All Latest Updated Version Of Cisco 642-691 Study Guide For Free DownloadAll Latest Updated Version Of Cisco 642-691 Study Guide For Free Download

Flydumps ensures Cisco 642-691 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid Cisco 642-691 PDF and VCE exam dumps with free new version.100% valid and success.

Exam A
QUESTION 1
Based on the network diagram shown in the exhibit, both R5 and R6 are clients of the R2 RR. When the 10.0.0.0/8 iBGP update from R3 is received by the R2 RR, which router(s) will R2 reflect the update to?

A. R1 only
B. R5 and R6
C. R5, R6 and R1
D. R4, R5 and R6
E. R4, R5, R6 and R1
F. to no other router

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Based on this configuration, which two peering router neighbor statements are correct? (Choose two.) router bgp 50001 neighbor 192.168.1.1 remote-as 50001 neighbor 10.1.1.1 remote-as 50002 neighbor
10.1.1.1 local-as 50003 ! output omitted
A. EBGP – neighbor 10.1.1.2 remote-as 50003
B. EBGP – neighbor 10.1.1.2 remote-as 50001
C. EBGP – neighbor 10.1.1.2 remote-as 50001 and neighbor 10.1.1.2 local-as 50003
D. IBGP – neighbor 192.168.1.2 remote-as 50001
E. IBGP – neighbor 192.168.1.2 remote-as 50003
F. IBGP – neighbor 192.168.1.2 remote-as 50003 and neighbor 192.168.1.2 local-as 50001
Correct Answer: CD Section: (none)

Explanation Explanation/Reference:
QUESTION 3
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 4
Which two statements about a transit AS are correct? (Choose two.)
A. A transit AS has eBGP connection(s) to only one external AS.
B. Routes between ASs are always exchanged via eBGP.
C. A transit AS uses an IGP like OSPF or ISIS to propagate the external networks within the transit AS.
D. Core routers within a transit AS normally use default routing to reach the external networks.
E. iBGP sessions can be established between non directly connected routers.

Correct Answer: BE Section: (none) Explanation Explanation/Reference:
QUESTION 5
Refer to the exhibit and the following connectivity requirements. How many different VRFs are required? Sites CE1A, CE1B, CE1C, and CE1D require connectivity among them. Sites CE2A and CE2B require connectivity between them. Site CE12A requires connectivity to sites CE1A, CE1B, CE1C, CE1D, and CE12B. Site CE12B requires connectivity to sites CE2A, CE2B, and CE12A.

A. 2 VRFs
B. 3 VRFs
C. 4 VRFs
D. 6 VRFs
E. 8 VRFs
F. 10 VRFs

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Refer to the exhibit. A diagram of a router connected to an MPLS-enabled ATM switch via an LC-ATM MPLS interface, and a partial configuration for the MPLS-enabled ATM switch and router are shown. Which statement describes what is incorrect about the configuration shown?

A. CEF has not been enabled on the router.
B. The VPI range of 2-3 is invalid.
C. The control VPI/VCI has not been set to 0/32 on the router.
D. VC-merge has not been enabled on the ATM switch interface.
E. The router has not been configured to specifically use LDP.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
When using MPLS unicast IP forwarding, what will happen if an LSR receives an incoming labeled packet but the LSR can’t find that incoming label in its LFIB?
A. The packet will be forwarded using the FIB.
B. The packet will be forwarded using the LIB.
C. The packet will be process switched by performing a route lookup in the routing table.
D. The packet will be forwarded using the LFIB with an imp-null outgoing label.
E. The packet will be dropped even if the IP destination exists in the FIB.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Refer to the exhibit. Based on the show outputs, which condition could be preventing the P1 router from establishing TDP adjacency with its neighbor over the s0/0.211 and s0/0.212 subinterfaces?

A. The s0/0.211 and s0/0.212 subinterfaces line protocol are in the down state.
B. The P1 router cannot establish a TCP session with its neighbors.
C. The P1 router is missing the mpls label protocol LDP command.
D. The show mpls tdp neighbor command needs to be used to view the TDP neighbor status.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
LAB A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 10
What is the correct command to set the BGP scanner interval to two minutes?
A. bgp scan-time 2
B. bgp scan-time 120
C. bgp scan-time 2 60
D. The maximum scanning interval cannot exceed one minute.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Given the AS-path of (51002 51003) 51001 i from the show ip bgp output, what is the origin?
A. AS 51001
B. AS 51002
C. AS 51003
D. (51002 51003)
E. IGP
F. IBGP

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What best describes the following configuration example of allowas-in? router bgp 100 address-family ipv4 vrf CustomerAneighbor 195.12.4.5 remote-as 123 neighbor 195.12.4.5 activateneighbor 195.12.4.5 allowas-in 2
A. permits incoming BGP updates defined by access-list 2
B. permits incoming BGP updates defined by class-map 2
C. permit incoming BGP updates defined by route-map 2
D. permits incoming BGP updates with no more than two occurrences of AS 100 in the AS path
E. permits incoming BGP updates with no more than two occurrences of AS 123 in the AS path

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
In the diagram, the customer is using static routing to connect to the ISP. Which configuration on the ISP edge routers will enable load balancing and backup of the traffic to the customer?

A. ! R1 ip route 10.1.1.0 255.255.255.128 serial 0 ! R2 ip route 10.1.1.128 255.255.255.128 serial 0
B. ! R1 ip route 10.1.1.0 255.255.255.0 serial 0 ! R2 ip route 10.1.1.128 255.255.255.0 serial 0
C. ! R1 ip route 10.1.1.0 255.255.255.128 serial 0 ip route 10.1.1.128 255.255.255.128 serial 0 ! R2 ip route 10.1.1.128 255.255.255.128 serial 0 ip route 10.1.1.0 255.255.255.128 serial 0
D. ! R1 ip route 10.1.1.0 255.255.255.128 serial 0 ip route 10.1.1.0 255.255.255.0 serial 0 ! R2 ip route
10.1.1.128 255.255.255.128 serial 0 ip route 10.1.1.0 255.255.255.0 serial 0

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
When using the redistribute ospf {process-id} command, which types of OSPF routes will be redistributed into BGP?
A. all internal (interarea and intra-area) OSPF routes
B. all external OSPF routes
C. all external OSPF routes except type 7 LSAs
D. both internal and external OSPF routes
E. only classful OSPF routes without the subnet option
F. only external OSPF routes without the match option

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Based on the network diagram shown in the exhibit, what is the correct configuration on the customer edge router used to conditionally announce the customer networks to the ISP?

A. router bgp 65001 ! neighbor commands not shown network 192.168.8.0 mask 255.255.252.0 ! ip route
192.168.8.0 255.255.252.0 192.168.8.33
B. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 summary-only ! ip route 192.168.8.0 255.255.252.0 192.168.8.33
C. router bgp 65001 ! neighbor commands not shown network 192.168.8.0 network 192.168.9.0 network
192.168.10.0 network 192.168.11.0 ! ip route 192.168.8.0 255.255.255.0 null0 ip route 192.168.9.0
255.255.255.0 null0 ip route 192.168.10.0 255.255.255.0 null0 ip route 192.168.11.0 255.255.255.0 null0
D. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 summary-only ! router ospf 1 network 192.168.8.0 0.0.3.255 area 0
E. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 ! ip route 192.168.8.0 255.255.252.0 null0

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16
When configuring Internet access using a separate MPLS VPN, which three statements are correct? (Choose three.)
A. The Internet backbone is separate from the MPLS VPN backbone.
B. Two dedicated physical or logical links between the PE and the CE routers are required.
C. An Internet gateway is connected as a CE router to the MPLS VPN backbone.
D. An Internet gateway shall insert full Internet routing into the Internet VPN to achieve optimal routing.
E. The customer’s Internet access is enabled by combining the Internet VPN with the Customer VPN using overlapping VPN topology.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 17
What is the difference in implementation between a managed CE services MPLS VPN and a central services MPLS VPN?
A. RD assignment
B. selective routes export
C. selective routes import
D. MP-BGP route redistribution filtering
E. CE-PE routing process
F. none

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which four attributes are used by BGP to detect routing loops? (Choose four.)
A. AS-Path
B. Cluster ID
C. Cluster List
D. Originator ID
E. Community ID

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which configuration task requires configuring the bgp cluster-id {cluster-id} command?
A. configuring the member ASs within a BGP confederation
B. configuring the BGP confederation ID
C. configuring hierarchical BGP confederations
D. configuring redundant BGP confederations
E. configuring hierarchical route reflectors
F. configuring redundant route reflectors

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 20
During the autonomous system number migration process, which BGP feature allows a BGP router to act as a router within one autonomous system to some BGP neighbors but also appear to be in another autonomous system to other neighbors?
A. remove-private-as
B. local-as
C. as-path prepending
D. AS override
E. Site-of-Origin (S00)

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Cisco 642-691 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-691 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-691 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-691 exercises help you think about exam objectives in real-world situations, thus increasing recall during exam time.

Grasping New Cisco 642-691 Real Exam Questions And Never Fail The Real ExamGrasping New Cisco 642-691 Real Exam Questions And Never Fail The Real Exam

Do not worry about your Cisco 642-691 exam,Certadept now has published the new veriosn Cisco 642-691 exam dumps with more new added questions and answers,also you can free download Cisco 642-691 vce test software and pdf dumps on Flydumps.com.

