Download New Updated (Spring 2015) Cisco 642-618 Actual Tests 91-100

Ensurepass

 

QUESTION 91

When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)

 

A.      address translation rate

B.      Cisco ASDM session rate

C.      connections rate

D.      MAC-address learning rate (when in transparent mode)

E.       syslog messages rate

F.       stateful packet inspections rate

 

Correct Answer: CEF

 

 

QUESTION 92

Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)

 

A.      Each redundant interface can have up to four physical interfaces as its member.

B.      When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.

C.      Interface duplex and speed configurations are configured under the redundant interface.

D.      Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.

E.       Each Cisco ASA supports up to eight redundant interfaces.

 

Correct Answer: BE

 

 

 

QUESTION 93

The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)

 

A.      transparent mode

B.      multiple context mode

C.      active/standby failover mode

D.      active/active failover mode

E.       routed mode

F.       no NAT-control

 

Correct Answer: ABD

 

 

QUESTION 94

Refer to the exhibit. Which two functions will the Set ASDM Defined User Roles perform? (Choose two.)

 

clip_image001

 

A.      enables role based privilege levels to most Cisco ASA commands

B.      enables the Cisco ASDM user to assign privilege levels manually to individual commands or groups of commands

C.      enables command authorization with a remote TACACS+ server

D.      enables three predefined user account privileges (Admin=Priv 15, Read Only=Priv 5, Monitor Only=Priv 3)

 

Correct Answer: AD

 

 

QUESTION 95

Which two statements about Cisco ASA failover troubleshooting are true? (Choose two.)

 

A.      With active/active failover, failover link troubleshooting should be done in the system execution space.

B.      With active/active failover, ASR groups must be enabled.

C.      With active/active failover, user data passing interfaces troubleshooting should be done within the context execution space.

D.      The failed interface threshold is set to 1. Using the show monitor-interface command, if one of the monitored interfaces on both the primary and secondary Cisco ASA appliances is in the unknown state, a failover should occur.

E.       Syslog level 1 messages will be generated on the standby unit only if the logging standby command is used.

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; text-justify: inter-ideograph; line-height: normal" align="justify"> 

Correct Answer: AC

 

 

QUESTION 96

When troubleshooting a Cisco ASA that is operating in multiple context mode, which two verification steps should be performed if a user context does not pass user traffic? (Choose two.)

 

A.      Verify the interface status in the system execution space.

B.      Verify the mac-address-table on the Cisco ASA.

C.      Verify that unique MAC addresses are configured if the contexts are using non-shared interfaces.

D.      Verify the interface status in the user context.

E.       Verify the resource classes configuration by accessing the admin context.

 

Correct Answer: AD

 

 

QUESTION 97

On the Cisco ASA Software Version 8.4.1, which three parameters can be configured using the set
connection command within a policy map? (Choose three.)

 

A.      per-client TCP and/or UDP idle timeout

B.      per-client TCP and/or UDP maximum session time

C.      TCP sequence number randomization

D.      maximum number of simultaneous embryonic connections

E.       maximum number of simultaneous TCP and/or UDP connections

F.       fragments reassembly options

 

Correct Answer: CDE

 

 

 

 

 

 

 

&nbs
p;

QUESTION 98

Refer to the exhibit. On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)

 

clip_image002

 

A.        nat (inside) 1 10.1.1.10

global (outside) 1 192.168.1.1

 

B.        nat (outside) 1 192.168.1.1

global (inside 1 10.1.1.10

 

C.        static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0

 

D.        static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80

 

E.         object network 192.168.1.1

nat (inside,outside) static 10.1.1.10

 

F.         object network 10.1.1.10

nat (inside,outside) static 192.168.1.1

 

G.        access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http

access-group outside_access_in in interface outside

 

H.        access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http

access-group outside_access_in in interface outside

 

Correct Answer: FG

 

 

QUESTION 99

On Cisco ASA Software Version 8.4.1, which four inspections are enabled by default in the global policy? (Choose four.)

 

A.      HTTP

B.      ESMTP

C.      SKINNY

D.      ICMP

E.       TFTP

F.       SIP

 

Correct Answer: BCEF

 

 

QUESTION 100

Which two statements about traffic shaping capability on the Cisco ASA appliance are true? (Choose two.)

 

A.      Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.

B.      Traffic shaping can be applied in the input or output direction.

C.      Traffic shaping can cause jitter and delay.

D.      You can configure traffic shaping and priority queuing on the same interface.

E.       With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.

 

Correct Answer: AC

Free VCE & PDF File for Cisco 642-618 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …