Day: June 14, 2016

Cisco 642-618 Practise Questions, Best Quality Cisco 642-618 Exam Practice PDF For SaleCisco 642-618 Practise Questions, Best Quality Cisco 642-618 Exam Practice PDF For Sale

Do not you know how to choose the Cisco 642-618 exam dumps? Being worried about your Cisco 642-618 exam? Just try Flydumps new version Cisco 642-618 exam dumps.High pass rate and money back guarantee!

QUESTION 50
In the default global policy, which traffic is matched for inspections by default?
A. match any
B. match default-inspection-traffic
C. match access-list
D. match port
E. match class-default

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?
A. 1. Create a class map to identify which traffic to match.
2.
Create a policy map and apply action(s) to the traffic class(es).

3.
Apply the policy map to an interface or globally using a service policy.
B. 1. Create a service policy rule.
2.
Identify which traffic to match.

3.
Apply action(s) to the traffic.
C. 1. Create a Layer 3 and 4 type inspect policy map.
2.
Create class map(s) within the policy map to identify which traffic to match.

3.
Apply the policy map to an interface or globally using a service policy.
D. 1. Identify which traffic to match.
2.
Apply action(s) to the traffic.

3.
Create a policy map.

4.
Apply the policy map to an interface or globally using a service policy.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
By default, how does a Cisco ASA appliance process IP fragments?
A. Each fragment passes through the Cisco ASA appliance without any inspections.
B. Each fragment is blocked by the Cisco ASA appliance.
C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the full IP packet is forwarded out.
D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet have been received.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which additional active/standby failover feature was introduced in Cisco ASA Software Version 8.4?
A. HTTP stateful failover
B. OSPF and EIGRP routing protocol stateful failover
C. SSL VPN stateful failover
D. IPsec VPN stateful failover
E. NAT stateful failover

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?
A. match tunnel-group
B. match access-list
C. match default-inspection-traffic
D. match port
E. match dscp
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 55
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which configuration step (if any) is necessary to enable FTP inspection on TCP port 2121?
A. None. FTP inspection is enabled by default using the global policy.
B. Create a new class map to match TCP port 2121, then edit the global policy to inspect FTP for traffic matched by the new class map.
C. Edit default-inspection-traffic to match FTP on port 2121.
D. Add a new traffic class using the match protocol FTP option within the inspect_default class map.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When the Cisco ASA appliance is processing packets, which action is performed first?
A. Check if the packet is permitted or denied by the inbound interface ACL.
B. Check if the packet is permitted or denied by the outbound interface ACL.
C. Check if the packet is permitted or denied by the global ACL.
D. Check if the packet matches an existing connection in the connection table.
E. Check if the packet matches an inspection policy.
F. Check if the packet matches a NAT rule.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which Cisco ASA (8.4.1 and later) CLI command is the best command to use for troubleshooting SSH connectivity from the Cisco ASA appliance to the outside 192.168.1.1 server?
A. telnet 192.168.1.1 22
B. ssh -l username 192.168.1.1
C. traceroute 192.168.1.1 22
D. ping tcp 192.168.1.1 22
E. packet-tracer input inside tcp 10.0.1.1 2043 192.168.4.1 ssh

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which reason explains why the Cisco ASA appliance cannot establish an authenticated NTP session to the inside 192.168.1.1 NTP server?

A. The ntp server 192.168.1.1 command is incomplete.
B. The ntp source inside command is missing.
C. The ntp access-group peer command and the ACL to permit 192.168.1.1 are missing.
D. The trusted-key number should be 1 not 2.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 60
On which type of encrypted traffic can a Cisco ASA appliance running software version 8.4.1 perform application inspection and control?
A. IPsec
B. SSl
C. IPsec or SSL
D. Cisco Unified Communications
E. Secure FTP

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured?
A. admin context
B. customer context
C. system execution space
D. within the system execution space and admin context
E. within each customer context and admin context

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
With Cisco ASA active/active or active/standby stateful failover, which state information or table is not passed between the active and standby Cisco ASA by default?
A. NAT translation table
B. TCP connection states
C. UDP connection states
D. ARP table
E. HTTP connection table

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected by default.
B. HTTP flows match the inspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows are statefully inspected using TCP stateful inspection.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 65
Which flags should the show conn command normally show after a TCP connection has successfully been established from an inside host to an outside host?
A. aB
B. saA
C. sIO
D. AIO
E. UIO
F. F

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which Cisco ASA show command groups the xlates and connections information together in its output?
A. show conn
B. show conn detail
C. show xlate
D. show asp
E. show local-host

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 67
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?
A. each security context
B. system configuration
C. admin context (context with the “admin” role)
D. context startup configuration file (.cfg file)

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. The nameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which statement about the Cisco ASA 5505 configuration is true?
A. The IP address is configured under the physical interface (ethernet 0/0 to ethernet 0/7).
B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address.
C. With the default factory configuration, Cisco ASDM access is not enabled.
D. The switchport access vlan command can be used to assign the VLAN to each physical interface (ethernet 0/0 to ethernet 0/7).
E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
What is the correct regular expression to match HTTP requests whose URI is /welcome.jpg?
A. ^/welcome.jpg
B. ^/welcome\.jpg
C. ^*/welcome\.jpg
D. ^\/welcome\.jpg
E. ^\*/welcome\.jpg

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?