Exam A
QUESTION 1
For which purpose is the command mpls ldp maxhops used?
A. In large ATM-MPLS networks, the LFIB can become too large and it may be necessary to limit the maximum diameter of the MPLS LSPs.
B. Because downstream-on-demand label allocation uses hop count to control loop detection, it maybe necessary to limit the maximum diameter of the MPLS network.
C. Because end-to-end delay can cause problems with some voice applications, it may be necessary to limit the maximum diameter of the MPLS network.
D. When interconnecting large frame mode MPLS and cell mode networks it may be necessary to limit the maximum network diameter to prevent forwarding loops.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Refer to the diagram. What problem can be caused by the second P router summarizing the loopback address of the egress PE router?

A. The first P router will be faced with a VPN label which it does not understand.
B. The second P router will be faced with a VPN label which it does not understand.
C. The egress PE router will not be able to establish a label switch path (LSP) to the ingress PE router.
D. A label switch path (LSP) will be established from the ingress PE router to the egress PE router, an event that is not desirable.
E. The ingress PE router will not be able to receive the VPN label from the egress PE router via MP-IBGP.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 3
In a central services topology, which routes do client VRFs contain?
A. routes from the client site, but not from the server site
B. routes from the server site, but not from the client site
C. routes from both the client site and the server site
D. only EBGP routes from either the client site or the server site
Correct Answer: C Section: (none) Explanation
QUESTION 4
On a dedicated subinterface implementation, PE-2 must establish an address-family vrf IPv4 BGP neighbor relationship with which router?

A. CE-1
B. CE-2
C. PE-1
D. PE-IG
E. CE-1 and CE-2
F. PE-1 and PE-IG
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 5
What are three drawbacks of a peer-to-peer VPN using a shared provider edge (PE) router? (Choose three.)
A. A full mesh of virtual circuits is required between the customer sites.
B. All the customers have to share a common IP address space.
C. Optimal routing between customer sites cannot be guaranteed.
D. The shared PE router has to know all routes for all customers.
E. Packet filters are required on the PE routers.
Correct Answer: BDE Section: (none) Explanation
QUESTION 6
Which two of the following statements regarding LDP are true? (Choose two.)
A. LDP can also be used between nonadjacent routers using multicast LDP hello messages.
B. LDP does not require periodic hello messages once the LDP session has been established between the LDP peers.
C. LDP hello messages use TCP packets with a destination port number of 646.
D. Multiple sessions can be established between a pair of LSRs if they use multiple label spaces.
E. Per-platform label space can be identified by a label space ID of 0 in the LDP identifier field.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which two of the following statements about the MPLS configurations are true? (Choose two.)

A. The VPI range being configured is the default VPI range.
B. The router is missing the mpls label protocol ldp configuration command on its ATM 0/0.1 subinterface to make it an LC-ATM enabled subinterface.
C. There is a problem with the configurations because the control VC should be set to 0 32 instead.
D. The ATM switch is using VC merge since VC merge is enabled by default.
E. For MPLS label allocations, both VPI 6 and 7 can be used.
Correct Answer: DE Section: (none) Explanation
QUESTION 8
What does the following command accomplish? sanjose#clear ip bgp 10.1.1.1 in prefix-filter
A. The sanjose router will perform an outbound soft reconfig to the 10.1.1.1 neighbor.
B. The sanjose router will send out the ORF prefix-list so that a new route refresh will be received from the
1.1.1 neighbor.
C. The 10.1.1.1 router will perform an inbound soft reconfig on the updates from the sanjose neighbor.
D. The 10.1.1.1 router will send out the ORF prefix-list so that a new route refresh will be received from the sanjose neighbor.
E. The bgp session between the sanjose and the 10.1.1.1 router will be reset so that all the new bgp updates from the 10.1.1.1 router can be processed by the inbound prefix-list at the sanjose router.
F. The bgp session between the sanjose and the 10.1.1.1 router will be reset so that all the new bgp updates from the sanjose router can be processed by the inbound prefix-list at the 10.1.1.1 router.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Based on the topology diagram shown in the exhibit, when should BGP be used as the routing protocol between the customer and the ISP?

A. If physical link failures can not be detected by the link-level procedures.
B. If the customer wants to affect how the ISP will route the customer’s traffic out to the rest of the Internet.
C. If the ISP does not support static routing with the customer.
D. If the customer is using provider-assigned (PA) addresses inside the customer’s network.
E. If the customer is using private addresses inside the customer’s network.
Correct Answer: A Section: (none)
Explanation
QUESTION 10
Based on the network diagram shown in the exhibit, what is the correct configuration on the customer edge router used to conditionally announce the customer networks to the ISP?

