Actualtests 642-521
642-521: Securing Hosts Using Cisco Security Agent Last Updated Wednesday, July 02, 2008 with 69 Questions
Cisco Secure PIX Firewall Advanced
Exam Number: 642-521 Exam
Associated Certifications: Cisco Secure PIX Firewall Advanced
Duration: 192 Q&As
Available Language(s): English
Exam Details
The Cisco Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the CSPFA v3.2 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the PIX Firewall product family. CCNA or CCDA recertification candidates who pass the 642-521 CSPFA exam will be considered recertified at the CCNA or CCDA level.
Free 642-521 Exams’s PDF Download
Free Actualtests offers free demo for 642-521 PDF(Cisco Secure PIX Firewall Advanced). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Cisco Secure PIX Firewall Advanced.
Recommended Training about 642-521 exam PDF
The following courses are the recommended training for 642-521 exam PDF.
642-521 Q & A with Explanations
642-521 Audio Exam
642-521 Study Guide
642-521 Preparation Lab
642-521 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
642-521 Exam: Actualtests’s Cisco Secure PIX Firewall Advanced PDF
The Cisco Secure PIX Firewall Advanced PDF for preparing for the 642-521 exam - Actualtestss Cisco Secure PIX Firewall Advanced. Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.
QUESTION 1:
You are the security administrator at Certkiller Inc. and your assignment is to match the
firewall technology with its description.
Answer:
Explanation:
Proxy server - hides valuable data by requiring users to communicate with secure
system by means of a proxy. Users gain access to the network by going through a process
that establishes session state, user authentication, and authorized policy.
Packet filters - A Cisco router configured with an ACL to filter traffic flowing through it
is an example of a packet filter.
Stateful Packet filters - A stateful packet filter keeps complete session state information
for each session built through the firewall. Each time an IP connection is established for
an inbound or outbound connection, the information is logged in a stateful session flow
table.
Reference: Cisco Secure PIX Firewall (Ciscopress) pages 16 - 18
QUESTION 2:
Which of the following is a problem with packet-filtering firewalls?
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented.
C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.
Answer: B
642-521
Actualtests.com - The Power of Knowing
Explanation:
Packet filtering
A firewall can use packet filtering to limit information entering a network or information
moving from one segment of a network to another. Packet filtering uses access control
lists (ACLs), which allow a firewall to accept or deny access based on packet types and
other variables.
This method is effective when a protected network receives a packet from an unprotected
network. Any packet that is sent to the protected network and does not fit the criteria
defined by the ACLs is dropped.
However, there are problems with packet filtering:
1. Arbitrary but undesirable packets can be sent that fit the ACL criteria and, therefore,
pass through the filter.
2. Packets can pass through the filter by being fragmented.
3. Complex ACLs are difficult to implement and maintain correctly.
4. Some services cannot be filtered.
PIX FW Advanced, Cisco Press, p. 18
Reference: CSPFA Student Guide v3.2 - Cisco Secure PIX Advanced p.3-5
QUESTION 3:
At which of the following stages will the PIX Firewall log information about
packets, such as source and destination IP addresses, in the stateful session table?
A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made.
D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Answer: C
Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology
maintains complete session state. Each time a Transimission Control Protocol (TCP) or
User Datagram Protocol (UDP) connection is established for inbound or outbound
connections, the information is logged in a stateful session flow table.
Reference: CSPFA Student Guide v3.2 - Cisco Secure PIX Advanced p.3-7
PIX FW Advanced, Cisco Press, p. 19
QUESTION 4:
John the security administrator at Certkiller Inc. is working on configuring the PIX
Firewall. John must choose two features on the PIX Firewall? (Choose two)
A. One feature is it uses Cisco Finesse operating system.
642-521
Actualtests.com - The Power of Knowing
B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication
connections.
Answer: A, F
Explanation:
The PIX Firewall features the following technologies and benefits
Non-Unix, secure, real-time, embedded system
ASA
Cut-through proxy - A user-based authentication method of both inbound and outbound
connections, providing improved performance in comparison to that of a proxy server.
Statefull packet filtering
Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-like
operating system. Use of Finesse eliminates the risks associated with general-purpose
operating system.
Reference: Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9
QUESTION 5:
What is the operating system that a pix runs?
A. unix
B. solaris
C. windows
D. none of the above
Answer: D
Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened
firewall, limiting its vulnerabilities.
QUESTION 6:
What encryption protocols does the pix firewall support for vpn’s? Choose all that
apply.
A. MD5
B. 3DES
C. AES
D. DES
642-521
Actualtests.com - The Power of Knowing
Answer: B,C,D
Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES
encryption protocols for IPSEC VPN’s.
QUESTION 7:
What is the maximum number of interfaces the PIX Firewall 535 supports with an
unrestricted license?
A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5
Answer: B
Explanation: A total of eight interface circuit boards are configurable with the
restricted license and a total of ten are configurable with the unrestricted license.
- The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.
- With version 6.3 the PIX supports a total of 24 combined physical and virtual
interfaces.
- A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a
total of 10 are configurable with the unrestricted license.
PIX model license Comparison
Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a
0
QUESTION 8:
As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported
on a PIX Firewall.
Which of the following statements regarding the capabilities of AES on the PIX
Firewall is valid?
642-521
Actualtests.com - The Power of Knowing
A. Supported in software only on all models.
B. Supported on software on all models and in hardware in a VAC card.
C. Not supported by the PIX 501 and 506.
D. Supported in software on all models and in hardware on a VAC+ card.
E. Supported in software on all models and in hardware on an AIM II card.
F. None of the above.
Answer: D
Explanation:
PIX FW Advanced, Cisco Press, p. 29
QUESTION 9:
Which of the following are valid pix models? Choose all that apply.
A. 505
B. 515
C. 530
D. 535
Answer: B,D
Explanation:
The pix firewall comes in 6 different models. 501, 506, 515, 520, 525, 535. There is also
the FWSM blade.
QUESTION 10:
How much flash memory does a pix firewall need to run OS version 6.1?
A. 2mb
B. 4mb
C. 8mb
D. 16mb
Answer: C
Free download:pass4sure 642-521
Free download:testking 642-521
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Random Posts
