Job roles of those pursuing this certification typically include: network security administrators, systems security administrators, and infrastructure security specialists.

To achieve the CCSP, a candidate must pass a total of five exams, consisting of the 642-502 SNRS exam; the 642-522 SNPA exam; the 642-532 IPS exam; the 642-513 HIPS or 642-511 CSVPN exam; and the 642-551 SND or 642-541 CSI exam.

Start down the road to CCSP test success utilizing all of the benefits of CCSP certification exams braindumps.
CCSP Exams Dumps
Exam Code Exam Name
642-501 Securing Cisco IOS Networks (SECUR)
642-541 Cisco SAFE Implementation Exam (CSI)
642-521 Cisco Secure PIX Firewall Exam (CSPFA )
642-511 Cisco Secure Virtual Private Networks (CSVPN)
642-531 Cisco Secure Intrusion Detection System (CSIDS)
642-533 Implementing Cisco Intrusion Prevention Systems (IPS)
642-501 Securing Cisco IOS Networks (SECUR)
642-521 Cisco Secure PIX Firewall Exam (CSPFA )
642-531 Cisco Secure Intrusion Detection System (CSIDS)
642-531 Cisco Secure Intrusion Detection System (CSIDS)
642-541 Cisco SAFE Implementation Exam (CSI)
642-541 Cisco SAFE Implementation Exam (CSI)
642-552 Securing Cisco Networking Devices (SND)
642-522 Securing Networks with PIX and ASA
642-502 Securing Networks with Cisco Routers & Switches
642-513 Securing Hosts Using Cisco Security Agent
642-542 Cisco SAFE Implementation Exam (CSI)
642-551 Securing Cisco Network Devices (SND)
642-532 Implementing Cisco Intrusion Prevention System (IPS)
642-503 Securing Networks with Cisco Routers and Switches
642-523 Securing Networks with PIX and ASA (SNPA)
642-504 Securing Networks with Cisco Routers and Switches Exam (SNRS)
642-524 Securing Networks with ASA Foundation
642-515 Securing Networks with ASA Advanced (SNAA)
44.Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.)A.Downloadable ACLs are supported using TACACS+ or RADIUS.B.Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.C.The security appliance supports only per-user ACL authorization.D.The downloadable ACL must be attached to a user or group profile on a AAA server.
Answer:B D
45.What is the purpose of the url-list command in global configuration mode?A.Stop the end user from accessing pre-defined URLs.B.Allow end users access to URLs.C.Allow end users access to CIFS shares and URLs.D.Configure a set of URLs for WebVPN users to access.
Answer:D
46.Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.)A.show disk0:B.show memoryC.dirD.show flash:
Answer:A C D
47.What does the following command used for? PG-fw1(config)# filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0A.to filter Java traffic on HTTP from any host and to any hostB.to filter ActiveX traffic on HTTP from any host and to any hostC.to filter ActiveX traffic once it has been applied to an interfaceD.to filter ActiveX traffic from the default route
Answer:B
48.Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins?A.internal websitesB.Microsoft Outlook Web AccessC.files on the network, via FTP or the CIFS protocolD.web-enabled applications
Answer:A B C D

Pre-requisites:

If you have a CCNA and you have passed the SND exam you are got to go. If not you will need to clear the CCNA Security to satisfy the prerequisites.

Exams:

In addition to the pre-requisites you have to pass three required exams and choose one more from the elective exams. Any exam from the electives will satisfy the Certification requirements.

So lets see what you would need to pass these exams. I will also include the study materials that i will be using for each exam.

1) 642-504 SNRS Securing Networks with Cisco Routers and Switches (SNRS)

As the name suggests, securing networks with routers and switches. Expect to use a lot of CLI for this exam. You will be required to configure VPNs, IOS-IPS, layer-2 security and CBAC.

I think this is one of the hardest one in all the CCSP exams. Lots and lots of CLI configurations that surely will give you nightmares.

2.) 642-524 SNAF Securing Networks with ASA Foundation (SNAF)

This is like SNRS but all GUI based. Yup the foundation and the concepts are the same. But instead of using the CLI to perform the security functions you will be required to use a security appliance. You will be using ASDM to do most of the configurations, don’t get me wrong you will still be required to do CLI based configurations. You will be using ASDM to configure VPNs, AAA, L3/L4 protocol inspections and firewalls.

This just like SDM, you can either run ASDM on a pc or install it on the ASA device.

3) 642-533 IPS Implementing Cisco Intrusion Prevention System (IPS)

You will be required to deploy, configure, and administer Cisco IPS sensors to protect network devices as well as efficiently manage IPS alarms. This exam is all about IPS. So you have to dig deep and get into the core of Cisco IPS.

Once again you will be required to know how to configure IPS using CLI. There are other appliances also that you will need to use including Cisco IDM and IEV.

4) Elective Exams (Choose One)

a) 642-591 CANAC Implementing Cisco NAC Appliance (CANAC)

So what is NAC?
The NAC Appliance (Cisco Clean Access) is a “shrink-wrapped” network admission control solution that recognizes users, their devices and roles; evaluates the security posture of the endpoint and scans for vulnerabilities; and enforces policy in the network. In particular, prior to allowing users onto the network, the NAC Appliance (Cisco Clean Access) solution allows administrators to authenticate, authorize, interrogate and remediate users and their machines enforcing policy based access control on the network.

b.) 642-545 MARS Implementing Cisco Security Monitoring, Analysis and Response System (MARS)

One more security appliance to know off. Once again GUI based and a lot of configuration involved including installing and maintenance along with event and traffic inspections.

c) 642-515 SNAA Securing Networks with ASA Advanced (SNAA)

As the name suggests it is basically SNAF on steroids. You will be required to configure advance features on ASA, including configuring the ASA 5505 dual-ISP support, configuring ASA 5505 VLANs, configuring policy NAT, installing and configuring the Cisco Secure Desktop, configuring the security appliance to pass multicast traffic, configuring Layer 7 class maps and policy maps, and initializing the AIP-SSM and CSC-SSM.

Note: For a complete list of exam objective please visit the cisco’s website.

Certification Notes: (things you will need)

i) If you are using GNS3, make sure you are using IOSs with version 12.4(6)T and newer.
ii) ASA and PIX Security Appliance 8.0 AKA ASA 5500 Rev 8.
iii) Adaptive Security Device Manager (ASDM) Version 5.0(2) or 6

Now don’t get confused here Cisco ASA are devices, security devices. Using ASA you can configure NAT, VPNs and IPS. More information here : http://www.cisco.com…120/index.html.

My preparations:

Lets be honest i can’t in my dreams afford an ASA device to work on, i mean come on they range from $1500 to 10K. So i will be using virtualization to achieve my goals. I will be using GNS, Pemu and Qemu to emulate an ASA device.

Next i will need to get my hands on ASDM. I haven’t downloaded it yet, because i couldn’t find the version 6.0.

I am also going to need to find some IOSs that support IPS and other security features.

Lets take a minute here. If you look at at its not that difficult. Look you need to know everything about ASA devices, and in doing so you will need to understand all the theory behind the security features as well as the applications you will be using to perform these tasks.

I have decided to take the SNAF and SNAA first and then the SNRS and IPS. I am pairing them because they are related to each other.

So stay tuned i will open another thread for my first two exams and post as i progress.

Video 1 – “Introduction to SNAF” – This opening nugget is an overview of the exam objectives as well as a look at the entire nugget series.

Video 2 – “ASA Features and Technology” – Here we explore the functionality of the three types of firewalls are used to secure our network infrastructure. You will learn the technology and features of Cisco various security appliances.

Video 3 – “PIX and ASA Product Line” – This nugget is a survey of the different Cisco ASA and PIX security appliance models. The Cisco ASA security appliance licensing options are also covered as well.

Video 4 – “Security Appliance basics” – In this knowledge packed SNAF nugget we’ll find out about the four main access modes, appliance file management system, security levels, ASDM requirements and capabilities, using the CLI to configure and verify basic network settings, prepare the ASA for configuration via Cisco ASDM, and finally verification of ASA configuration and licensing via Cisco ASDM.

Video 5 – “Configuring the ASA” – This vital nugget explores the configuration of ASA for basic network connectivity which includes verifying the initial configuration, setting the clock and synchronizing the time on a security appliance. You’ll also configure a security appliance to send syslog messages to a syslog server.

