Home > Cisco > CCSP > 642-522

642-522 Exam

Securing Networks with PIX and ASA Exam(SNPA)

Exam Number/Code : 642-522
Exam Name : Securing Networks with PIX and ASA Exam(SNPA)
Questions and Answers : 63 Q&As
Update Time: 2013-04-05
Price: ~~$ 119.00~~ $ 69.00
642-522 Hard Copy (PDF)
642-522 Test Engine

642-522

Free 642-522 Demo Download

Test4pass offers free demo for CCSP 642-522 exam (Securing Networks with PIX and ASA Exam(SNPA)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Exam Description

It is well known that 642-522 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 642-522 real test . It is the examination of the perfect combination and it will help you pass 642-522 exam at the first time!

Why choose Test4pass 642-522 braindumps

Quality and Value for the 642-522 Exam
100% Guarantee to Pass Your 642-522 Exam
Downloadable, Interactive 642-522 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.

Test4pass 642-522 Exam Features

Quality and Value for the 642-522 Exam

Test4pass Practice Exams for Cisco 642-522 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 642-522 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCSP 642-522 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

Cisco 642-522 Downloadable, Printable Exams (in PDF format)

Our Exam 642-522 Preparation Material provides you everything you will need to take your 642-522 Exam. The 642-522 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

642-522 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-522 Exam will provide you with free 642-522 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-522 Exam:100% Guarantee to Pass Your CCSP exam and get your CCSP Certification.

Hot KeyWords On 642-522 test

How to pass your 642-522 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 642-522 test,The safer.easier way to get CCSP Certification .

��
��
Exam : Cisco 642-522
Title : Securing Networks with PIX and ASA Exam(SNPA)

1. Refer to the exhibit.
Given the configuration, what traffic will be logged to the AAA server?
A. All connection information will be logged in the accounting database.
B. All outbound connection information will be logged in the accounting database.
C. Only the authenticated console connection information will be logged in the accounting database.
D. This is not a valid configuration because TACACS+ connection information cannot be captured and logged.
Answer: B

2. Refer to the exhibit.
An administrator wants to permanently map host addresses on the DMZ subnet to the same host addresses, but a different subnet, on the outside interface. Which command should the administrator use to accomplish this?
A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0
B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0
Nat (outside) 10 access-list server_map
Global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. NAT (dmz) 1 172.16.1.0 netmask 255.255.255.0
��Global (outside) 1 192.168.10.9-10 netmask 255.255.255.0
Answer: C

3. Which is a method of identifying the traffic requiring authorization on the security appliance?
A. implicitly enabling TACACS+ authorization rules in the response packet
B. specifying ACLs that authorization rules must match
C. independently interpreting authorization rules before authentication has occurred to decrease overall AAA processing time
D. checking the authentication rules for a match thus allowing the traffic to be authorized
Answer: B

4. Refer to the exhibit.
The network administrator for this small site has chosen to authenticate HTTP cut-through proxy traffic via a local database on the Cisco PIX Security Appliance. Which command strings should the administrator enter to accomplish this?
A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
Answer: D

5. Refer to the exhibit.
An administrator wants a user on the inside network to access two sites on the Internet and present two different source IP addresses. When the user is accessing Company A web servers, the source IP address is translated to 192.168.0.9. When the user is accessing Company B web servers, the source address is translated to 192.168.0.21.
Which of these can the security appliance administrator configure to accomplish this application?
A. inside NAT
B. identity NAT
C. static
D. policy NAT
Answer: D

6. What is displayed as a result of entering the command syntax show aaa-server group1 host 192.1630.60 in the security appliance?
A. aaa-server configuration for a particular host in server group group1
B. aaa-server statistics for a particular host in server group group1
C. aaa-server configuration for server group group1
D. aaa-server statistics for the host group1 at IP address 192.168.30.60
Answer: B

7. Refer to the exhibit.
This security appliance is configured for what two types of failover? (Choose two.)
A. unit-based failover
B. LAN cable-based failover
C. stateful failover
D. Active/Standby failover
E. Active/Active failover
F. Context/Group failover
Answer: BE

8. An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which commands should the administrator use?
A. class-map http_traffic
��match port tcp eq www
B. class-map http_traffic
��match flow ip destination address 192.168.1.11
C. class-map http_traffic
��match set 192.168.1.11
D. access-list 150 permit tcp any host 192.168.1.11 eq www
class-map http_traffic
match access-list 150
Answer: D

9. The ASDM client is supported on which PC operating systems? Choose the best answer.
A. Windows, Macintosh, and Linux
B. Windows and Sun Solaris
C. Windows, Linux, and Sun Solaris
D. Windows and Linux
Answer: C

10. During failover, which security appliance attribute does not change?
A. failover unit status-active and standby
B. active and standby interfaces-IP address
C. failover unit type-primary and secondary
D. active and standby interfaces-MAC address
Answer: C

11. Refer to the exhibit.
Users on the DMZ are complaining that they cannot gain access to the insidehost via HTTP. What did the network administrator determine after reviewing the network diagram and partial configuration?
A. The static (inside,dmz) command is not configured correctly.
B. The global (dmz) command is not configured correctly.
C. The nat (dmz) command is missing.
D. The dmzin access list is not configured correctly.
Answer: D

12. The inline IPS software feature set is available in which security appliances?
A. any Cisco PIX and ASA Security Appliance running v.7 software and an AIP-SSM module
B. only Cisco PIX 515, 525, and 535 Security Appliances with an AIP-SSM module
C. only Cisco ASA 5520 and 5540 Security Appliances with an AIP-SSM module
D. any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIP-SSM module
Answer: D

13. Refer to the exhibit.
An administrator is configuring the failover link on the secondary unit, pix2 and needs to configure the IP addresses of the failover link. At pix2, which of these additional commands should be entered?
A. pix2(config)# failover lan ip 172.17.2.1 255.255.255.0 standby 172.17.2.7
B. pix2(config)# failover link 172.17.2.7 255.255.255.0 standby 172.17.2.1
C. pix2(config)# failover interface ip LANFAIL 172.17.2.1 255.255.255.0 standby 172.17.2.7
D. pix2(config)# interface ethernet3
pix2(config-if)# failover ip address 172.17.2.7 255.255.255.0 standby 172.17.2.1
Answer: C

14. When an outside FTP client accesses a corporation's dmz FTP server through a security appliance, the administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp
��request-cmd deny appe dele rmd
B. ftp-map inbound_ftp
��request-cmd permit get put cdup
C. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict get put cdup
D. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict appe dele rmd
Answer: A