Testking CCSP 642-521
Cisco Secure PIX Firewall Exam
Retired
Exam Number: 642-521
Associated Certifications: CCSP, Cisco Firewall Specialist
Duration: 75 minutes (55-65 questions)
Available Languages: English
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
QUESTION 1:
You are the security administrator at Certkiller Inc. and your assignment is to match the firewall technology with its description.
Answer:
Explanation:
Proxy server – hides valuable data by requiring users to communicate with secure
system by means of a proxy. Users gain access to the network by going through a process that establishes session state, user authentication, and authorized policy.
Packet filters – A Cisco router configured with an ACL to filter traffic flowing through it
is an example of a packet filter.
Stateful Packet filters – A stateful packet filter keeps complete session state information for each session built through the firewall. Each time an IP connection is established for
an inbound or outbound connection, the information is logged in a stateful session flow table.
Reference: Cisco Secure PIX Firewall (Ciscopress) pages 16 – 18
QUESTION 2:
Which of the following is a problem with packet-filtering firewalls?
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented. C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.
Answer: B
TK
642-521
Explanation:
Packet filtering
A firewall can use packet filtering to limit information entering a network or information moving from one segment of a network to another. Packet filtering uses access control
lists (ACLs), which allow a firewall to accept or deny access based on packet types and other variables.
This method is effective when a protected network receives a packet from an unprotected network. Any packet that is sent to the protected network and does not fit the criteria defined by the ACLs is dropped.
However, there are problems with packet filtering:
1. Arbitrary but undesirable packets can be sent that fit the ACL criteria and, therefore, pass through the filter.
2. Packets can pass through the filter by being fragmented.
3. Complex ACLs are difficult to implement and maintain correctly.
4. Some services cannot be filtered. PIX FW Advanced, Cisco Press, p. 18
Reference: CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-5
QUESTION 3:
At which of the following stages will the PIX Firewall log information about packets, such as source and destination IP addresses, in the stateful session table?
A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made. D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Answer: C Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology maintains complete session state. Each time a Transimission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established for inbound or outbound connections, the information is logged in a stateful session flow table.
Reference: CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-7
PIX FW Advanced, Cisco Press, p. 19
QUESTION 4:
John the security administrator at Certkiller Inc. is working on configuring the PIX Firewall. John must choose two features on the PIX Firewall? (Choose two)
A. One feature is it uses Cisco Finesse operating system.
TK
642-521
B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication connections.
Answer: A, F Explanation:
The PIX Firewall features the following technologies and benefits
Non-Unix, secure, real-time, embedded system
ASA
Cut-through proxy – A user-based authentication method of both inbound and outbound connections, providing improved performance in comparison to that of a proxy server. Statefull packet filtering
Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-like operating system. Use of Finesse eliminates the risks associated with general-purpose operating system.
Reference: Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9
QUESTION 5:
What is the operating system that a pix runs? A. unix
B. solaris
C. windows
D. none of the above
Answer: D Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened firewall, limiting its vulnerabilities.
QUESTION 6:
What encryption protocols does the pix firewall support for vpn’s? Choose all that apply.
A. MD5
B. 3DES C. AES D. DES
TK
642-521
Answer: B,C,D
Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES
encryption protocols for IPSEC VPN’s.
QUESTION 7:
What is the maximum number of interfaces the PIX Firewall 535 supports with an unrestricted license?
A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5
Answer: B
Explanation: A total of eight interface circuit boards are configurable with the restricted license and a total of ten are configurable with the unrestricted license.
- The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.
- With version 6.3 the PIX supports a total of 24 combined physical and virtual interfaces.
- A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a total of 10 are configurable with the unrestricted license.
PIX model license Comparison
Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a
0
QUESTION 8:
As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported on a PIX Firewall.
Which of the following statements regarding the capabilities of AES on the PIX Firewall is valid?
Interactive Testing Engine Included!
246 Questions
Updated : 03/03/2008
Price : $87.99 $79.99
Free download?testking CCSP, Cisco Firewall Specialist 642-521
Free download?pass4sure CCSP, Cisco Firewall Specialist 642-521
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
[...] Secure PIX Firewall Advanced : 642-521 Exam testking 642-521 Questions and Answers : 192 Q&As Updated: Sep 4th , 2008 Market Price: $119.99 Member Price: [...]
[...] Secure PIX Firewall Advanced : 642-521 Exam testking 642-521 Questions and Answers : 192 Q&As Updated: Sep 4th , 2008 Market Price: $119.99 Member Price: [...]
[...] Secure PIX Firewall Advanced : 642-521 Exam testking 642-521 Questions and Answers : 192 Q&As Updated: Sep 4th , 2008 Market Price: $119.99 Member Price: [...]