Related Certifications: CCSP and Cisco Firewall Specialist

Number of Questions: 63

Duration: 90 minutes

Exam Topics Include:

1. Install and configure a Security Appliance for basic network connectivity

2. Configure a Security Appliance to restrict inbound traffic from non trusted sources

3. Configure a Security Appliance to provide secure connectivity using site-to-site VPNs

4. Configure an ASA to provide secure connectivity using remote access VPNs

5. Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance

6. Configure AAA services for the ASA

7. Configure routing and switching on an ASA

8. Configure Security Appliance advanced application layer and modular policy features

9. Monitor and manage an installed Adaptive Security Appliance

The Securing Networks with PIX and ASA exam (SNPA 642-523) is one of the core exams associated with the Cisco Certified Security Professional (CCSP) certification. In all, you will need to pass five separate exams to become CCSP certified. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA Security Appliance products.

Let TestKing help you to become CCSP or Cisco firewall specialist certified. The TestKing 642-523 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam, the first time. We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations provided by our certified industry experts, ensuring that you fully understand the questions and the concept behind the questions.
Which three of these are Cisco ASA syslog message fields? (Choose three.)
A. syslog community string
B. message.text
C. triggering packet copy
D. logging device ip
E. default ASA gateway
F. logging level
Answer: B,D,F

An Administrator wants to protect a DMZ web server from SYN Flood attacks. Which
three of these commands, used individually would allow the administrator to place limits
on the number of embryonic connections? (choose three.)
A. http redirect

B. nat
C. http-proxy
D. static
E. set connection
F. access-list
Answer: B,D,E
QUESTION 4
Which three of these are Cisco ASA syslog message fields? (Choose three.)
A. triggering packet copy
B. message.text
C. syslog community string
D. logging level
E. default ASA gateway
F. logging device ip
Answer: B,D,F
Which these commands displays the status of the CSC SSM on the Cisco ASA?
A. show module 1 CSC details
B. show hw 1 details
C. show module 1 details
D. show interface GigabitEthernet 1/0
Answer: C

Which command both verifies that NAT is working properly and displays active NAT
translations?
A. show nat translation
B. show running-confugration nat
C. show ip nat all
D. show xlate
Answer: D
QUESTION 9
The Cisco VPN Client supports which three of these tunneling protocols and methods?
(Choose three.)
A. AH
B. LZS
C. IPSec over TCP
D. IPSec over UDP
E. SCEP
F. ESP
Answer: C,D,F
What does the nat 0 command do?
A. The nat 0 command, followed by an access list, specifies the addresses that are not to
be translated
B. The nat 0 command, followed by a range of IP Addresses, specifies the addresses that
are to be translated using network address translations
C. The nat 0 command, followed by a range of IP Addresses, specifies the addresses that
are to be translated when used for IPSec
D. The nat 0 command, followed by an access list, specifies the addresses that are to be
used in translations only once
Answer: A
Testking cisco ccsp Interactive Testing Engine Included!
181 Questions
Updated : 03/06/2008
Price : $87.99 $79.99
Free Down:Testking Cisco CCSP 642-523