A. extended ACL on the outside and inside interface to permit the multicast traffic
B. EtherType ACL on the outside and inside interface to permit the multicast traffic
C. stateful packet inspection
D. static ARP mapping
E. static MAC address mapping

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
With active/standby failover, what happens if the standby Cisco ASA does not receive three consecutive hello messages from the active Cisco ASA on the LAN failover interface?
A. The standby ASA immediately becomes the active ASA.
B. The standby ASA eventually becomes the active ASA after three times the hold-down timer interval expires.
C. The standby ASA runs network activity tests, including ARP and ping, to determine if the active ASA has failed.
D. The standby ASA sends additional hellos packets on all monitored interfaces, including the LAN failover interface, to determine if the active ASA has failed.
E. Both ASAs go to the “unknown” state until the LAN interface becomes operational again.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 73
The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?

A. The Cisco ASA has NAT control disabled on each security context.
B. The Cisco ASA is using inside dynamic NAT on each security context.
C. The Cisco ASA is using a unique MAC address on each security context outside interface.
D. The Cisco ASA is using a unique dynamic routing protocol process on each security context.
E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
The Cisco ASA is operating in transparent mode. What is required on the Cisco ASA so that R1 and R2 can form OSPF neighbor adjacency?

A. Map the R1 and R2 MAC address in the Cisco ASA MAC address table using the mac-addresstable static if_name MAC_address command.
B. Configure OSPF stateful packet inspection using MPF.
C. Apply an EtherType ACL to the inside and outside interfaces to permit OSPF multicast traffic.
D. Apply an extended ACL to the inside and outside interfaces to permit OSPF multicast traffic.
E. Enable Advanced Application Inspection using MPF.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 75
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 76
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 77
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
A. Use redundant interfaces.
B. Enable the stateful failover interface between the primary and secondary Cisco ASA.
C. Decrease the default unit failover polltime to 300 msec and the unit failover holdtime to 900 msec.
D. Decrease the default number of monitored interfaces to 1.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which command options represent the inside local address, inside global address, outside local address, and outside global address?

A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 79
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, which configuration is mandatory?
A. NAT
B. static routes
C. ARP inspections
D. EtherType access-list
E. bridge group(s)
F. dynamic MAC address learning

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 81
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/
s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?

object network insidenatted range 10.1.2.10 10.1.2.20 object network insidenet range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 _______________?________________
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 85
By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?
A. show policy-map global_policy
B. show policy-map inspection_default
C. show class-map inspection_default
D. show class-map default-inspection-traffic
E. show service-policy global

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Preparing Cisco 642-618 exam is not difficult now.You can prepare from Cisco 642-618 Certification or Cisco 642-618 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-618 study material notes for test preparation. Latest Cisco 642-618 study material available.

Cisco 642-617 Study Guide, Help To Pass Cisco 642-617 Real Exam With New DiscountCisco 642-617 Study Guide, Help To Pass Cisco 642-617 Real Exam With New Discount

Do not worry about your Cisco 642-617 exam,Flydumps now has published the new veriosn Cisco 642-617 exam dumps with more new added questions and answers,also you can free download Cisco 642-617 vce test software and pdf dumps on Flydumps.com.

QUESTION 40
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected bydefault.
B. HTTP flows match theinspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows arestatefully inspected using TCP stateful inspection.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which feature is not supported on the Cisco ASA 5505 with the Security Plus license? O A. security contexts
A. stateless active/standby failover
B. transparent firewall
C. threat detection
D. traffic shaping

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?
A. Create a new class map.
B. Create a new policy map and apply actions to the traffic classes.
C. Create a new service policy rule.
D. Create the ACLs to be referenced by any of the new class maps.
E. Disable the default global inspection policy.
F. Create a new firewall access rule.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 43
Which statement about the Cisco ASA 5505 configuration is true?
A. The IP address is configured under the physical interface (ethemet 0/0 to ethemet 0/7).
B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address
C. With the default factory configuration, Cisco ASDM access is not enabled.
D. Theswitchport access vlan command can be used to assign the VLAN to each physical interface (ethemet 0/0 to ethemet 0/7).
E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit. What does the * next to the CTX security context indicate?

