Cisco CCNP Security 642-618 Training

Deploying Cisco ASA Firewall Solutions (FIREWALL) 642-618 exam is associated with the CCSP, CCNP Security and Cisco ASA Specialist certifications. This exam tests a candidate’s knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA FIREWALL 642-618 course.

QUESTION NO: 1
Which Cisco ASA (8.4.1 and later) CLI command is the best command to use for troubleshooting SSH connectivity from the Cisco ASA appliance to the outside 192.168.1.1 server?
A. telnet 192.168.1.1 22
B. ssh -l username 192.168.1.1
C. traceroute 192.168.1.1 22
D. ping tcp 192.168.1.1 22
E. packet-tracer input inside tcp 10.0.1.1 2043 192.168.4.1 ssh
Answer: D

QUESTION NO: 2
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map
Answer: D

QUESTION NO: 3
Which Cisco ASA CLI command is used to enable HTTPS (Cisco ASDM) access from any inside host on the 10.1.16.0/20 subnet?
A. http 10.1.16.0 0.0.0.0 inside
B. http 10.1.16.0 0.0.15.255 inside
C. http 10.1.16.0 255.255.240.0 inside
D. http 10.1.16.0 255.255.255.255
Answer: C

QUESTION NO: 4
Which statement about Cisco ASA multicast routing support is true?
A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from multicast receivers to the upstream multicast router.
C. The Cisco ASA appliance supports DVMRP and PIM.
D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be
enabled at the same time.
E. The Cisco ASA appliance supports only IGMP v1.
Answer: D

QUESTION NO: 5
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance?
(Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode
Answer: A,B,E,F

QUESTION NO: 6
Refer to the exhibit.

Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?
A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10
route dmz 10.3.3.0 0.0.0.255 172.16.1.11
B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1
route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10
route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10
route dmz 10.3.3.0 255.255.255.0 172.16.1.11
E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1
route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10
route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2
Answer: F

QUESTION NO: 7
Which statement about static or default route on the Cisco ASA appliance is true?
A. The admin distance is 1 by default.
B. From the show route output, the [120/3] indicates an admin distance of 3.
C. A default route is specified using the 0.0.0.0 255.255.255.255 address/mask combination.
D. The tunneled command option is used to enable route tracking.
E. The interface-name parameter in the route command is an optional parameter if the static route points to the next-hop router IP address.
Answer: A

QUESTION NO: 8
Refer to the exhibit.

Which Cisco ASA configuration has the minimum number of the required configuration commands to enable the Cisco ASA appliance to establish EIGRP neighborship with its two neighboring routers?
A. router eigrp 1
network 10.0.0.0 255.0.0.0
B. router eigrp 1
network 10.0.0.0 255.0.0.0
network 192.168.1.0 255.255.255.0
network 192.168.2.0 255.255.255.0
C. router eigrp 1
network 10.1.1.0 255.255.255.0
network 10.2.2.0 255.255.255.0
D. router eigrp 1
network 10.1.1.0 255.255.255.0
network 10.2.2.0 255.255.255.0
network 192.168.1.0 255.255.255.0
network 192.168.2.0 255.255.255.0
E. router eigrp 1
network 0.0.0.0 255.255.255.255
Answer: A

QUESTION NO: 9
Which configuration step is the first to enable PIM-SM on the Cisco ASA appliance?
A. Configure the static RP IP address.
B. Enable IGMP forwarding on the required interface(s).
C. Add the required static mroute(s).
D. Enable multicast routing globally on the Cisco ASA appliance.
E. Configure the Cisco ASA appliance to join the required multicast groups.
Answer: D

QUESTION NO: 10
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options
Answer: E