Download Free VCE Files: CCNA, A+ Certification, MCSE – Cert4sure CCNP,Cisco Cisco 642-617 Study Guide, Help To Pass Cisco 642-617 Real Exam With New Discount

Cisco 642-617 Study Guide, Help To Pass Cisco 642-617 Real Exam With New Discount

Do not worry about your Cisco 642-617 exam,Flydumps now has published the new veriosn Cisco 642-617 exam dumps with more new added questions and answers,also you can free download Cisco 642-617 vce test software and pdf dumps on Flydumps.com.

QUESTION 40
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected bydefault.
B. HTTP flows match theinspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows arestatefully inspected using TCP stateful inspection.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which feature is not supported on the Cisco ASA 5505 with the Security Plus license? O A. security contexts
A. stateless active/standby failover
B. transparent firewall
C. threat detection
D. traffic shaping

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?
A. Create a new class map.
B. Create a new policy map and apply actions to the traffic classes.
C. Create a new service policy rule.
D. Create the ACLs to be referenced by any of the new class maps.
E. Disable the default global inspection policy.
F. Create a new firewall access rule.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 43
Which statement about the Cisco ASA 5505 configuration is true?
A. The IP address is configured under the physical interface (ethemet 0/0 to ethemet 0/7).
B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address
C. With the default factory configuration, Cisco ASDM access is not enabled.
D. Theswitchport access vlan command can be used to assign the VLAN to each physical interface (ethemet 0/0 to ethemet 0/7).
E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit. What does the * next to the CTX security context indicate?

A. The CTX context is the active context on the Cisco ASA.
B. The CTX context is the standby context on the Cisco ASA.
C. The CTX context contains the system configurations.
D. The CTX context has the admin role.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. loggingHsttest message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7 E. logging trap test

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 46
Refer to the exhibit. Which two configurations are required on the Cisco ASAs so that the return traffic from the 10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active CtxB context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)

A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
A. Group Setup
B. User Setup
C. Shared Profile Components
D. Network Access Profiles
E. Network Configuration Build Your Dreams PassGuide 642-617
F. Interface Configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
A. initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
B. connecting to the console port on the Cisco AIP-SSM
C. using the setup command on the Cisco ASA CLI
D. using thesession 1 command on the Cisco ASA CLI
E. using the hw-module command on the Cisco ASA CLI

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibit. Which three CLI configuration commands result from this configuration? (Choose three.)

A. global (outside) 1 192.168.11
B. nat (inside) 110.16.1.1
C. static(inside.outside) 192.168.1.1 10.16.1.1 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.16.1.1 80
E. access-listoutside_access_in line 1 extended permit tcp any host 192.168.1.1 eq http
F. access-listoutside_access_in line 1 extended permit tcp any host 10.16.1.1 eq http

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Build Your Dreams PassGuide 642-617
Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
A. Change the default metric (admin distance) from 1 to some other value.
B. Enable route tracking.
C. Specify the static route as the default tunnel gateway for VPN traffic.
D. Specify that the static route will not be removed, even if the interface shuts down.
E. Specify a tag value to the static route that can be used as a “match” value for controlling redistribution via route maps

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
On the Cisco ASA, what is the default access rule if no user-defined access lists are defined on the interfaces?

A. All inbound connections from the lower-security interfaces to the higher-security interfaces are permitted.
B. All outbound connections from the higher-security interfaces to the lower-security interfaces are permitted
C. All IP traffic between interfaces with the same security levelare permitted.
D. All IP traffic in and out of the same interface is permitted.
E. All IP traffic is denied.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 52
When the Cisco ASA detects scanning attacks, how long is the attacker who is performing the scan shunned?