A. router bgp 65001 ! neighbor commands not shown network 192.168.8.0 mask 255.255.252.0 ! ip route 192.168.8.0 255.255.252.0 192.168.8.33
B. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 summary-only ! ip route 192.168.8.0 255.255.252.0 192.168.8.33
C. router bgp 65001 ! neighbor commands not shown network 192.168.8.0 network 192.168.9.0 network 192.168.10.0 network 192.168.11.0 ! ip route 192.168.8.0 255.255.255.0 null0 ip route 192.168.9.0 255.255.255.0 null0 ip route 192.168.10.0 255.255.255.0 null0 ip route 192.168.11.0 255.255.255.0 null0
D. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 summary-only ! router ospf 1 network 192.168.8.0 0.0.3.255 area 0
E. router bgp 65001 ! neighbor commands not shown aggregate-address 192.168.8.0 255.255.252.0 ! ip route 192.168.8.0 255.255.252.0 null0
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which two statements about a transit AS are correct? (Choose two.)
A. A transit AS has eBGP connection(s) to only one external AS.
B. Routes between ASs are always exchanged via eBGP.
C. A transit AS uses an IGP like OSPF or ISIS to propagate the external networks within the transit AS.
D. Core routers within a transit AS normally use default routing to reach the external networks.
E. iBGP sessions can be established between non directly connected routers.
Correct Answer: BE Section: (none) Explanation
QUESTION 12
Based on the network diagram shown in the exhibit, both R5 and R6 are clients of the R2 RR. When the 0.0.0/8 iBGP update from R3 is received by the R2 RR, which router(s) will R2 reflect the update to?

A. R1 only
B. R5 and R6
C. R5, R6 and R1
D. R4, R5 and R6
E. R4, R5, R6 and R1
F. to no other router
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which show command can be used to display the originator ID and cluster-list?
A. show ip bgp
B. show ip bgp sum
C. show ip route bgp
D. show ip route {prefix}
E. show ip bgp {prefix}
F. show ip bgp neighbors {ip address}
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which command is used to configure the external, confederation-wide AS number?
A. router(config)#router bgp {as-number}
B. router(config-router)#bgp confederation peers {as-number}
C. router(config-router)#bgp confederation identifier {as-number}
D. router(config-router)#bgp cluster-id {as-number}
E. router(config-router)#neighbor {ip address} remote-as {as-number}
Correct Answer: C Section: (none) Explanation
QUESTION 15
As the penalty for a flapping route decreases and falls below a certain limit, the route is unsuppressed. What is the name of that limit?
A. half-life limit
B. suppress limit
C. max-suppress-time limit
D. reuse limit
E. unsuppress limit
F. penalty limit
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 16
What is the difference in implementation between a managed CE services MPLS VPN and a central services MPLS VPN?
A. RD assignment
B. selective routes export
C. selective routes import
D. MP-BGP route redistribution filtering
E. CE-PE routing process
F. none
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 17
In a Transit AS, how do the internal routers within the Transit AS forward packets destined for the external networks using a scalable solution?
A. using the default route
B. using the IGP routes where the external networks are redistributed into the IGP by the edge routers
C. using the EBGP routes where the external networks are redistributed into the IBGP by the edge routers
D. using the IBGP routes, then using recursive lookup based on IGP information to resolve the BGP next-hop
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Given the following configurations, R2 and R3 are not able to successfully establish the IBGP session using the loopback 0 interfaces. What could be the cause of this problem?

! output omitted
!
hostname R2 ! interface loopback 0 ip address 2.2.2.2 ! interface e0 ip address 10.1.1.1 255.255.255.0 no shut ! interface e1 ip address 10.2.2.1 255.255.255.0 no shut ! router bgp 65101 neighbor 172.16.1.1 remote-as 65100 neighbor 3.3.3.3 remote-as 65101 ! router eigrp 101 network 10.0.0.0 network 2.0.0.0 ! !
! output omitted !
hostname R3 ! interface loopback 0 ip address 3.3.3.3 ! interface e0 ip address 10.1.1.2 255.255.255.0 no shut ! interface e1 ip address 10.2.2.2 255.255.255.0 no shut ! router bgp 65101 neighbor 192.168.1.1 remote-as 65102 neighbor 2.2.2.2 remote-as 65101 ! router eigrp 101 network 10.0.0.0 network 3.0.0.0 !
A. The “No Sync” BGP configuration command is missing.
B. R2 and R3 are not using the loopback0 IP address as the source address for the BGP messages to each other.
C. The “network 2.0.0.0” BGP configuration command is missing on R2 and the “network 3.0.0.0” BGP configuration command is missing on R3.
D. The “neighbor 2.2.2.2 ibgp-multihop 2” BGP configuration command is missing on R3 and the “neighbor 3.3.3.3 ibgp-multihop 2” BGP configuration command is missing on R2.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
AS-Path prepending is used in AS1 in order to influence the return traffic path from AS 5 to AS 1 through the higher speed path via AS 2. _____ needs to be configured for AS-Path prepending and a minimum of _____ of the AS number should be prepended.

A. R1; one copy
B. R2; one copy
C. R1; two copies
D. R2; two copies
E. R2; three copies
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
In a multihomed environment with two ISP connections, which two statements are true? (Choose two.)
A. The customer should not be configured to act as a transit AS between the two ISPs.
B. It is recommended that the multi-homed customer use a registered (public) AS number.
C. AS-Path prepending can be configured on the customer’s edge router to influence the BGP path selection process for the outbound traffic (traffic from the customer to the ISPs).
D. The customer can use Local Preference on the customer’s edge routers to influence the BGP path selection process for the inbound traffic (traffic from the ISPs to the customer).
E. The advertisement of the customer’s IP address space can be conditioned by the customer’s edge routers by using a static route to the null0 interface and by using the proper network statement under router bgp.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

CCNA Exam Certification Guide is a best-of-breed Cisco 642-691 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and Cisco 642-691 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.Cisco 642-691 Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

New Version Professional Cisco 642-618 Exam Questions By Training Flydumps New Cisco 642-618 Exam DumpsNew Version Professional Cisco 642-618 Exam Questions By Training Flydumps New Cisco 642-618 Exam Dumps

 

New VCE and PDF – You can prepare Cisco 642-618 exam in an easy way with Cisco 642-618 questions and answers. By training our Cisco 642-618 vce dumps with all the latest questions, you can pass the exam in the first attempt.

Exam A
QUESTION 1
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 2
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 3
By default, how does the Cisco ASA authenticate itself to the Cisco ASDM users?
A. The administrator validates the Cisco ASA by examining the factory built-in identity certificate thumbprint of the Cisco ASA.
B. The Cisco ASA automatically creates and uses a persistent self-signed X.509 certificate to authenticate itself to the administrator.
C. The Cisco ASA automatically creates a self-signed X.509 certificate on each reboot to authenticate itself to the administrator.
D. The Cisco ASA and the administrator use a mutual password to authenticate each other.
E. The Cisco ASA authenticates itself to the administrator using a one-time password.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 4
When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?
A. if multiple context mode is configured
B. if the destination MAC address is unknown
C. if the destination is more than a hop away from the Cisco ASA
D. if NAT is configured
E. if dynamic ARP inspection is configured

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 5
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
C. botnet traffic filter
D. scanning threat detection
E. IPS (IP audit)

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 6
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
A. TCP normalizer
B. TCP intercept
C. ip verify command
D. established command
E. tcp-map and tcp-options commands
F. set connection advanced-options command

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 7
Refer to the exhibit.

Which statement about the Telnet session from 10.0.0.1 to 172.26.1.200 is true?
A. The Telnet session should be successful.
B. The Telnet session should fail because the route lookup to the destination fails.
C. The Telnet session should fail because the inside interface inbound access list will block it.
D. The Telnet session should fail because no matching flow was found.
E. The Telnet session should fail because inside NAT has not been configured.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 8
Refer to the exhibit.

On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)
A. nat (inside) 1 10.1.1.10 global (outside) 1 192.168.1.1
B. nat (outside) 1 192.168.1.1 global (inside 1 10.1.1.10
C. static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80
E. object network 192.168.1.1 nat (inside,outside) static 10.1.1.10
F. object network 10.1.1.10 nat (inside,outside) static 192.168.1.1
G. access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http access-group outside_access_in in interface outside
H. access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http access-group outside_access_in in interface outside

Correct Answer: FG Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 9
Refer to the exhibit.

Which corresponding Cisco ASA Software Version 8.3 command accomplishes the same Cisco ASA Software Version 8.2 NAT configuration?
A. nat (any,any) dynamic interface
B. nat (any,any) static interface
C. nat (inside,outside) dynamic interface
D. nat (inside,outside) static interface
E. nat (outside,inside) dynamic interface
F. nat (outside,inside) static interface

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 10
Refer to the exhibit.

Which traffic is permitted on the inside interface without any interface ACLs configured?
A. any IP traffic input to the inside interface
B. any IP traffic input to the inside interface destined to any lower security level interfaces
C. only HTTP traffic input to the inside interface
D. only HTTP traffic output from the inside interface E. No input traffic is permitted on the inside interface. F. No output traffic is permitted on the inside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 11
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, how is the Cisco ASA management IP address configured?
A. using the IP address global configuration command
B. using the IP address GigabitEthernet 0/x interface configuration command
C. using the IP address BVI x interface configuration command
D. using the bridge-group global configuration command
E. using the bridge-group GigabitEthernet 0/x interface configuration command
F. using the bridge-group BVI x interface configuration command

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 12
Refer to the exhibit.

