642-523 Exam
Securing Networks with PIX and ASA
- Exam Number/Code : 642-523
- Exam Name : Securing Networks with PIX and ASA
- Questions and Answers : 63 Q&As
- Update Time: 2011-09-21
- Price:
$ 119.00$ 69.00
Free 642-523 Demo Download
Test4pass offers free demo for CCSP 642-523 exam (Securing Networks with PIX and ASA ). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 642-523 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 642-523 real test . It is the examination of the perfect combination and it will help you pass 642-523 exam at the first time!
Why choose Test4pass 642-523 braindumps
Quality and Value for the 642-523 Exam
100% Guarantee to Pass Your 642-523 Exam
Downloadable, Interactive 642-523 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Cisco CCSP 642-523 exam braindumps questions and answers
¡¡
Exam : Cisco 642-523
Title : Securing Networks with PIX and ASA
1. Which of these commands will provide detailed information about the crypto map configurations of a Cisco ASA?
A. show run ipsec sa
B. show ipsec sa
C. show crypto map
D. show run crypto map
Answer: D
2. When configuring a crypto ipsec transform-set command, how many unique transforms can a single transform set contain?
A. one
B. two
C. three
D. four
Answer: B
3. Which of these commands would block all SIP INVITE packets, such as calling-party and request-method, from specific SIP endpoints?
A. Group the match commands in a SIP inspection policy map.
B. Group the match commands in a SIP inspection class map.
C. Use the match calling-party command in a class map. Apply the class map to a policy map that contains the match request-methods command.
D. Use the match request-methods command in an inspection class map. Apply the inspection class map to an inspection policy map that contains the match calling-party command.
E. Group the match commands in the global_policy policy map.
Answer: B
4. Which command both verifies that NAT is working properly and displays active NAT translations?
A. show running-configuration nat
B. show nat translation
C. show xlate
D. show ip nat all
Answer: C
5. Which three of these are potential groups of users for WebVPN? (Choose three.)
A. employees accessing specific internal applications from desktops and laptops not managed by IT
B. administrators who need to manage servers and networking equipment
C. employees that only need occasional corporate access to a few applications
D. employees that need access to a wide range of corporate applications
E. users of a customer service kiosk placed in a retail store
F. remote employees that need daily access to the internal corporate network
Answer: ACE
6. Refer to the exhibit. An administrator is adding descriptions to class maps for each part of the modular policy framework. What text would the administrator add to the description command to describe the TO_SERVER class map?
A. description "This class-map matches all HTTP traffic for the public web server."
B. description "This class-map matches all HTTPS traffic for the public web server."
C. description "This class-map matches all TCP traffic for the public web server."
D. description "This class-map matches all IP traffic for the public web server."
Answer: D
7. Which mode of operation must you enter in order to recover the Cisco ASA password?
A. unprivileged
B. privileged
C. configure
D. monitor
Answer: D
8. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1 server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance will verify the user's credentials with the TX_ACS AAA server via RADIUS. To accomplish this, the administrator must load and configure Cisco ACS software on the TX_ACS AAA server. During the process, the administrator must correctly configure the AAA client information in the Cisco ACS network configuration window.
What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP address)?
A. AX_ACS
B?0.0.1.10
B. AEB1
B?72.16.1.2
C. Aave
B?92.168.2.10
D. ASA1
B?0.0.1.1
Answer: D
9. Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.100-10.0.108 and a DNS server of 192.168.2?
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ
dhcpd dns 192.168.1.2 dhcpd enable DMZ
B. dhcpd range 10.0.1.100-10.0.1.108 DMZ
dhcpd dns server 192.168.1.2 dhcpd DMZ
C. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns 192.168.1.2 dhcpd enable
D. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns server 192.168.1.2 dhcpd enable DMZ
Answer: A
10. The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose three.)
A. IPsec over TCP
B. IPsec over UDP
C. ESP
D. AH
E. SCEP
F. LZS
Answer: ABC
11. Refer to the exhibit. Based on this output, which of the following statements is true?
A. The ACLOUT access list has been designed to allow the IP address with the network address of 192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B. The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
C. The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
D. The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a network address of 192.168.6.0.
Answer: A
12. LAB
The answer for the question is not available now, we are appreciate if you can provide the answer to us!
15. The primary adaptive security appliance failed, so the secondary adaptive security appliance was automatically activated. The network administrator then fixed the problem. Now the administrator wants to return the primary to "active" status.
Which of these commands, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to "active" status?
A. failover primary active
B. failover secondary group 1
C. failover active group 1
D. failover secondary standby group 1
Answer: C
13. Refer to the exhibit. The network administrator for this small site has chosen to authenticate HTTP cut-through proxy traffic via a local database on the Cisco ASA. Which set of command strings should the administrator enter to accomplish this?
A. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
asa1(config)# aaa authentication match 150 outside LOCAL
B. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
asa1(config)# aaa authentication match 150 outside asa1
C. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
asa1(config)# aaa authentication match 150 outside asa1
D. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
asa1(config)# aaa authentication match 150 outside LOCAL
Answer: D
14. Refer to the exhibit. This adaptive security appliance is configured for which two types of failover? (Choose two.)
A. cable-based failover
B. LAN-based failover
C. stateful failover
D. Active/Standby failover
E. Active/Active failover
F. Context/Group failover
Answer: BE
Click Online chat to talk with us , get more informations about Cisco CCSP 642-523 practice exam study guides questions and answers
Test4pass 642-523 Exam Features
Quality and Value for the 642-523 Exam
Test4pass Practice Exams for Cisco 642-523 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-523 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCSP 642-523 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Cisco 642-523 Downloadable, Printable Exams (in PDF format)
Our Exam 642-523 Preparation Material provides you everything you will need to take your 642-523 Exam. The 642-523 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
642-523 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-523 Exam will provide you with free 642-523 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-523 Exam:100% Guarantee to Pass Your CCSP exam and get your CCSP Certification.
Test4pass 642-523 examTest4pass 642-523 pdf exam
Test4pass 642-523 braindumps
Test4pass 642-523 study guides
Test4pass 642-523 trainning materials
Test4pass 642-523 simulations
Test4pass 642-523 testing engine
Test4pass 642-523 vce
Test4pass 642-523 torrent
Test4pass 642-523 dumps
free download 642-523
Test4pass 642-523 practice exam
Test4pass 642-523 preparation files
Test4pass 642-523 questions
Test4pass 642-523 answers
http://www.test4pass.com/642-523-exam.html The safer.easier way to get CCSP Certification
.
My Shopping Cart
