642-618 Firewall Exam

Deploying Cisco ASA Firewall Solutions (FIREWALL)

Exam Number 642-618 FIREWALL
Last day to test: April 21, 2014
Associated Certifications CCNP Security
Cisco ASA Specialist
Cisco Firewall Security Specialist
Duration 90 minutes (60-70 questions)
Available Languages English, Japanese
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Deploying Cisco ASA Firewall Solutions (FIREWALL) exam is associated with the CCSP, CCNP Security and Cisco ASA Specialist certifications. This exam tests a candidate's knowledge and skills needed to implement and maintain Cisco ASA-based perimeter solutions. Successful candidates will be able to reduce risk to the IT infrastructure and applications using Cisco ASA features, and provide detailed operations support for the Cisco ASA. Candidates can prepare for this exam by taking the Deploying Cisco ASA FIREWALL course.

The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the practical exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.

  • 45%     1.0   ASA Basic Configurations

      • 1.1   Identify the ASA product family
        • 1.1.a   5585-X
        • 1.1.b   8.3 memory requirements
        • 1.1.c   AIP-SSC
        • 1.1.d   AIP-SSM
        • 1.1.e   CSC-SSM
        • 1.1.f   5585-FW/VPN SSP
        • 1.1.g   5585-IPS SSP
      • 1.2   Implement ASA licensing
        • 1.2.a   Identify ASA licensing requirements
        • 1.2.b   Install and Verify ASA license
      • 1.3   Manage the ASA boot process
        • 1.3.a   ROMMON
        • 1.3.b   ASA 5505 factory default config
      • 1.4   Implement ASA interface settings
        • 1.4.a   ASA interface security levels
        • 1.4.b   IP Addressing, DHCP client, Name, Speed, Duplex
        • 1.4.c   Management only interface
        • 1.4.d   VLANs
        • 1.4.e   Same security levels intra and inter interface communications
      • 1.5   Implement ASA management features
        • 1.5.a   Basic settings (hostname, domain name, passwords, DNS)
        • 1.5.b   Passwords encryption (ASA 8.4)
        • 1.5.c   Enabling Management Access methods
        • 1.5.d   Management Access Authentication, Authorization, Accounting
        • 1.5.e   Privilege levels
        • 1.5.f   Local User Database
        • 1.5.g   External Database (ACS 4.2)
        • 1.5.h   NTP
        • 1.5.i   Logging options and Netflow Secure Event Logging
        • 1.5.j   SNMP
        • 1.5.k   DHCP Server
        • 1.5.l   Managing ASA file system/configs/images
        • 1.5.m   Packet Tracer
        • 1.5.n   TCP Pings (ASA 8.4)
      • 1.6   Implement ASA access control features
        • 1.6.a   Interface ACL
        • 1.6.b   Time Bases ACL
        • 1.6.c   Global ACL (ASA 8.4)
        • 1.6.d   Object Groups
        • 1.6.e   uRPF
        • 1.6.f   Shun
        • 1.6.g   Cut-through Proxy (Authentication/Authorization/Accounting)
      • 1.7   Implement Network Address Translation (NAT) on the ASA
        • 1.7.a   Pre 8.3 - static, dynamic, policy, identity nat, nat exemption
        • 1.7.b   8.3 - object (auto) nat, manual (twice) nat
      • 1.8   Implement ASDM public server feature
        • 1.8.a   ASDM configurations and verify resulting CLI commands
      • 1.9   Implement ASA quality of service (QoS) settings
        • 1.9.a   PQ
        • 1.9.b   Policing
        • 1.9.c   Shaping
      • 1.10   Implement ASA transparent firewall
        • 1.10.a   Bridge Group support on ASA 8.4
        • 1.10.b   Layer 3-7 Access Controls
        • 1.10.c   Layer 2 Access Controls
  • 10%     2.0   ASA Routing Features

      • 2.1   Implement ASA static routing
        • 2.1.a   Static routes
        • 2.1.b   Default routes
      • 2.2   Implement ASA dynamic routing
        • 2.2.a   ASA Multicast routing support
        • 2.2.b   ASA dynamic routing protocols support
        • 2.2.c   Basic EIGRP routing
  • 25%     3.0   ASA Inspection Policy

      • 3.1   Implement ASA inspections features
        • 3.1.a   Modular Policy Framework
        • 3.1.b   Default policy and tuning
        • 3.1.c   L3/L4 inspections
        • 3.1.d   Advanced application inspections
        • 3.1.e   ASDM UC Config Wizard
        • 3.1.f   Connection and Local Host tables
        • 3.1.g   TCP state bypass
        • 3.1.h   TCP normalizer
        • 3.1.i   Dynamic Protocol support (established command)
        • 3.1.j   TCP Intercept
        • 3.1.k   Connection limits
  •   5%     4.0   ASA Advanced Network Protections

      • 4.1   Implement ASA Botnet Traffic Filter
        • 4.1.a   Blocking and Threat Level
        • 4.1.b   Black and White List
        • 4.1.c   Dynamic Database Updates
        • 4.1.d   DNS inspection
  • 15%     5.0   ASA High Availability

      • 5.1   Implement ASA Botnet Traffic Filter
        • 5.1a   Interface Redundancy
        • 5.1b   EtherChannel (ASA 8.4)
      • 5.2   Implement ASA Virtualization feature
        • 5.2.a   Security Contexts
        • 5.2.b   Security Contexts Resource Limiting
      • 5.3   Implement ASA Stateful Failover
        • 5.3.a   Active/Standby
        • 5.3.b   Active/Active
        • 5.3.c   Dynamic Routing Protocol Stateful Failover (ASA 8.4)
  • The following course is the recommended training for this exam.

    • Deploying Cisco ASA Firewall Solutions (FIREWALL)

    Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you

    A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

    Cisco Learning Network

    Get valuable IT training resources for all Cisco certifications. Access study tools, CCNA practice tests, IT salaries, and find IT jobs.

    Go Now

    Cisco Training Tools

    Use the following tools to assist in your certification journey.

    Cisco Learning Locator Self Assessment Tool Certification Tracking System Certifications & Communities Online Support

    Cisco Learning Labs

    Get hands-on routing / switching lab experience using Cisco IOS on UNIX.

    Learn More