Which Cisco ASA CLI nat command is generated based on this Cisco ASDM NAT configuration?
A. nat (dmz, outside) 1 source static any any
B. nat (dmz, outside) 1 source static any outside
C. nat (dmz,outside) 1 source dynamic any interface
D. nat (dmz, outside) 1 source static any interface destination static any any
E. nat (dmz, outside) 1 source dynamic any outside destination static any any

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 13
Refer to the exhibit.

Which additional Cisco ASA Software Version 8.3 NAT configuration is needed to meet the following requirements?
When any host in the 192.168.1.0/24 subnet behind the inside interface accesses any destinations in the 10.10.1.0/24 subnet behind the outside interface, PAT them to the outside interface. Do not change the destination IP in the packet.
A. nat (inside,outside) source static inside-net interface destination static outhosts outhosts
B. nat (inside,outside) source dynamic inside-net interface destination static outhosts outhosts
C. nat (outside,inside) source dynamic inside-net interface destination static outhosts outhosts
D. nat (outside,inside) source static inside-net interface destination static outhosts outhosts
E. nat (any, any) source dynamic inside-net interface destination static outhosts outhosts
F. nat (any, any) source static inside-net interface destination static outhosts outhosts

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 14
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.
Correct Answer: BC Section: (none) Explanation

Explanation/Reference:
Explanation:
QUESTION 15
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 16
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 17
For which purpose is the Cisco ASA CLI command aaa authentication match used?
A. Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.
B. Enable authentication for console connections to the Cisco ASA appliance.
C. Enable authentication for connections through the Cisco ASA appliance.
D. Enable authentication for IPsec VPN connections to the Cisco ASA appliance.
E. Enable authentication for SSL VPN connections to the Cisco ASA appliance.
F. Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Which option is one requirement before a Cisco ASA appliance can be upgraded from Cisco ASA Software Version 8.2 to 8.3?
A. Remove all the pre 8.3 NAT configurations in the startup configuration.
B. Upgrade the memory on the Cisco ASA appliance to meet the memory requirement of Cisco ASA Software Version 8.3.
C. Request new Cisco ASA licenses to meet the 8.3 licensing requirement.
D. Upgrade Cisco ASDM to version 6.2.
E. Migrate interface ACL configurations to include interface and global ACLs.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

Cisco 642-618 Questions and Answers Products basically comprise of the simulated Cisco 642-618 exam questions AND their most correct answers,accompanied with a methodical elucidation of the Cisco 642-618 answers and the probable wrong answers.The extent to which Cisco 642-618 Questions and Answers Products cover their Cisco subject is so thorough,that once you are done with a Cisco product, passing the Cisco 642-618 exam in first attempt should be a piece of cake.

New Updated 100 Percent Pass Cisco 642-618 Exam From Flydumps For Free DownloadNew Updated 100 Percent Pass Cisco 642-618 Exam From Flydumps For Free Download

100% Pass!Do you want to pass Cisco 642-618 exam quickly? Go to flydumps.com to get more free exam dumps.All the Cisco 642-618 exam dumps are timely updated by the professional experts.Also we guarantee 100% pass and money back guarante

Exam A
QUESTION 1
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
A. nspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 2
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 3
When enabling a Cisco ASA to send syslog messages to a syslog server, which syslog level will produce the most messages?
A. notifications
B. informational
C. alerts
D. emergencies
E. errors
F. debugging

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 4
What can be determined about the connection status?

A. The output is showing normal activity to the inside 10.1.1.50 web server.
B. Many HTTP connections to the 10.1.1.50 web server have successfully completed the threeway TCP handshake.
C. Many embryonic connections are made from random sources to the 10.1.1.50 web server.
D. The 10.1.1.50 host is triggering SYN flood attacks against random hosts on the outside.
E. The 10.1.1.50 web server is terminating all the incoming HTTP connections.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist?
A. HTTP inspection
B. DNS inspection and snooping
C. WebACL
D. dynamic botnet database fetches (updates)
E. static blacklist
F. static whitelist

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 6

Which statement about the policy map named test is true?

A. Only HTTP inspection will be applied to the TCP port 21 traffic.
B. Only FTP inspection will be applied to the TCP port 21 traffic.
C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.
D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration conflicts with the ftp class map.
E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which Cisco ASA feature can be configured using this Cisco ASDM screen?

A. Cisco ASA command authorization using TACACS+
B. AAA accounting to track serial, ssh, and telnet connections to the Cisco ASA
C. Exec Shell access authorization using AAA
D. cut-thru proxy
E. AAA authentication policy for Cisco ASDM access

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 8
Which command enables the stateful failover option?