A. The CTX context is the active context on the Cisco ASA.
B. The CTX context is the standby context on the Cisco ASA.
C. The CTX context contains the system configurations.
D. The CTX context has the admin role.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. loggingHsttest message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7 E. logging trap test

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 46
Refer to the exhibit. Which two configurations are required on the Cisco ASAs so that the return traffic from the 10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active CtxB context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)

A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
A. Group Setup
B. User Setup
C. Shared Profile Components
D. Network Access Profiles
E. Network Configuration Build Your Dreams PassGuide 642-617
F. Interface Configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
A. initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
B. connecting to the console port on the Cisco AIP-SSM
C. using the setup command on the Cisco ASA CLI
D. using thesession 1 command on the Cisco ASA CLI
E. using the hw-module command on the Cisco ASA CLI

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibit. Which three CLI configuration commands result from this configuration? (Choose three.)

A. global (outside) 1 192.168.11
B. nat (inside) 110.16.1.1
C. static(inside.outside) 192.168.1.1 10.16.1.1 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.16.1.1 80
E. access-listoutside_access_in line 1 extended permit tcp any host 192.168.1.1 eq http
F. access-listoutside_access_in line 1 extended permit tcp any host 10.16.1.1 eq http

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Build Your Dreams PassGuide 642-617
Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
A. Change the default metric (admin distance) from 1 to some other value.
B. Enable route tracking.
C. Specify the static route as the default tunnel gateway for VPN traffic.
D. Specify that the static route will not be removed, even if the interface shuts down.
E. Specify a tag value to the static route that can be used as a “match” value for controlling redistribution via route maps

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
On the Cisco ASA, what is the default access rule if no user-defined access lists are defined on the interfaces?

A. All inbound connections from the lower-security interfaces to the higher-security interfaces are permitted.
B. All outbound connections from the higher-security interfaces to the lower-security interfaces are permitted
C. All IP traffic between interfaces with the same security levelare permitted.
D. All IP traffic in and out of the same interface is permitted.
E. All IP traffic is denied.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 52
When the Cisco ASA detects scanning attacks, how long is the attacker who is performing the scan shunned?

A. 120 seconds
B. 600 seconds
C. 1200 seconds
D. 3600 seconds
E. 6000 seconds

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
The ASA administrator wants to configure Botnet Traffic Filter using the dynamic database but it is not working properly after the initiate configuration has been entered. What other configuration is missing?
Build Your Dreams PassGuide 642-617

A. Enabling DNS Snooping
B. Enabling Botnet Traffic Filtering on at least one of the ASA interface
C. Enabling the ASA to periodically download the dynamic database from Cisco
D. Enabling DNS inspection globally
E. Configuring the manual white and black lists

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which two statements about the Cisco ASA configuration is true? (Choose two.)
Build Your Dreams PassGuide 642-617

A. NAT Control is enabled
B. The Cisco ASAis setup as the DHCP server for hosts on the inside and outside interfaces
C. All IP traffic is permitted from the inside host to the outside
D. All hosts on the inside and on the outside can access Cisco ASDM
E. Access to the CLI in privileged mode will be authenticated using the LOCAL database on the Cisco ASA
F. The ASAis using a persistent self-signed certificated so users can authenticate the Cisco ASA when accessing it via Cisco ASDM

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 55
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
Build Your Dreams PassGuide 642-617

A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 56
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit. Which two options will result from the Cisco ASA configuration? (Choose two.)
Build Your Dreams PassGuide 642-617

A. The outside hosts can use the 192.168.100.1 IP address to reach the web server on the inside network.
B. The global IP address of the web server is 209.165.200.230.
C. The inside web client will use the 209.165.200.230 IP address to reach the web server and the Cisco ASA will translate the 209.165.200.230 IP address to the 192.168.100.1 IP address.
D. The Cisco ASA will translate the DNS A-Record reply from the DNS server to any inside client for the web server (web server IP = 192.168.100.1).
E. The web server will be reachable only from the inside.
F. The web server will be reachable only from the outside.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 58
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 59
With Cisco ASA active/active or active/standby stateful failover, which state information or
Build Your Dreams PassGuide 642-617
table is not passed between the active and standby Cisco ASA by default?
A. NAT translation table
B. TCP connection states
C. UDP connection states
D. ARP table
E. HTTP connection table

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Refer to the exhibit. What requirement is mandatory when configuring a Cisco ASA to operate in transparent firewall mode?

A. IP routing must be disabled on the Cisco ASA using the noip routing global configuration command.
B. The Cisco ASA must be configured to use the same MAC address on its outside and inside interfaces.
C. ARP inspection must be enabled on both the inside and outside interfaces using thearpinspection interface-name enable flood command.
D. Both the inside and outside interfaces must be configured with the same security level.
E. An inboundEtherType ACL is required on the inside and outside interfaces to permit ARP traffic.
F. The management IP address of the Cisco ASA configured with theip address global configuration command must belong in the 10.0.1.0/24 subnet.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Build Your Dreams PassGuide 642-617
Refer to the exhibit. Which two statements are true? (Choose two.)