pass4sure ccsp 642-523 v2.93

password:www.certbible.org

Exam Number/Code: 642-523
Exam Name: Securing Networks with PIX and ASA

“Securing Networks with PIX and ASA”, also known as 642-523 exam, is a Cisco certification.
Preparing for the 642-523 exam? Searching 642-523 Test Questions, 642-523 Practice Exam, 642-523 Dumps?
Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with
an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ
dhcpd dns 192.168.1.2 dhcpd enable DMZ
B. dhcpd range 10.0.1.100-10.0.1.108 DMZ
dhcpd dns server 192.168.1.2 dhcpd DMZ
C. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns 192.168.1.2 dhcpd enable
D. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns server 192.168.1.2 dhcpd enable DMZ
Answer: A
Which mode of operation must you enter in order to recover the Cisco ASA password?
A. unprivileged
B. privileged
C. configure
D. monitor
Answer: D
QUESTION: 4
Which command both verifies that NAT is working properly and displays active NAT
translations?
A. show running-configuration nat
B. show nat translation
C. show xlate
D. show ip nat all
Answer: C
QUESTION: 5
The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose
three.)
A. IPsec over TCP
B. IPsec over UDP
C. ESP
D. AH
E. SCEP
F. LZS
Answer: A, B, C
When configuring a crypto ipsec transform-set command, how many unique transforms can a
single transform set contain?
A. one
B. two
C. three
D. four
Answer: B
QUESTION: 10
Which three of these are potential groups of users for WebVPN? (Choose three.)
A. employees accessing specific internal applications from desktops and laptops not managed by
IT
B. administrators who need to manage servers and networking equipment
C. employees that only need occasional corporate access to a few applications
D. employees that need access to a wide range of corporate applications
E. users of a customer service kiosk placed in a retail store
F. remote employees that need daily access to the internal corporate network
Answer: A, C, E
QUESTION: 11
Which of these commands will provide detailed information about the crypto map configurations
of a Cisco ASA?
A. show run ipsec sa
B. show ipsec sa
C. show crypto map
D. show run crypto map
Answer: D
QUESTION: 12
Which of these commands would block all SIP INVITE packets, such as calling-party and
request-method, from specific SIP endpoints?
A. Group the match commands in a SIP inspection policy map.
B. Group the match commands in a SIP inspection class map.
C. Use the match calling-party command in a class map. Apply the class map to a policy map
that contains the match request-methods command.
D. Use the match request-methods command in an inspection class map. Apply the inspection
class map to an inspection policy map that contains the match calling-party command.
E. Group the match commands in the global_policy policy map.

The primary adaptive security appliance failed, so the secondary adaptive security appliance was
automatically activated. The network administrator then fixed the problem. Now the administrator
wants to return the primary to “active” status. Which of these commands, when issued on the
primary adaptive security appliance, will reactivate the primary adaptive security appliance and
restore it to “active” status?
A. failover primary active
B. failover secondary group 1
C. failover active group 1
D. failover secondary standby group 1
Answer: C
QUESTION: 17
You are configuring a crypto map. Which of these commands would you use to specify the peer
to which IPsec-protected traffic can be forwarded?
A. crypto map set peer 192.168.7.2
B. crypto map 20 set-peer insidehost
C. crypto-map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2

Answer: D
QUESTION: 18
Which three types of information can be found in the syslog output for an adaptive security
appliance? (Choose three.)
A. time stamp and date
B. logging level
C. default router
D. interface packet received
E. hostname of the packet sender
F. message text
Answer: A, B, F

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-523 Exam preparation. In the 642-523 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 63 Q&As
Updated: April 11th , 2008
Market Price: $125.99
Member Price: $99.99

Free Down:Pass4sure Cisco CCSP 642-523 v2.93

Testking 642-523

password:www.pass4sure.cc

Brandon James Carroll

ISBN-10: 1-58705-542-2

ISBN-13: 978-1-58705-542-3

As a final exam preparation tool, the CCSP SNPA Quick Reference provides a concise review of all objectives on the new CCSP SNPA exam (642-523). This digital Short Cut provides you with detailed, graphical-based information, highlighting only the key topics in cram-style format.

With this document as your guide, you will review topics on securing networks using routers and switches. These fact-filled Quick Reference Sheets allow you to get all-important information at a glance, helping you focus your study on areas of weakness and enhance memory retention of essential exam concepts.

TOC

1. Cisco Security Appliance Technology and Features and Families

2. Getting Started with Cisco Security Appliances Configurations

3. Inbound Traffic, ACLs, Object Grouping

4. AAA Configurations

5. Switching and Routing on ASA

6. Protocol Inspections

7. PIX and ASA VPNs

8. Understanding Transparent Firewall Mode

9. Virtual Firewalls

10. Failover

About the Author:

Brandon James Carroll is one of the country’s leading instructors for Cisco security technologies, teaching classes that include the CCNA, CCNP, and CCSP courses; a number of the CCVP courses’ and custom developed courseware. In his six years with Ascolta, Brandon has developed and taught many private Cisco courses for companies such as Boeing, Intel, and Cisco itself. He is a CCNA, CCNP, and CCSP and a certified Cisco instructor. Brandon is the author of Cisco Access Control Security.

Before becoming a technical instructor for Ascolta, Mr. Carroll was a technician and an ADSL specialist for GTE Network Services and Verizon Communications. His duties involved ISP router support and network design. As a lead engineer, he tested and maintained Frame Relay connections between Lucent B-STDX and Cisco routers. His team was in charge of troubleshooting ISP Frame Relay to ATM cutovers for ADSL customers. Brandon trained new employees at Verizon to the EPG in ADSL testing and troubleshooting procedures and managed a “Tekwizard” database for technical information and troubleshooting techniques. Mr. Carroll majored in information technology at St. Leo University.

About the Technical Editor:

Murtaza Bhaiji, CCIE No. 14445 (Security), is a solution-oriented IT security specialist with notable success directing a broad range of corporate IT initiatives over his seven-year career. Murtaza holds a number of certifications in different fields, notably CCIE in Security. He has also been an avid speaker in forums such as Network Society of Pakistan and Ethink-Tank Tanzania. Murtaza’s specialty is in design aspects of solutions using best-fit technologies and products in line with business needs. Currently he is positioned as manager of networking and security for Mideast Data Systems.* By Brandon James Carroll.
* Published by Cisco Press.
* Series: Quick Reference Sheets.

More info：CCSP SNPA Quick Reference

Exam Description
The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA Security Appliance products.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Install and configure a Security Appliance for basic network connectivity

* Describe the Security Appliance hardware and software architecture
* Determine the Security Appliance hardware and software configuration and verify if it is correct
* Use setup or the CLI to configure basic network settings, including interface configurations
* Use appropriate show commands to verify initial configurations
* Configure NAT and global addressing to meet user requirements
* Configure DHCP client option
* Set default route
* Configure logging options
* Describe the firewall technology
* Explain the information contained in syslog files
* Configure static address translations
* Configure Network Address Translations: PAT
* Verify network address translation operation

Configure a Security Appliance to restrict inbound traffic from untrusted sources

* Configure access-lists to filter traffic based on address, time, and protocols
* Configure object-groups to optimize access-list processing
* Configure Network Address Translations: Nat0
* Configure Network Address Translations: Policy NAT
* Configure java/activeX filtering
* Configure URL filtering
* Verify inbound traffic restrictions
* Configure static port redirection
* Configure a net static
* Set embryonic and connection limits on the Security Appliance

Configure a Security Appliance to provide secure connectivity using site-to-site VPNs

* Explain the basic functionality of IPsec
* Configure IKE with preshared keys
* Differentiate between the types of encryption
* Configure IPsec parameters
* Configure crypto-maps and ACLs

Configure a Security Appliance to provide secure connectivity using remote access VPNs

* Explain the functions of EasyVPN
* Configure IPsec using EasyVPN Server/Client
* Configure the Cisco Secure VPN client
* Explain the purpose of SSL VPN
* Configure WebVPN services: Server/Client
* Verify VPN operations
* Install and Configure SVCs
* Install and Configure Cisco Secure Desktop

Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance

* Explain differences between L2 and L3 operating modes
* Configure Security Appliance for transparent mode (L2)
* Explain purpose of virtual firewalls
* Configure Security Appliance to support virtual firewall
* Monitor and maintain virtual firewall
* Explain the types, purpose and operation of fail-over
* Install appropriate topology to support cable-based or LAN-based fail-over
* Explain the hardware, software and licensing requirements for high-availability
* Configure the Security Appliance for active/standby fail-over
* Configure the Security Appliance for stateful fail-over
* Configure the Security Appliance for active-active fail-over
* Verify fail-over operation
* Recover from a fail-over
* Allocate resources to virtual firewalls

Configure AAA services for the Security Appliance

* Configure ACS for Security Appliance support
* Configure Security Appliance to use AAA feature
* Configure authentication using both local and external databases
* Configure authorization using an external database
* Configure the ACS server for downloadable ACLs
* Configure accounting of connection start/stop
* Verify AAA operation

Configure routing and switching on a Security Appliance

* Enable DHCP server and relay functionality
* Configure VLANs on a Security Appliance interface
* Configure Security Appliance to pass multi-cast traffic

Configure Security Appliance advanced application layer and modular policy features

* Configure a class-map
* Configure a policy-map
* Configure a service-policy
* Configure a ftp-map
* Configure a http-map
* Configure an inspection protocol
* Explain the function of protocol inspection
* Explain DNS guard feature
* Describe the AIP-SSM HW and SW
* Load IPS SW in the AIP-SSM
* Verify AIP-SSM
* Configure an IPS modular policy
* Describe the CSC-SSM HW and SW
* Configure a typed class map
* Configure a typed policy map
* Use typed policy maps to specify granular inspection parameters for a policy map
* Configure regex class maps
* Create regular expressions
* Load CSC SW on the SSM
* Verify the CSC-SSM
* Divert traffic to the CSC-SSM
* Initialize the CSC-SSM