Cisco 642-618 Actual Free Exam Questions & Community Discussion

Exam Code/Number: 642-618
Exam Name/Title: Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0)
Certification Provider: Cisco
Corresponding Certification: CCNP Security

Exam Questions: 137
Updated On: May 31, 2026

Question #19

Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.

A. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside

B. established tcp 2001 permit udp 5000-5500

C. established tcp 2001 permit to udp 5000-5500

D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside

E. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside

F. established tcp 2001 permit from udp 5000-5500

G. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside

Discussion 0

Correct Answer: C,E Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #20

By default, which access rule is applied inbound to the inside interface?

A. All IP traffic is permitted.

B. All IP traffic is denied.

C. All IP traffic sourced from any source to any less secure network destinations is permitted.

D. All IP traffic sourced from any source to any more secure network destinations is permitted

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #21

Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?

A. match dscp

B. match access-list

C. match default-inspection-traffic

D. match tunnel-group

E. match port

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #22

Which flag not shown in the output of the show conn command is used to indicate that an initial SYN packet is from the outside (lower security-level interface)?

A. B

B. D

C. b

D. I

E. O

F. a

G. i

H. A

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #23

When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?

A. if dynamic ARP inspection is configured

B. if NAT is configured

C. if multiple context mode is configured

D. if the destination MAC address is unknown

E. if the destination is more than a hop away from the Cisco ASA

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #24

Refer to the exhibit.

Which two CLI commands result from this configuration? (Choose two.)

A. aaa authorization exec authentication-server LOCAL

B. aaa authorization exec authentication-server

C. aaa authorization command LOCAL

D. aaa authorization exec LOCAL

E. aaa authorization network LOCAL

F. aaa authorization network default authentication-server LOCAL

Discussion 0

Correct Answer: C,D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #25

Which two statements about Cisco ASA redundant interface configuration are true? (Choose two.)

A. Each Cisco ASA supports up to eight redundant interfaces.

B. Redundant interfaces use MAC address-based load balancing to load share traffic across multiple physical interfaces.

C. When the standby interface becomes active, the Cisco ASA sends gratuitous ARP out on the standby interface.

D. Each redundant interface can have up to four physical interfaces as its member.

E. Interface duplex and speed configurations are configured under the redundant interface.

Discussion 0

Correct Answer: A,C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #26

Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)

A. reset

B. pass

C. priority

D. inspect

E. log

F. drop

Discussion 0

Correct Answer: A,E,F Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #27

What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist?

A. static whitelist

B. static blacklist

C. DNS inspection and snooping

D. WebACL

E. dynamic botnet database fetches (updates)

F. HTTP inspection

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Download Free Cisco 642-618 Demo

Simply submit your e-mail address below to get started with our free demo of your Cisco 642-618 exam.