Download New Updated (Spring 2015) Cisco 642-618 Actual Tests 51-60

By | April 28, 2015




Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?


A.        1.  Create a class map to identify which traffic to match.

2.  Create a policy map and apply action(s) to the traffic class(es).

3.  Apply the policy map to an interface or globally using a service policy.


B.        1.  Create a service policy rule.

2.  Identify which traffic to match.

3.  Apply action(s) to the traffic.


C.        1.  Create a Layer 3 and 4 type inspect policy map.

2.  Create class map(s) within the policy map to identify which traffic to match.

3.  Apply the policy map to an interface or globally using a service policy.


D.        1.  Identify which traffic to match.

2.  Apply action(s) to the traffic.

3.  Create a policy map.

4.  Apply the policy map to an interface or globally using a service policy.


Correct Answer: B




By default, how does a Cisco ASA appliance process IP fragments?


A.      Each fragment passes through the Cisco ASA appliance without any inspections.

B.      Each fragment is blocked by the Cisco ASA appliance.

C.      The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the full IP packet is forwarded out.

D.      The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet have been received.


Correct Answer: C




Which additional active/standby failover feature was introduced in Cisco ASA Software Version 8.4?


A.      HTTP stateful failover

B.      OSPF and EIGRP routing protocol stateful failover

C.      SSL VPN stateful failover

D.      IPsec VPN stateful failover

E.       NAT stateful failover


Correct Answer: B




Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?


A.      match tunnel-group

B.      match access-list

C.      match default-inspection-traffic

D.      match port

E.       match dscp


Correct Answer: A




Which Cisco ASA configuration is used to configure the TCP intercept feature?


A.      a TCP map

B.      an access list

C.      the established command

D.      the set connection command with the embryonic-conn-max option

E.       a type inspect policy map


Correct Answer: D




Which configuration step (if any) is necessary to enable FTP inspection on TCP port 2121?


A.      None. FTP inspection is enabled by default using the global policy.

B.      Create a new class map to match TCP port 2121, then edit the global policy to inspect FTP for traffic matched by the new class map.

C.      Edit default-inspection-traffic to match FTP on port 2121.

D.      Add a new traffic class using the match protocol FTP option within the inspect_default class map.


Correct Answer: B



When the Cisco ASA appliance is processing packets, which action is performed first?


A.      Check if the packet is permitted or denied by the inbound interface ACL.

B.      Check if the packet is permitted or denied by the outbound interface ACL.

C.      Check if the packet is permitted or denied by the global ACL.

D.      Check if the packet matches an existing connection in the connection table.

E.       Check if the packet matches an inspection policy.

F.       Check if the packet matches a NAT rule.


Correct Answer: D




Which Cisco ASA (8.4.1 and later) CLI command is the best command to use for troubleshooting SSH connectivity from the Cisco ASA appliance to the outside server?


A.      telnet 22

B.      ssh -| username

C.      traceroute 22

D.      ping tcp 22

E.       packet-tracer input inside tcp 2043 ssh


Correct Answer: D




On which type of encrypted traffic can a Cisco ASA appliance running software version 8.4.1 perform application inspection and control?


A.      IPsec

B.      SSL

C.      IPsec or SSL

D.      Cisco Unified Communications

E.       Secure FTP

Correct Answer: D










Refer to the exhibit. Which reason explains why the Cisco ASA appliance cannot establish an authenticated NTP session to the inside NTP server?




A.      The ntp server command is incomplete.

B.      The ntp source inside command is missing.

C.      The ntp access-group peer command and the ACL to permit are missing.

D.      The trusted-key number should be 1 not 2.


Correct Answer: A

Free VCE & PDF File for Cisco 642-618 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …