TestInside 642-523
Securing Networks with PIX and ASA : 642-523 Exam
Exam Number/Code: 642-523
Exam Name: Securing Networks with PIX and ASA
Questions and Answers: 63 Q&As
Price: $75.00
Update Time: 2008-7-6
“Securing Networks with PIX and ASA “, also known as 642-523 exam, is a Cisco certification.
Preparing for the 642-523 exam? Searching 642-523 Test Questions, 642-523 Practice Exam, 642-523 Dumps?
Free 642-523 Demo Download
TestInside offers free demo for 642-523 exam ( Securing Networks with PIX and ASA ). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
1. Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an address
pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2? A. dhcpd address 10.0.1.100-10.0.1.108 DMZ
dhcpd dns 192.168.1.2 dhcpd enable DMZ B. dhcpd range 10.0.1.100-10.0.1.108 DMZ
dhcpd dns server 192.168.1.2 dhcpd DMZ
C. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns 192.168.1.2 dhcpd enable
D. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ Answer: A
2. Refer to the exhibit. Based on this output, which of the following statements is true?
A. The ACLOUT access list has been designed to allow the IP address with the network address of 192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B. The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
C. The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
D. The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a network address of 192.168.6.0.
Answer: A
3. Which mode of operation must you enter in order to recover the Cisco ASA password?
A. unprivileged
B. privileged C. configure D. monitor Answer: D
4. Which command both verifies that NAT is working properly and displays active NAT translations?
A. show running-configuration nat
B. show nat translation
C. show xlate
D. show ip nat all
Answer: C
5. The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose three.)
A. IPsec over TCP B. IPsec over UDP C. ESP
D. AH
E. SCEP F. LZS
Answer: ABC
6. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1 server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance will verify the user’s credentials with the TX_ACS AAA server via RADIUS. To accomplish this, the administrator must load and configure Cisco ACS software on the TX_ACS AAA server. During the process, the administrator must correctly configure the AAA client information in the Cisco ACS network configuration window.
What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP address)?
A. AX_ACS B?0.0.1.10
B. AEB1
B?72.16.1.2
C. Aave
B?92.168.2.10
D. ASA1
B?0.0.1.1
Answer: D
7. When configuring a crypto ipsec transform-set command, how many unique transforms can a single transform
set contain?
A. one
B. two C. three D. four
Answer: B
8. Refer to the exhibit. An administrator is adding descriptions to class maps for each part of the modular policy framework. What text would the administrator add to the description command to describe the TO_SERVER class map?
A. description “This class-map matches all HTTP traffic for the public web server.”
B. description “This class-map matches all HTTPS traffic for the public web server.” C. description “This class-map matches all TCP traffic for the public web server.”
D. description “This class-map matches all IP traffic for the public web server.” Answer: D
9. Refer to the exhibit. The network administrator for this small site has chosen to authenticate HTTP cut-through
proxy traffic via a local database on the Cisco ASA. Which set of command strings should the administrator enter
to accomplish this?
A. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www asa1(config)# aaa authentication match 150 outside LOCAL
B. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www asa1(config)# aaa authentication match 150 outside asa1
C. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www asa1(config)# aaa authentication match 150 outside asa1
D. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www asa1(config)# aaa authentication match 150 outside LOCAL
Answer: D
10. Which three of these are potential groups of users for WebVPN? (Choose three.)
A. employees accessing specific internal applications from desktops and laptops not managed by IT
B. administrators who need to manage servers and networking equipment
C. employees that only need occasional corporate access to a few applications
D. employees that need access to a wide range of corporate applications
E. users of a customer service kiosk placed in a retail store
F. remote employees that need daily access to the internal corporate network
Answer: ACE
11. Which of these commands will provide detailed information about the crypto map configurations of a Cisco
ASA?
A. show run ipsec sa
B. show ipsec sa
C. show crypto map
D. show run crypto map
Answer: D
12. Which of these commands would block all SIP INVITE packets, such as calling-party and request-method, from specific SIP endpoints?
A. Group the match commands in a SIP inspection policy map. B. Group the match commands in a SIP inspection class map.
C. Use the match calling-party command in a class map. Apply the class map to a policy map that contains the match request-methods command.
D. Use the match request-methods command in an inspection class map. Apply the inspection class map to an inspection policy map that contains the match calling-party command.
E. Group the match commands in the global_policy policy map. Answer: B
13. Refer to the exhibit. This adaptive security appliance is configured for which two types of failover? (Choose two.)
14. Which three of these are encryption algorithms used by Cisco ASA security appliances? (Choose three.)
A. DES
B. Blowfish
C. RC4
D. 3DES E. AES
F. Diffie-Hellman Group 5
Answer: ADE
15. The primary adaptive security appliance failed, so the secondary adaptive security appliance was automatically activated. The network administrator then fixed the problem. Now the administrator wants to return
the primary to “active” status.
Which of these commands, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to “active” status?
A. failover primary active
B. failover secondary group 1
C. failover active group 1
D. failover secondary standby group 1
Answer: C
16. You are configuring a crypto map. Which of these commands would you use to specify the peer to which
IPsec-protected traffic can be forwarded? A. crypto map set peer 192.168.7.2
B. crypto map 20 set-peer insidehost
C. crypto-map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2
Answer: D
17. Which three types of information can be found in the syslog output for an adaptive security appliance?
(Choose three.)
A. time stamp and date
B. logging level
C. default router
D. interface packet received
E. hostname of the packet sender
F. message text
Answer: ABF
18. With adaptive security appliance code of version 7.0 or later, which three hardware and software requirements must be met before failover can be configured? (Choose three.)
A. The adaptive security appliances must be the same type of platform. B. RAM, flash, modules, and interfaces must be identical on each unit.
C. The failover pair must meet hardware and software requirements, but can be a PIX and a Cisco ASA.
D. Only RAM and interfaces must be identical on each unit.
E. Major and minor software releases must match, but software versions do not need to be identical.
F. Software versions must have the same major release version, but minor release versions do not need to match.
Answer: ABE
19. Refer to the exhibit. What is the purpose of this command?
A. to filter ActiveX traffic from the default route
B. to filter ActiveX traffic on HTTP from any host and to any host
C. to filter Java traffic on HTTP from any host and to any host
D. to filter ActiveX traffic once it has been applied to an interface
Answer: B
Free download:pass4sure 642-523
Free download:testking 642-523
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Random Posts
[...] Networking Devices (SND) Testinside Cisco 642-503 Securing Networks with Cisco Routers and Switches Testinside Cisco 642-523 Securing Networks with PIX and ASA Testinside Cisco 642-533 Implementing Cisco Intrusion Prevention [...]