Testking CCSP 642-522
Securing Networks with PIX and ASA Exam
Last day to test 10/13/2007
Exam Number: 642-522
Associated Certifications: CCSP, Cisco Firewall Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
QUESTION 1:
A new PIX firewall was installed in the Certkiller network to guard against outside attacks. Why does this PIX security appliance record information about a packet in
its stateful session flow table?
A. To build the reverse path forwarding (RFP) table to prevent spoofed source IP
address.
B. To establish a proxy session by relaying the application layer requests and response between two endpoints.
C. To compare against return packets for determining whether the packet should be allowed through the firewall.
D. To track outbound UDP connections. Answer: C
Explanation:
The Adaptive Security Algorithm (ASA), used by the PIXFirewall for stateful application inspection, ensures the secure use of applications and services. Some applications require special handling by the PIXFirewall application inspection function. Applications that require special application inspection functions are those that embed IP addressing information in the user data packet or open secondary channels on dynamically assigned ports.
The application inspection function monitors sessions to determine the port numbers for secondary channels. Many protocols open secondary TCP or UDP ports to improve performance. The initial session on a well-known port is used to negotiate dynamically assigned port numbers. The application inspection function monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these ports for the duration of the specific session.
Packets going through PIX are checked using these steps:
Access control lists (ACLs)-Used for authentication and authorization of connections based on specific networks, hosts, and services (TCP/UDP port numbers).
Inspections-Contains a static, pre-defined set of application-level inspection functions. Connections (XLATE and CONN tables)-Maintains state and other information about each established connection. This information is used by ASA and cut-through proxy to
efficiently forward traffic within established sessions.
1.
A TCP SYN packet arrives at the PIXFirewall to establish a new connection.
2.
The PIXFirewall checks the access control list (ACL) database to determine if the connection is permitted.
3.
The PIXFirewall creates a new entry in the connection database (XLATE and CONN
tables).
4.
TK
642-522
The PIXFirewall checks the Inspections database to determine if the connection requires
application-level inspection.
5.
After the application inspection function completes any required operations for the packet, the PIXFirewall forwards the packet to the destination system.
6.
The destination system responds to the initial request.
7.
The PIXFirewall receives the reply packet, looks up the connection in the connection database, and forwards the packet because it belongs to an established session. Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800
e
QUESTION 2:
A new Certkiller ASA 5500 was installed in the Certkiller network. In the Cisco ASA
5500 series, what is the flash keyword aliased to?
A. Disk0
B. Disk1
C. Both Disk0 and Disk1
D. Flash0
E. Flash1
Answer: A Explanation:
See the following URL syntax:
disk0:/[path/]filename
For the ASA 5500 series adaptive security appliance, this URL indicates the internal
Flash memory. You can also use flash instead of disk0; they are aliased. Reference:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b90.html
QUESTION 3:
Cisco firewalls maintain state awareness of all traffic going through it. What is the core component of the PIX firewall that accommodates for this?
A. PFS B. ASA C. VAC
D. FWSM
E. None of the above
TK
642-522
Answer: B
Explanation:
The Adaptive Security Algorithm (ASA) is the brains of the pix, keeping track of stateful connection information. This allows the firewall to maintain stateful packet awareness to allow for the return traffic to traverse through the firewall.
QUESTION 4:
A new Cisco PIX 535 is being installed in the Certkiller network. What is the maximum number of physical interfaces the PIX Firewall 535 supports with an unrestricted license?
A. 20
B. 10
C. 6
D. 5
E. 3
Answer: B Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are configurable with the unrestricted license.
- The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.
- A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a total of 10 are configurable with the unrestricted license.
PIX model license Comparison:
Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a
0
QUESTION 5:
Interactive Testing Engine Included!
116 Questions
Updated : 03/07/2008
Price : $87.99 $79.99
Free download?testking CCSP 642-522
Free download?pass4sure CCSP 642-522
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