Video 6 – “Translations and Connection (Part 1)” – This important SNAF module describes how the TCP and UDP protocols function within the security appliance. In addition the dynamic address translations are defined and configured.

Video 7 – “Translations and Connection (Part 2)” – This follow-up nugget describes and configures port address translation along with static address translations. The process of setting connection limits is also covered.

Video 8 – “ACLs and Content Filtering” – This nugget will introduce you to the explanation and configuration appliance ACLs. You will configure active code filtering (Microsoft ActiveX and Java applets) as well as configure the security appliance for URL filtering.

Video 9 – “Object Grouping” – Welcome to the wonderful and optimizing world of object grouping. Learn all about the object grouping feature of the security appliance and its advantages – an advantage you’ll see time and again throughout this nugget series. You will also learn to configure object groups and use them in ACLs.

Video 10 – “Switching and Routing” – In this gem we cover the configuration of logical interfaces and VLANs on the switching side and on the routing side we look at static routes, static route tracking, and the dynamic routing capabilities of Cisco security appliances and configure passive RIP routing.

Video 11 – “Cut-Through Proxy” – This one explores AAA functions, local user database configuration, installation and configuration of Cisco Secure ACS, cut-through proxy authentication, and configuring user authorization using downloadable ACLs.

Video 12 – “Cisco Modular Policy Framework” – MPF is a powerful policy language for the ASA and in this nugget you’ll learn about the Cisco Modular Policy Framework feature set; the functionality of class maps, policy maps and service policies; how to use the Cisco ASDM to configure a service policy rule and a policy for management traffic, Finally, the technique for displaying Cisco Modular Policy Framework component will be covered.

Video 13 – “Advanced Protocol Handling and Threat Detection” – This SNAF nugget combines two powerful features. The topics covered include: the need for advanced protocol handling; how the security appliance implements inspection of common network applications; the issues with multimedia applications and how the security appliance supports multimedia call control and audio sessions; threat detection and threat statistics; and basic threat detection, scanning threat detection, and viewing threat detection statistics.

Video 14 – “Site-to-Site VPNs with PSKs” – Here we explore how security appliances enable a secure VPN. We also look at: how IPSec works; preparing to configure an IPSec VPN; configuring a VPN between security appliances; implementing the Site-to-Site VPN menus in Cisco ASDM to modify a configured site-to-site VPN; and testing and verifying a site-to-site VPN configuration.

Video 15 – “Remote-Access VPN Configuration” – In this nugget you’ll learn about Cisco Easy VPN, the Cisco VPN Client, configuring an IPSec Remote-Access VPN; and configuring users and groups.

Video 16 – “Cisco SSL VPN for the ASA” – Here is a continuation of the VPN theme as we look at SSL VPN and its purpose. We will use the SSL VPN Wizard to configure a basic Clientless SSL VPN connection and finally verify SSL VPN operations.

Video 17 – “Transparent Firewall Mode” – This SNAF module will explain the purpose of transparent firewall mode as well as how data traverses a security appliance in transparent mode. You will learn how to enable transparent firewall mode along with monitoring and maintaining transparent firewall mode.

Video 18 – “Security Contexts” – Here is where the scalability, power, and extensibility of the ASA are really seen through the newest virtualization technology. We will discover the purpose of security contexts and how to enable and disable multiple context mode. Also we will configure a security context and allocate resources to a security context. In the final section of this nugget we will manage a security context.

Video 19 – “Configuring Failover” – This SNAF nugget module describes the difference between hardware and stateful failover as well as the difference between active/standby and active/active failover. You’ll learn about the security appliance failover hardware requirements and how active/standby failover works. The security appliance roles of primary, secondary, active, and standby will be covered as well as how active/active failover works. Then you will see how the ADSM is used to configure active/standby LAN-based failover and active/active failover.

