Download Free Pass4sure Cisco CCSP 642-522 EXAM v2.83 Dumps

Pass4sure Cisco CCSP 642-522 EXAM v2.83

Securing Networks with PIX and ASA Exam(SNPA) : 642-522 Exam

Exam Number/Code: 642-522
Exam Name: Securing Networks with PIX and ASA Exam(SNPA)
VUE Code: 642-522
Questions Type: Single choice,
Question Numbers of Real-exam: 60-70 questions

Exam : Cisco 642522

Title :

Securing Networks with PIX and

ASA Exam(SNPA)

Update : Demo

1.Refer to the show run output in the exhibit. Which accesslist configuration using the
objectgroups shown will only permit HTTP and HTTPS traffic from any host on 10.1.1.0/24 to any host on 192.168.1.0/24?

A.accesslist aclin extended permit tcp objectgroup test2 objectgroup test1 objectgroup test3
B.accesslist aclin extended permit tcp objectgroup test1 objectgroup test2 objectgroup test3
C.accesslist aclin extended permit tcp objectgroup test1 objectgroup test3 objectgroup test2
D.accesslist aclin extended permit ip objectgroup test1 objectgroup test2
Correct:B
2.What is the effect of the peruseroverride option when applied to the accessgroup command syntax?
A.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
B.The log option in the peruser access list overrides existing interface log options.
C.It allows downloadable user access lists to override the access list applied to the interface. D.It allows for extended authentication on a peruser basis.
Correct:C
3.Drag Drop question

Correct:

4.Which command enables IKE on the outside interface?
A.ike enable outside B.ipsec enable outside C.isakmp enable outside D.ike enable (outbound) Correct:C
5.Refer to the exhibit. An administrator is configuring the failover link on the secondary unit, pix2 and needs to configure the IP addresses of the failover link. At pix2, which of these additional commands should be entered?

A.pix2(config)# failover lan ip 172.17.2.1 255.255.255.0 standby 172.17.2.7
B.pix2(config)# failover link 172.17.2.7 255.255.255.0 standby 172.17.2.1
C.pix2(config)# failover interface ip LANFAIL 172.17.2.1 255.255.255.0 standby 172.17.2.7
D.pix2(config)# interface ethernet3 pix2(configif)# failover ip address 172.17.2.7 255.255.255.0 standby
172.17.2.1
Correct:C
6.What type of tunneling should be used on the VPN Client to allow IPSec traffic through a stateful firewall that may be performing NAT or PAT?
A.GRE/IPSec B.IPSec over TCP C.IPSec over UDP D.split tunneling E.L2TP
Correct:B
7.What is the result if the WebVPN urlentry parameter is disabled?

A.The end user is unable to access any CIFS shares or URLs.
B.The end user is able to access CIFS shares but not URLs. C.The end user is unable to access predefined URLs.
D.The end user is able to access predefined URLs.
Correct:D
8.What are the two purposes of the samesecuritytraffic permit intrainterface command?
(Choose two.)
A.It allows all of the VPN spokes in a hubandspoke configuration to be terminated on a single interface. B.It allows communication between different interfaces that have the same security level
C.It permits communication in and out of the same interface when the traffic is IPSec protected. D.It enables Dynamic Multipoint VPN.
Correct:A C
9.When configuring a crypto map, which command correctly specifies the peer to which
IPSecprotected traffic can be forwarded?
A.crypto map set peer 192.168.7.2
B.crypto map 20 setpeer insidehost
C.cryptomap policy 10 set 192.168.7.2
D.crypto map peer7 10 set peer 192.168.7.2
Correct:D
10.By default, the AIPSSM IPS software is accessible from the management port at IP address
10.1.9.201/24. Which CLI command should an administrator use to change the default AIPSSM
management port IP address?
A.hw module 1 setup
B.interface
C.setup
D.hw module 1 recover
Correct:C
11.The inline IPS software feature set is available in which security appliances?
A.any Cisco PIX and ASA Security Appliance running v.7 software and an AIPSSM module
B.only Cisco PIX 515, 525, and 535 Security Appliances with an AIPSSM module C.only Cisco ASA 5520 and 5540 Security Appliances with an AIPSSM module D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIPSSM module Correct:D
12.Which is a hybrid protocol that provides utility services for IPSec, including authentication of the IPSec peers, negotiation of IKE and IPSec SAs, and establishment of keys for encryption algorithms?
A.3DES B.ESP C.IKE D.MD5
Correct:C
13.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?

