. 120 seconds
    B. 600 seconds
    C. 1200 seconds
    D. 3600 seconds
    E. 6000 seconds

  • Question 88:

    In which type of environment is the Cisco ASA MPF set connection advanced-options tcp- statebypass option the most useful?

    A. SIP proxy
    B. WCCP
    C. BGP peering through the Cisco ASA
    D. asymmetric traffic flow
    E. transparent firewall

  • Question 89:

    Based on this NAT command, drag the IP address network on the left to the correct NAT address type on the right.

    Nat(inside, outside) source dynamic 10.0.1.0_obj 192.168.1.7_obj destination static 209.165.200.226_Server 209.265.201.21_Server

    Select and Place:

  • Question 90:

    Refer to the exhibit.

    Which reason explains why the Cisco ASA appliance cannot establish an authenticated NTP session to the inside 192.168.1.1 NTP server?

    A. The ntp server 192.168.1.1 command is incomplete.
    B. The ntp source inside command is missing.
    C. The ntp access-group peer command and the ACL to permit 192.168.1.1 are missing.
    D. The trusted-key number should be 1 not 2.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-618 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.