A. failover link MYFAILOVER GigabitEthernet0/2
B. failover lan interface MYFAILOVER GigabitEthernet0/2
C. failover interface ip MYFAILOVER 172.16.5.1 255.255.255.0 standby 172.16.5.10
D. preempt
E. failover group 1 primary
F. failover lan unit primary

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
In which type of environment is the Cisco ASA MPF set connection advanced-options tcp-statebypass option the most useful?
A. SIP proxy
B. WCCP
C. BGP peering through the Cisco ASA
D. asymmetric traffic flow
E. transparent firewall

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which statement about the MPF configuration is true?

A. Any non-RFC complaint FTP traffic will go through additional deep FTP packet inspections.
B. FTP traffic must conform to the FTP RFC, and the FTP connection will be dropped if the PUT command is used.
C. FTP traffic must conform to the FTP RFC, and the FTP connection will be dropped if the PUT command is used.
D. The ftp-pm policy-map type should be type inspect.
E. Due to a configuration error, all FTP connections through the outside interface will not be permitted.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What is a reasonable conclusion?

A. The maximum number of TCP connections that the 10.1.1.99 host can establish will be 146608.
B. All the connections from the 10.1.1.99 have completed the TCP three-way handshake.
C. The 10.1.1.99 hosts are generating a vast number of outgoing connections, probably due to a virus.
D. The 10.1.1.99 host on the inside is under a SYN flood attack.
E. The 10.1.1.99 host operations on the inside look normal.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 12
By default, how does the Cisco ASA authenticate itself to the Cisco ASDM users?
A. The administrator validates the Cisco ASA by examining the factory built-in identity certificate thumbprint of the Cisco ASA.
B. The Cisco ASA automatically creates and uses a persistent self-signed X.509 certificate to authenticate itself to the administrator.
C. The Cisco ASA automatically creates a self-signed X.509 certificate on each reboot to authenticate itself to the administrator.
D. The Cisco ASA and the administrator use a mutual password to authenticate each other.
E. The Cisco ASA authenticates itself to the administrator using a one-time password.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 13

When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?
A. if multiple context mode is configured
B. if the destination MAC address is unknown
C. if the destination is more than a hop away from the Cisco ASA
D. if NAT is configured
E. if dynamic ARP inspection is configured

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which flag shown in the output of the show conn command is used to indicate that an initial SYN packet is from the outside (lower security-level interface)?

A. B
B. D
C. b
D. A
E. a
F. i
G. I
H. O

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which statement about the default ACL logging behavior of the Cisco ASA is true?
A. The Cisco ASA generates system message 106023 for each denied packet when a deny ACE is configured.
B. The Cisco ASA generates system message 106023 for each denied packet when a deny ACE is configured.
C. The Cisco ASA generates system message 106100 only for the first packet that matched an ACE.
D. The Cisco ASA generates system message 106100 for each packet that matched an ACE.
E. No ACL logging is enabled by default.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to the server.
A. TCP normalizer
B. TCP normalizer
C. TCP intercept
D. basic threat detection
E. advanced threat detection
F. botnet traffic filter

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which option is not supported when the Cisco ASA is operating in transparent mode and also is using multiple security contexts?
A. NAT
B. shared interface
C. security context resource management
D. Layer 7 inspections
E. failover

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
What does the * next to the CTX security context indicate?

A. The CTX context is the active context on the Cisco ASA.
B. The CTX context is the standby context on the Cisco ASA.
C. The CTX context contains the system configurations.
D. The CTX context has the admin role.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
C. botnet traffic filter
D. scanning threat detection
E. IPS (IP audit)

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
A. TCP normalizer
B. TCP intercept
C. ip verify command
D. established command
E. tcp-map and tcp-options commands
F. set connection advanced-options command

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Cisco 642-618 Interactive Testing Engine is an engine that can be downloaded and installed on your PC.This Cisco 642-618 is not only advanced and equipped with much more features,it is also not internet dependent, once installed.It enables you to see Interconnecting Cisco Networking Devices Part 1 questions and answers in a simulated Cisco 642-618 exam environment. Working with Cisco 642-618 Interactive Testing Engine is like passing an actual Cisco 642-618 exam.

Flydumps 100% Cisco 642-617 Practice Tests Questions Helps Pass Cisco 642-617 Exam QuicklyFlydumps 100% Cisco 642-617 Practice Tests Questions Helps Pass Cisco 642-617 Exam Quickly

Most accurate Cisco 642-617 practice test for you to free download.Cisco 642-617 is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free Cisco 642-617 VCE test engine and PDF.

