Pass4sure Cisco CCSP Exam 642-523 v2.93

Securing Networks with PIX and ASA : 642-523 Exam

Exam Number/Code: 642-523
Exam Name: Securing Networks with PIX and ASA

Exam : Cisco 642­523

Title :

Securing Networks with PIX and

ASA

Update : Demo

1. Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an
address pool of 10.0.1.100­10.0.1.108 and a DNS server of 192.168.1.2?
A. dhcpd address 10.0.1.100­10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ B. dhcpd range
10.0.1.100­10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
C. dhcpd address range 10.0.1.100­10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
D. dhcpd address range 10.0.1.100­10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ Answer: A

2. Refer to the exhibit. Based on this output, which of the following statements is true?

A. The ACLOUT access list has been designed to allow the IP address with the network address of
192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B. The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
C. The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
D. The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a network address of 192.168.6.0.
Answer: A

3. Which mode of operation must you enter in order to recover the Cisco ASA password? A. unprivileged
B. privileged C. configure D. monitor Answer: D

4. Which command both verifies that NAT is working properly and displays active NAT translations?
A. show running­configuration nat
B. show nat translation
C. show xlate
D. show ip nat all
Answer: C

5. The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose three.)

A. IPsec over TCP
B. IPsec over UDP C. ESP
D. AH
E. SCEP F. LZS
Answer: ABC

6. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1 server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance will verify the user’s credentials with the TX_ACS AAA server via RADIUS. To
accomplish this, the administrator must load and configure Cisco ACS software on the TX_ACS AAA server. During the process, the administrator must correctly configure the AAA client information in the Cisco ACS network configuration window. What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP address)?

A. AX_ACS B?0.0.1.10
B. AEB1 B?72.16.1.2
C. Aave B?92.168.2.10
D. ASA1 B?0.0.1.1

Answer: D

7. When configuring a crypto ipsec transform­set command, how many unique transforms can a single transform set contain?
A. one B. two C. three D. four
Answer: B

8. Refer to the exhibit. An administrator is adding descriptions to class maps for each part of the modular policy framework. What text would the administrator add to the description command to describe the TO_SERVER class map?

A. description “This class­map matches all HTTP traffic for the public web server.”
B. description “This class­map matches all HTTPS traffic for the public web server.” C. description “This class­map matches all TCP traffic for the public web server.”
D. description “This class­map matches all IP traffic for the public web server.” Answer: D

9. Refer to the exhibit. The network administrator for this small site has chosen to authenticate HTTP cut­through proxy traffic via a local database on the Cisco ASA. Which set of command strings should the administrator enter to accomplish this?

A. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access­list 150 permit tcp
any host 172.16.16.6 eq www asa1(config)# aaa authentication match 150 outside LOCAL
B. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access­list 150 permit tcp any host 192.168.16.6 eq www asa1(config)# aaa authentication match 150 outside asa1
C. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access­list 150 permit tcp any host 172.16.16.6 eq www asa1(config)# aaa authentication match 150 outside asa1
D. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access­list 150 permit tcp any host 192.168.16.6 eq www asa1(config)# aaa authentication match 150 outside LOCAL
Answer: D

10. Which three of these are potential groups of users for WebVPN? (Choose three.)
A. employees accessing specific internal applications from desktops and laptops not managed by IT
B. administrators who need to manage servers and networking equipment
C. employees that only need occasional corporate access to a few applications
D. employees that need access to a wide range of corporate applications
E. users of a customer service kiosk placed in a retail store
F. remote employees that need daily access to the internal corporate network
Answer: ACE

11. Which of these commands will provide detailed information about the crypto map configurations of a
Cisco ASA?
A. show run ipsec sa
B. show ipsec sa

C. show crypto map
D. show run crypto map
Answer: D

12. Which of these commands would block all SIP INVITE packets, such as calling­party and request­method, from specific SIP endpoints?
A. Group the match commands in a SIP inspection policy map. B. Group the match commands in a SIP inspection class map.
C. Use the match calling­party command in a class map. Apply the class map to a policy map that contains the match request­methods command.
D. Use the match request­methods command in an inspection class map. Apply the inspection class map
to an inspection policy map that contains the match calling­party command. E. Group the match commands in the global_policy policy map.
Answer: B

13. Refer to the exhibit. This adaptive security appliance is configured for which two types of failover?

(Choose two.)