A.Use the shutdown command on the main interface
B.Omit the nameif command on the subinterface C.Use the vlan command on the main interface. D.Omit the nameif command on the main interface.
E.Use the shutdown and then use the nameif command on the main interface.
Correct:D
14.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces except the outside interface.
B.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to
all interfaces be IPSec protected.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces, but it must be protected with SSH.
Correct:C
15.Why does the PIX security appliance record information about a packet in its stateful session flow table?
A.to build the reverse path forwarding (RFP) table to prevent spoofed source IP address
B.to establish a proxy session by relaying the application layer requests and responses between two endpoints
C.to compare against return packets for determining whether the packet should be allowed through the firewall
D.to track outbound UDP connections
Correct:C
16.In the Cisco ASA 5500 series, what is the flash keyword aliased to?
A.Disk0
B.Disk1
C.both Disk0 and Disk1
D.Flash0
E.Flash1
Correct:A
17.Refer to the exhibit. This security appliance is configured for what two types of failover?
(Choose two.)

A.unitbased failover
B.LAN cablebased failover C.stateful failover D.Active/Standby failover E.Active/Active failover F.Context/Group failover Correct:B E
18.Refer to the exhibit. You are an administrator who is inundated with unwanted syslog messages. You want to stay at your current syslog message level but block selected unwanted syslog messages from filling your syslog. What command should you use to block specific unwanted message number 710005?

A.logging message deny 710005
B.no logging debug 710005
C.logging trap deny 710005
D.no logging message 710005
Correct:D
19.Refer to the exhibit. An administrator wants to add a comment about accesslist aclin line 2. What command should the administrator enter to accomplish this addition?

A.pix1(config)# accesslist aclin line 1 remark partner server http access
B.pix1(config)# accesslist aclin line 2 remark partner server http access C.pix1(config)# accesslist aclin line 1 comment partner server http access D.pix1(config)# accesslist aclin line 2 comment partner server http access Correct:B
20.What is the minimal number of physical interfaces required for all security appliance platforms
to support VLANs?
A.one B.two C.three D.four Correct:B
21.Which of these identifies basic settings for the security appliance, including a list of contexts?
A.primary configuration B.network configuration C.system configuration D.admin configuration Correct:C
22.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?
A.nat
B.static
C.set connection D.HTTPmap Correct:D
23.Drag Drop question

Correct:
Green choice1>Yellow Choice1
Green choice3>Yellow Choice2
Green choice6>Yellow Choice3
24.Refer to the exhibit. Users on the DMZ are complaining that they cannot gain access to the insidehost via HTTP. What did the network administrator determine after reviewing the network diagram and partial configuration?

A.The static (inside,dmz) command is not configured correctly.
B.The global (dmz) command is not configured correctly. C.The nat (dmz) command is missing.
D.The dmzin access list is not configured correctly.
Correct:D
25.Refer to the exhibit. An administrator has configured the first four data ports on a Cisco ASA
5540 Security Appliance. The technician attaches the next data cable to Port A. When configuring this interface, what physical type, slot, and port number should the administrator add to the configuration?

A.GigabitEthernet0/0
B.GigabitEthernet0/5
C.GigabitEthernet0/4
D.Management0/0
Correct:D
26.Which feature prevents ARP spoofing?
A.ARP fixup B.ARP inspection C.MAC fixup D.MAC inspection Correct:B
27.Simulate question

Correct:
28.What is the purpose of the urllist command in global configuration mode?
A.Allow end users access to URLs.
B.Allow end users access to CIFS shares and URLs.

C.Stop the end user from accessing predefined URLs.
D.Configure a set of URLs for WebVPN users to access. E.List URLs that the end user cannot access.
Correct:D
29.What privilege level is the highest on the security appliance?
A.1
B.5
C.10
D.15
E.20
Correct:D
30.What are two instances when sparsemode PIM is most useful? (Choose two.)
A.when there are few receivers in a group B.when there are many receivers in a group C.when the type of traffic is intermittent D.when the type of traffic is constant
E.when the traffic is not ethertype F.when the traffic is ethertype Correct:A C

“Securing Networks with PIX and ASA Exam(SNPA)”, also known as 642-522 exam, is a Cisco certification.
Preparing for the 642-522 exam? Searching 642-522 Test Questions, 642-522 Practice Exam, 642-522 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&A we offer correct answe to your 642-522 Exam preparation. In the 642-522 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 63 Q&A we offer correct answe
Updated: April 30th , 2008
Market Price: $129.99
Member Price: $89.99
The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.
Free Down:Pass4sure Cisco CCSP 642-522 EXAM v2.83
Free Down:Testking cisco cssp 642-522

password:www.ciscoexams.org