A. The connection isawaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based securesyslog server

Correct Answer: BCDFG Section: (none) Explanation
Explanation/Reference:
QUESTION 63
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. Thenameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 64
What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist?
Build Your Dreams PassGuide 642-617
A. HTTP inspection
B. DNS inspection and snooping
C. WebACL
D. dynamicbotnet database fetches (updates)
E. staticblacklist
F. static white list

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which three statements about traffic shaping capability on the Cisco ASA are true? (Choose three.)
A. Traffic shaping can be applied to all outgoing traffic on a physical interface or in the case of the Cisco ASA 5505, on a VLAN
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure both traffic shaping and priorityqueueing on the same interface.
E. Traffic shaping is not supported on the Cisco ASA 5580.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit. Which statement about the policy map named test is true?

A. Only HTTP inspection will be applied to the TCP port 21 traffic.
B. Only FTP inspection will be applied to the TCP port 21 traffic.
C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.
D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration
conflicts with the ftp class map
E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 67
When troubleshooting a Cisco ASA (running 8.2.2) that is operating in transparent firewall mode, what should you verify to ensure proper operation?
A. The Cisco ASA has not been configured for inside static or dynamic NAT.
B. The Cisco ASA global IP address belongs to the same subnet as the directly connected interfaces.
C. The outside and inside interfaceare connected to different Layer 3 subnets.
D. The Cisco ASA is using a dedicated management interface for management access.
E. The Cisco ASA is configured for ARP inspection.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 69
DRAG DROP A. Build Your Dreams PassGuide 642-617

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which three parameters are set using the set connection command within a policy map on the Cisco ASA
8.2 release? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Cisco 642-617 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-617 exam the first time.

Cisco 642-587 Exam Materials, Discount Cisco 642-587 Actual Questions Guaranteed SuccessCisco 642-587 Exam Materials, Discount Cisco 642-587 Actual Questions Guaranteed Success

Fully Updated Do not hesitate to choose Flydumps Cisco 642-587 VCE Exam Dumps, all are updated timely by SAP expert professionals.Visit the site Flydumps.com to get the free Cisco 642-587 pdf dumps and free vce player.

QUESTION 50
You are using ADU and are authenticated and associated to an access point. However, you are unable to obtain an IP address. Which of these has caused this problem?
A. invalid SSID
B. invalid 802.1X authentication type
C. invalid encryption type
D. invalid WEP key
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which parameter, when enabled on a standalone access point, gives the highest priority to a voice packet even when QoS is not enabled?
A. QoS Element for Wireless Phones
B. IGMP Snooping
C. WMM
D. AVVID Priority Mapping
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You review the Failed Attempts logs on an AAA server and find: “unknown network access server error.” Which failure could produce this error?
A. failure of the wireless client and AAA server handshake
B. supplicant authentication failure
C. AAA client and AAA server handshake
D. Wrong password used by the supplicant
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
If it is properly deployed, a controller-based access point is capable of monitoring all VLANs on a network when you select which of the following modes from the AP Mode drop-down menu on the controller?
A. Monitor
B. Rogue Detector
C. Sniffer
D. Mirror
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
On a WLAN controller, what is the default limit on the number of entries in the database that will be used for local authentication?
A. 50
B. 128
C. 512
D. 1024
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which Cisco Aironet Series has a built-in digital thermometer designed to protect the radio?
A. Cisco Aironet 1500 Series
B. Cisco Aironet 1400 Series
C. Cisco Aironet 1300 Series
D. Cisco Aironet 1200 Series

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
A Cisco 4404 WLAN controller is being connected to a Cisco 6500 Catalyst Series Switch. How would you interconnect and configure LAG for connectivity and ensure redundancy?
A. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module and channel group.
B. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module using two channel groups.
C. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 20 and Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 40.
D. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 10 and Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 10.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which of the following commands on the wireless interface of a Cisco 3845 Integrated Service Router allows the SSID to broadcast?
A. router(config-ssid)# enable
B. router(config-ssid)# advertise
C. router(config-ssid)# broadcast
D. router(config-ssid)# guest-mode
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
You have been called upon to add location-based services into an existing controller-based wireless design which primarily encompasses handheld devices such as barcode scanners and Cisco 7920 wireless IP phones. In which mode should you deploy
the additional access points to achieve the density required without excessive co-channel interference?
A. sniffer mode
B. monitor mode
C. location mode D. tracking mode
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
What is the maximum number of WLAN controllers that can join a single mobility group?
A. 12
B. 24
C. 36
D. 48

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Cisco 642-587 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-587. We provide our customers with the excellent 7×24 hours customer service.We have the most professional Cisco 642-587 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-587 free pdf