Flydumps 100% Cisco 642-617 Practice Tests Questions Helps Pass Cisco 642-617 Exam QuicklyFlydumps 100% Cisco 642-617 Practice Tests Questions Helps Pass Cisco 642-617 Exam Quickly
Most accurate Cisco 642-617 practice test for you to free download.Cisco 642-617 is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free Cisco 642-617 VCE test engine and PDF.
Exam A
QUESTION 1
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected bydefault.
B. HTTP flows match theinspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows arestatefully inspected using TCP stateful inspection.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to the server.
A. TCPnormalizer
B. TCP state bypass
C. TCP intercept
D. basic threat detection
E. advanced threat detection
F. botnet traffic filter
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refertothe exhibit. Which Cisco ASA feature can be configured using this Cisco ASDM screen?
Build Your Dreams PassGuide 642-617
A. Cisco ASA command authorization using TACACS+
B. AAA accounting to track serial,ssh, and telnet connections to the Cisco ASA
C. Exec Shell access authorization using AAA
D. cut-thru proxy
E. AAA authentication policy for Cisco ASDM access
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem?
A. The Cisco ASA has NAT control disabled on each security context.
B. The Cisco ASA is using inside dynamic NAT on each security context.
C. The Cisco ASA is using a unique MAC address on each security context outside interface.
D. The Cisco ASA is using a unique dynamic routing protocol process on each security Build Your Dreams PassGuide 642-617 context.
E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign the packets to each security context.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which four types of ACL object group are supported on the Cisco ASA (release 8.2)? (Choose four.)
A. protocol
B. network
C. port
D. service
E. icmp-type
F. host
Correct Answer: ABDE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which two CLI commands will result? (Choose two. )
A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 8
Refer to the exhibit. Which two statements about the class maps are true? (Choose two.)
A. These class maps are referenced within the global policy by default for HTTP inspection.
B. These class maps are all type inspect http class maps.
C. These class maps classify traffic using regular expressions.
D. These class maps are Layer 3/4 class maps.
E. These class maps are used within theinspection_default class map for matching the default inspection traffic.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic?
A. extended ACL on the outside and inside interface to permit the multicast traffic
B. EtherType ACL on the outside and inside interface to permit the multicast traffic
C. stateful packet inspection
D. static ARP mapping
E. static MAC address mapping
Correct Answer: A Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco
Build Your Dreams PassGuide 642-617
ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibits. Which five options should be entered into the five fields in the Cisco ASDM Add Static Policy NAT Rule screen? (Choose five.) access-list POLICY_NAT_ACL extended permit ip host
172.16.0.10 10.0.1.0 255.255.255.0 static (dmz,outside) 192.168.2.10 access-list POLICY_NAT_ACL
A. dmz = Original Interface
B. outside = Original Interface
C. 172.16.0.10 = Original Source
D. 192.168.2.10 = Original Source
E. 10.0.1.0/24 = Original Destination
F. 192.168.2.10 = Original Destination
G. dmz = Translated Interface Build Your Dreams PassGuide 642-617
H. outside = Translated Interface
I. 192.168.2.10 = Translated Use IP Address
J. 172.16.0.10 = Translated Use IP Address
Correct Answer: ACEHI Section: (none) Explanation
Explanation/Reference:
QUESTION 12
By default, which access rule is applied inbound to the inside interface?
A. All IP traffic is denied.
B. All IP traffic is permitted.
C. All IP traffic sourced from any source to any less secure network destinations is permitted.
D. All IP traffic sourced from any source to any more secure network destinations is permitted
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 13
In which type of environment is the Cisco ASA MPF set connection advanced-options tcp-statebypass option the most useful?
A. SIP proxy
B. WCCP
C. BGP peering through the Cisco ASA
D. asymmetric traffic flow
E. transparent firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
A. 5540
B. 5550
C. 5580-20
D. 5580-40
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Refer to the exhibit. What is the resulting CLI command?
Build Your Dreams PassGuide 642-617
A. match requesturi regex _default_GoToMyPC-tunnel drop-connection log
B. matchregex _default_GoToMyPC-tunnel drop-connection log
C. class _default_GoToMyPC-tunnel drop-connection log
D. match class-map _default_GoToMyPC-tunnel drop-connection log
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 17
With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
A. Use redundant interfaces.
B. Enable thestateful failover interface between the primary and secondary Cisco ASA.
C. Decrease the defaultunitfailover polltime to 300 msec and the unitfailover holdtime to 900 msec
D. Decrease the default number of monitored interfaces to 1.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 18
When enabling a Cisco ASA to send syslog messages to a syslog server, which syslog level will produce the most messages?
A. notifications
B. informational
C. alerts
D. emergencies
E. errors
F. debugging
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
C. botnet traffic filter
D. scanning threat detection
E. IPS (IP audit)
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering Build Your Dreams PassGuide 642-617
E. TCPnormalizer
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
The Cisco 642-617 Certified Network Associate (CCNA) is the composite exam associated with the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 and the Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 courses. This exam tests a candidate’s knowledge and skills required to install, operate, and troubleshoot a small to medium size enterprise branch network. The topics include connecting to a WAN; implementing network security; network types; network media; routing and switching fundamentals; the TCP/IP and OSI models; IP addressing; WAN technologies; operating and configuring IOS devices; extending switched networks with VLANs; determining IP routes; managing IP traffic with access lists; establishing point-to-point connections; and establishing Frame Relay connections.