A. 120 seconds
B. 600 seconds
C. 1200 seconds
D. 3600 seconds
E. 6000 seconds

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
The ASA administrator wants to configure Botnet Traffic Filter using the dynamic database but it is not working properly after the initiate configuration has been entered. What other configuration is missing?
Build Your Dreams PassGuide 642-617

A. Enabling DNS Snooping
B. Enabling Botnet Traffic Filtering on at least one of the ASA interface
C. Enabling the ASA to periodically download the dynamic database from Cisco
D. Enabling DNS inspection globally
E. Configuring the manual white and black lists

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which two statements about the Cisco ASA configuration is true? (Choose two.)
Build Your Dreams PassGuide 642-617

A. NAT Control is enabled
B. The Cisco ASAis setup as the DHCP server for hosts on the inside and outside interfaces
C. All IP traffic is permitted from the inside host to the outside
D. All hosts on the inside and on the outside can access Cisco ASDM
E. Access to the CLI in privileged mode will be authenticated using the LOCAL database on the Cisco ASA
F. The ASAis using a persistent self-signed certificated so users can authenticate the Cisco ASA when accessing it via Cisco ASDM

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 55
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
Build Your Dreams PassGuide 642-617

A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 56
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit. Which two options will result from the Cisco ASA configuration? (Choose two.)
Build Your Dreams PassGuide 642-617

A. The outside hosts can use the 192.168.100.1 IP address to reach the web server on the inside network.
B. The global IP address of the web server is 209.165.200.230.
C. The inside web client will use the 209.165.200.230 IP address to reach the web server and the Cisco ASA will translate the 209.165.200.230 IP address to the 192.168.100.1 IP address.
D. The Cisco ASA will translate the DNS A-Record reply from the DNS server to any inside client for the web server (web server IP = 192.168.100.1).
E. The web server will be reachable only from the inside.
F. The web server will be reachable only from the outside.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 58
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 59
With Cisco ASA active/active or active/standby stateful failover, which state information or
Build Your Dreams PassGuide 642-617
table is not passed between the active and standby Cisco ASA by default?
A. NAT translation table
B. TCP connection states
C. UDP connection states
D. ARP table
E. HTTP connection table

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Refer to the exhibit. What requirement is mandatory when configuring a Cisco ASA to operate in transparent firewall mode?

A. IP routing must be disabled on the Cisco ASA using the noip routing global configuration command.
B. The Cisco ASA must be configured to use the same MAC address on its outside and inside interfaces.
C. ARP inspection must be enabled on both the inside and outside interfaces using thearpinspection interface-name enable flood command.
D. Both the inside and outside interfaces must be configured with the same security level.
E. An inboundEtherType ACL is required on the inside and outside interfaces to permit ARP traffic.
F. The management IP address of the Cisco ASA configured with theip address global configuration command must belong in the 10.0.1.0/24 subnet.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Build Your Dreams PassGuide 642-617
Refer to the exhibit. Which two statements are true? (Choose two.)

A. The connection isawaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based securesyslog server

Correct Answer: BCDFG Section: (none) Explanation
Explanation/Reference:
QUESTION 63
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. Thenameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 64
What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist?
Build Your Dreams PassGuide 642-617
A. HTTP inspection
B. DNS inspection and snooping
C. WebACL
D. dynamicbotnet database fetches (updates)
E. staticblacklist
F. static white list

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which three statements about traffic shaping capability on the Cisco ASA are true? (Choose three.)
A. Traffic shaping can be applied to all outgoing traffic on a physical interface or in the case of the Cisco ASA 5505, on a VLAN
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure both traffic shaping and priorityqueueing on the same interface.
E. Traffic shaping is not supported on the Cisco ASA 5580.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit. Which statement about the policy map named test is true?

A. Only HTTP inspection will be applied to the TCP port 21 traffic.
B. Only FTP inspection will be applied to the TCP port 21 traffic.
C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.
D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration
conflicts with the ftp class map
E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 67
When troubleshooting a Cisco ASA (running 8.2.2) that is operating in transparent firewall mode, what should you verify to ensure proper operation?
A. The Cisco ASA has not been configured for inside static or dynamic NAT.
B. The Cisco ASA global IP address belongs to the same subnet as the directly connected interfaces.
C. The outside and inside interfaceare connected to different Layer 3 subnets.
D. The Cisco ASA is using a dedicated management interface for management access.
E. The Cisco ASA is configured for ARP inspection.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 69
DRAG DROP A. Build Your Dreams PassGuide 642-617

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which three parameters are set using the set connection command within a policy map on the Cisco ASA
8.2 release? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Cisco 642-617 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-617 exam the first time.