Exam A
QUESTION 1
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected bydefault.
B. HTTP flows match theinspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows arestatefully inspected using TCP stateful inspection.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to the server.
A. TCPnormalizer
B. TCP state bypass
C. TCP intercept
D. basic threat detection
E. advanced threat detection
F. botnet traffic filter

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 4
Refertothe exhibit. Which Cisco ASA feature can be configured using this Cisco ASDM screen?
Build Your Dreams PassGuide 642-617

A. Cisco ASA command authorization using TACACS+
B. AAA accounting to track serial,ssh, and telnet connections to the Cisco ASA
C. Exec Shell access authorization using AAA
D. cut-thru proxy
E. AAA authentication policy for Cisco ASDM access

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?

A. The Cisco ASA has NAT control disabled on each security context.
B. The Cisco ASA is using inside dynamic NAT on each security context.
C. The Cisco ASA is using a unique MAC address on each security context outside interface.
D. The Cisco ASA is using a unique dynamic routing protocol process on each security Build Your Dreams PassGuide 642-617 context.
E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which four types of ACL object group are supported on the Cisco ASA (release 8.2)? (Choose four.)
A. protocol
B. network
C. port
D. service
E. icmp-type
F. host

Correct Answer: ABDE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which two CLI commands will result? (Choose two. )

A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 8
Refer to the exhibit. Which two statements about the class maps are true? (Choose two.)

A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within theinspection_default class map for matching the default inspection traffic.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?

A. extended ACL on the outside and inside interface to permit the multicast traffic
B. EtherType ACL on the outside and inside interface to permit the multicast traffic
C. stateful packet inspection
D. static ARP mapping
E. static MAC address mapping

Correct Answer: A Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco
Build Your Dreams PassGuide 642-617
ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibits. Which five options should be entered into the five fields in the Cisco ASDM Add Static Policy NAT Rule screen? (Choose five.) access-list POLICY_NAT_ACL extended permit ip host
172.16.0.10 10.0.1.0 255.255.255.0 static (dmz,outside) 192.168.2.10 access-list POLICY_NAT_ACL

A. dmz = Original Interface
B. outside = Original Interface
C. 172.16.0.10 = Original Source
D. 192.168.2.10 = Original Source
E. 10.0.1.0/24 = Original Destination
F. 192.168.2.10 = Original Destination
G. dmz = Translated Interface Build Your Dreams PassGuide 642-617
H. outside = Translated Interface
I. 192.168.2.10 = Translated Use IP Address
J. 172.16.0.10 = Translated Use IP Address

Correct Answer: ACEHI Section: (none) Explanation
Explanation/Reference:
QUESTION 12
By default, which access rule is applied inbound to the inside interface?
A. All IP traffic is denied.
B. All IP traffic is permitted.
C. All IP traffic sourced from any source to any less secure network destinations is permitted.
D. All IP traffic sourced from any source to any more secure network destinations is permitted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 13
In which type of environment is the Cisco ASA MPF set connection advanced-options tcp-statebypass option the most useful?
A. SIP proxy
B. WCCP
C. BGP peering through the Cisco ASA
D. asymmetric traffic flow
E. transparent firewall

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
A. 5540
B. 5550
C. 5580-20
D. 5580-40

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Refer to the exhibit. What is the resulting CLI command?
Build Your Dreams PassGuide 642-617

A. match requesturi regex _default_GoToMyPC-tunnel drop-connection log
B. matchregex _default_GoToMyPC-tunnel drop-connection log
C. class _default_GoToMyPC-tunnel drop-connection log
D. match class-map _default_GoToMyPC-tunnel drop-connection log

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 17
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
A. Use redundant interfaces.
B. Enable thestateful failover interface between the primary and secondary Cisco ASA.
C. Decrease the defaultunitfailover polltime to 300 msec and the unitfailover holdtime to 900 msec
D. Decrease the default number of monitored interfaces to 1.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 18
When enabling a Cisco ASA to send syslog messages to a syslog server, which syslog level will produce the most messages?
A. notifications
B. informational
C. alerts
D. emergencies
E. errors
F. debugging

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
C. botnet traffic filter
D. scanning threat detection
E. IPS (IP audit)
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 20
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering Build Your Dreams PassGuide 642-617
E. TCPnormalizer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

 

 

The Cisco 642-617 Certified Network Associate (CCNA) is the composite exam associated with the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 and the Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 courses. This exam tests a candidate’s knowledge and skills required to install, operate, and troubleshoot a small to medium size enterprise branch network. The topics include connecting to a WAN; implementing network security; network types; network media; routing and switching fundamentals; the TCP/IP and OSI models; IP addressing; WAN technologies; operating and configuring IOS devices; extending switched networks with VLANs; determining IP routes; managing IP traffic with access lists; establishing point-to-point connections; and establishing Frame Relay connections.