A. cable­based failover B. LAN­based failover C. stateful failover
D. Active/Standby failover
E. Active/Active failover
F. Context/Group failover
Answer: BE

14. LAB The

answer for the question is not available now, we are appreciate if you can provide the answer to us!

15. The primary adaptive security appliance failed, so the secondary adaptive security appliance was automatically activated. The network administrator then fixed the problem. Now the administrator wants to return the primary to “active” status. Which of these commands, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to “active” status?
A. failover primary active
B. failover secondary group 1
C. failover active group 1
D. failover secondary standby group 1
Answer: C

16. You are configuring a crypto map. Which of these commands would you use to specify the peer to which IPsec­protected traffic can be forwarded?
A. crypto map set peer 192.168.7.2
B. crypto map 20 set­peer insidehost
C. crypto­map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2
Answer: D

17. Which three types of information can be found in the syslog output for an adaptive security appliance?
(Choose three.)
A. time stamp and date
B. logging level
C. default router

D. interface packet received
E. hostname of the packet sender
F. message text
Answer: ABF

18. With adaptive security appliance code of version 7.0 or later, which three hardware and software requirements must be met before failover can be configured? (Choose three.)
A. The adaptive security appliances must be the same type of platform. B. RAM, flash, modules, and interfaces must be identical on each unit.
C. The failover pair must meet hardware and software requirements, but can be a PIX and a Cisco ASA.
D. Only RAM and interfaces must be identical on each unit.
E. Major and minor software releases must match, but software versions do not need to be identical.
F. Software versions must have the same major release version, but minor release versions do not need
to match. Answer: ABE

19. Refer to the exhibit. What is the purpose of this command?

A. to filter ActiveX traffic from the default route
B. to filter ActiveX traffic on HTTP from any host and to any host
C. to filter Java traffic on HTTP from any host and to any host
D. to filter ActiveX traffic once it has been applied to an interface
Answer: B

20. Which three of these are encryption algorithms used by Cisco ASA security appliances? (Choose three.)
A. DES
B. Blowfish
C. RC4
D. 3DES E. AES
F. Diffie­Hellman Group 5
Answer: ADE

21. Which command configures the Cisco ASA console for SSH access by a local user? A. aaa authentication ssh console LOCAL
B. ssh console username sysadmin password cisco123
C. ssh username sysadmin password cisco123
D. aaa authentication ssh LOCAL

Answer: A

22. By default, adaptive security appliances configured for LAN­based failover will fail over after approximately 15 seconds. Which two commands should an administrator configure on the security appliance to detect a failure faster? (Choose two.)
A. failover polltime unit
B. failover interface­policy polltime
C. failover lan link polltime
D. failover lan unit polltime
E. failover unit­policy polltime F. failover polltime interface Answer: AF

23. LAB The answer for the question is not available now, we are appreciate if you can provide the answer to us!

24. Which of the following statements about adaptive security appliance failover is true?
A. The Cisco ASA and PIX security appliances support LAN­based and cable­based failover.
B. The Cisco ASA security appliance only supports cable­based failover.
C. The PIX adaptive security appliance only supports LAN­based failover.
D. The PIX adaptive security appliance supports LAN­based and cable­based failover. Answer: D

25. Which of these commands enables IKE on the outside interface? A. ike enable outside
B. nameif outside isakmp enable
C. isakmp enable outside

D. int g0/0 ike enable (outbound)
Answer: C

26. Which of the following statements about the configuration of WebVPN on the Cisco ASA is true for
Cisco ASA version 7.2?
A. WebVPN and Cisco ASDM can both be enabled on the same interface, but must run on different TCP
ports.
B. WebVPN and Cisco ASDM cannot be enabled at the same time on the Cisco ASA.
C. WebVPN and Cisco ASDM can only be enabled at the same time using the command line interface.
D. WebVPN and Cisco ASDM cannot run on the same interface. Answer: A

27. Which command will set the default route for an adaptive security appliance to the IP address
10.10.10.1?
A. route add default 0 10.10.10.1
B. route management 10.10.10.0 0.0.0.255 10.10.10.1 1
C. route 0 0 10.10.10.1 1
D. route outside 0 0 10.10.10.1 1
Answer: D

28. An administrator is configuring a Cisco ASA for site­to­site VPN using pre­shared keys. Which two configuration modes and commands would the administrator configure when using a pre­shared key of
1234? (Choose two.)
A. asa(config­isakmp­policy)# authentication pre­share
B. asa(config­isakmp­policy)# authentication pre­shared­key 1234
C. asa(config­tunnel­ipsec)# pre­shared­key 1234
D. asa(config­tunnel­general)# authentication pre­share
E. asa(config)# tunnel­group name general­attributes authentication pre­share
F. asa(config)# tunnel­group name ipsec­attributes pre­shared­key 1234
Answer: AC

29. Refer to the exhibit. An administrator wants to permanently map host addresses on the DMZ subnet to the same host addresses, but a different subnet, on the outside interface. Which command or commands should the administrator use to accomplish

this A. NAT (dmz) 0

172.16.1.0 netmask 255.255.255.0
B. access­list server_map permit tcp any 192.168.10.0 255.255.255.0 nat (outside) 10 access­list server_map global (dmz) 10 172.16.1.9­10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. nat (dmz) 1 172.16.1.0 netmask 255.255.255.0 global (outside) 1 192.168.10.9­10 netmask
255.255.255.0
Answer: C

30. Which three of these commands will show you the contents of flash memory on the Cisco ASA?
(Choose three.) A. show disk
B. flash
C. dir
D. show flash: E. directory
F. info flash
Answer: ACD

KillTest.com was founded in 2006. The safer,easier way to help you pass any IT
Certification exams . We provide high quality IT Certification exams practice questions and answers(Q&A). Especially Adob e, Apple, Cit rix, Compt ia, EM C,
HP, Hu aW ei, LPI, No rtel, Oracle , SUN, Vmw are and so on. And help you pass any IT Certification exams at the first try.
You can reach us at any of the email addresses listed below. English Customer: Chinese Customer: Sales : sales@Killtest.com sales@Killtest.net
Support: support@Killtest.com support@Killtest.com

“Securing Networks with PIX and ASA”, also known as 642-523 exam, is a Cisco certification.
Preparing for the 642-523 exam? Searching 642-523 Test Questions, 642-523 Practice Exam, 642-523 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-523 Exam preparation. In the 642-523 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 63 Q&As
Updated: April 11th , 2008
Market Price: $125.99
Member Price: $99.99

Free Down:Pass4sure Cisco CCSP Exam 642-523 v2.93
Free Down:Testking CCSP Exam 642-523 Exam
password:www.certbible.org

TestKing - TestKing.com Help you pass Cisco exams

Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .

Related Posts

• Pass4sure Cisco ccsp 642-545 2.77
• Testking CCSP 642-515
• Actualtest cisco ccsp 642-504
• Testinside ccsp 642-504
• Testking Cisco ccsp 642-504
• Pass4sure Cisco CCSP Exam 642-504 2.75
• CBT Cisco CCSP - Exam-Pack 642-504: SNRS (update)
• 642-504 SNRS
• Security Threat Mitigation and Response:, Understanding Cisco Security MARS (Networking Technology)
• TestInside 642-565