Download New Updated (Spring 2015) Cisco 642-618 Actual Tests 21-30

By | April 28, 2015




A Cisco ASA is operating in transparent firewall mode, but the MAC address table of the Cisco ASA is always empty, which causes connectivity issues. What should you verify to troubleshoot this issue?


A.      if ARP inspection has been disabled

B.      if MAC learning has been disabled

C.      if NAT has been disabled

D.      if ARP traffic is explicitly allowed using EtherType ACL

E.       if BPDU traffic is explicitly allowed using EtherType ACL


Correct Answer: B




When active/active failover is implemented on the Cisco ASA, how many failover groups are supported on the Cisco ASA?


A.      < span lang="EN-US">1

B.      2

C.      1 failover group per configured security context

D.      2 failover groups per configured security context


Correct Answer: B




Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the subnet?


A.      http inside

B.      http inside

C.      http inside

D.      http


Correct Answer: C







Refer to the exhibit. What is the resulting CLI command?




A.        match request uri regex _default_GoToMyPC-tunnel

drop-connection log

B.        match regex _default_GoToMyPC-tunnel

drop-connection log

C.        class _default_GoToMyPC-tunnel

drop-connection log

D.        match class-map _default_GoToMyPC-tunnel

drop-connection log


Correct Answer: C




What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?


A.      Create a new class map.

B.      Create a new policy map and apply actions to the traffic classes.

C.      Create a new service policy rule.

D.      Create the ACLs to be referenced by any of the new class maps.

E.       Disable the default global inspection policy.

F.       Create a new firewall access rule.

Correct Answer: C




Refer to the exhibit. Which statement about the Telnet session from to is true?




A.      The Telnet session should be successful.

B.      The Telnet session should fail because the route lookup to the destination fails.

C.      The Telnet session should fail because the inside interface inbound access list will block it.

D.      The Telnet session should fail because no matching flow was found.

E.       The Telnet session should fail because inside NAT has not been configured.


Correct Answer: C




Which feature is not supported on the Cisco ASA 5505 with the Security Plus license?


A.      security contexts

B.      stateless active/standby failover

C.      transparent firewall

D.      threat detection

E.       traffic shaping


Correct Answer: A




With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?


A.      1

B.      2

C.      3

D.      4

E.       5


Correct Answer: A




Which statement about SNMP support on the Cisco ASA appliance is true?


A.      The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.

B.      The Cisco ASA appliance supports read-only and read-write access.

C.      The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM.

A.        Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.

D.      The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.


Correct Answer: C





Which command option/keyword in Cisco ASA 8.3 NAT configurations makes the NAT policy interface independent?


A.      interface

B.      all

C.      auto

D.      global

E.       any


Correct Answer: E

Free VCE & PDF File for Cisco 642-618 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …