Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-618 Exam - Cheat-Test.com

Free 642-618 Sample Questions:

Q: 1
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options
Answer: E
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpnorm.html

Q: 2
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP
Answer: A
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/fwmode.html

Q: 3
When enabling a Cisco ASA to send syslog messages to a syslog server, which syslog level will produce the most messages?
A. notifications
B. informational
C. alerts
D. emergencies
E. errors
F. debugging
Answer: F

Q: 4
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
A. TCP normalizer
B. TCP intercept
C. ip verify command
D. established command
E. tcp-map and tcp-options commands
F. set connection advanced-options command
Answer: D
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/int5505.html
Establishedcommand—This command allows return connections from a lower security host to a higher securityhost if there is already an established connection from the higher level host to the lower level host.
For same security interfaces, you can configure established commands for both directions.

Q: 5
A Cisco ASA is operating in transparent firewall mode, but the MAC address table of the Cisco ASA is always empty, which causes connectivity issues. What should you verify to troubleshoot this issue?
A. if ARP inspection has been disabled
B. if MAC learning has been disabled
C. if NAT has been disabled
D. if ARP traffic is explicitly allowed using EtherType ACL
E. if BPDU traffic is explicitly allowed using EtherType ACL
Answer: B
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/fwmode.html#wp1224836

Q: 6
When active/active failover is implemented on the Cisco ASA, how many failover groups are supported on the Cisco ASA?
A. 1
B. 2
C. 1 failover group per configured security context
D. 2 failover groups per configured security context
Answer: B
Explanation:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#act1
Active/Active Failover Overview
Active/Active failover is only available to security appliances in multiple context mode. In an Active/Activefailover configuration, both security appliances can pass network traffic.
In Active/Active failover, you divide the security contexts on the security appliance into failover groups. Afailover group is simply a logical group of one or more security contexts. You can create a maximum of twofailover groups on the security appliance. The admin context is always a member of failover group 1. Anyunassigned security contexts are also members of failover group 1 by default.The failover group forms the base unit for failover in Active/Active failover. Interface failure monitoring, failover,and active/standby status are all attributes of a failover group rather than the unit. When an active failovergroup fails, it changes to the standby state while the standby failover group becomes active. The interfaces inthe failover group that becomes active assume the MAC and IP addresses of the interfaces in the failovergroup that failed. The interfaces in the failover group that is now in the standby state take over the standbyMAC and IP addresses.
Note: A failover group failing on a unit does not mean that the unit has failed. The unit may still have anotherfailover group passing traffic on it.


© 2014 Cheat-Test.com, All Rights Reserved