Video 20 – “Security Appliance Management” – The final nugget of this series covers the following maintenance topics: configuring telnet access to the security appliance; configuring SSH access to the security appliance; configuring command authorization; recovering security appliance passwords using general password recovery procedures; and finally installing and upgrading the software image on the security appliance.

http://cbtnuggets.com/webapp/product?id=480

MU Link

http://www.megaupload.com/?d=5Q8VRTHV

http://www.megaupload.com/?d=AAFT58XW

http://www.megaupload.com/?d=DIY5ZVKW

http://www.megaupload.com/?d=HP2KVDTV

http://www.megaupload.com/?d=L85O4CV0

http://www.megaupload.com/?d=LJ8MP64J

DepositeFile

http://depositfiles.com/files/3d2yh57dj

http://depositfiles.com/files/tpdnsv0yg

http://depositfiles.com/files/k366apupk

http://depositfiles.com/files/5mk8gjr4x

http://depositfiles.com/files/ahkc2funq

http://depositfiles.com/files/bjc6aluen

FileFactory

http://www.filefactory.com/file/ahh081e/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part01_rar

http://www.filefactory.com/file/ahh1f5e/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part03_rar

http://www.filefactory.com/file/ahh1c25/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part02_rar

http://www.filefactory.com/file/ahh159h/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part04_rar

http://www.filefactory.com/file/ahh169h/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part05_rar

http://www.filefactory.com/file/ahh1696/n/Cisco_CCSP_Security_–_Exam-Pack_642-524_part06_rar

Securing Networks with ASA Foundation

Q&A V3.21

www.PassGuide.com

(C) Copyright 2006-2009 CertBible Tech LTD,All Rights Reserved.

Important Note
Please Read Carefully

Study Tips

This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.

Go through the entire document at least twice so that you make sure that you are not
missing anything.

Latest Version

We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 120 days after the purchase. You should check your
member zone at PassGuide an update 3-4 days before the scheduled exam date.

Feedback

If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.

Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————

Copyright

Each pdf file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular pdf file is
being distributed by you, CertBible reserves the right to take legal action against you
according to the International Copyright Laws.
1.Tom works as a network administrator for the PG company. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status. Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?A.failover resetB.failover primary activeC.failover activeD.failover exec standby
Answer:C
2.For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?A.dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZB.dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZC.dhcpd range 10.0.1.100-10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZD.dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer:A
3.Look at the following exhibit carefully, which one of the four diagrams displays a correctly configured network for a transparent firewall?A.1B.2C.3D.4
Answer:D
4.What is the effect of the per-user-override option when applied to the access-group command syntax?A.The log option in the per-user access list overrides existing interface log options.B.It allows for extended authentication on a per-user basis.C.It allows downloadable user access lists to override the access list applied to the interface.D.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
Answer:C
5.John works as a network administrator for the PG company. According to the exhibit, the only traffic that John would like to allow through the corporate Cisco ASA adaptive security appliance is inbound HTTP to the DMZ network and all traffic from the inside network to the outside network. John also has configured the Cisco ASA adaptive security appliance, and access through it is now working as expected with one exception: contractors working on the DMZ servers have been surfing the Internet from the DMZ servers, which (unlike other Company XYZ hosts) are using public, routable IP addresses. Neither NAT statements nor access lists have been configured for the DMZ interface. What is the reason that the contractors are able to surf the Internet from the DMZ servers? (Note: The 192.168.X.X IP addresses are used to represent routable public IP addresses even though the 192.168.1.0 network is not actually a public routable network.)A.An access list on the outside interface permits this traffic.B.NAT control is not enabled.C.The DMZ servers are using the same global pool of addresses that is being used by the inside hosts.D.HTTP inspection is not enabled.
Answer:B
6.In order to recover the Cisco ASA password, which operation mode should you enter?A.configureB.unprivilegedC.privilegedD.monitor
Answer:D
7.Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)A.For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.B.If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.C.The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.D.If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Answer:B C D
8.Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?A.show ip nat allB.show running-configuration natC.show xlateD.show nat translation
Answer:C
9.Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)A.It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.B.It supports SIP with NAT but not with PAT.C.It supports multimedia with or without NAT.D.It supports RTSP, H.323, Skinny, and CTIQBE.
Answer:A C D
10.What is the result if the WebVPN url-entry parameter is disabled?A.The end user is unable to access pre-defined URLs.B.The end user is unable to access any CIFS shares or URLs.C.The end user is able to access CIFS shares but not URLs.D.The end user is able to access pre-defined URLs.
Answer:D
11.You work as a network engineer at Pass4sure.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network attempts to use FTP to download a file from InsideHost,which resides on the inside interface of the security appliance.What does the security appliance do with the traffic from the partnernet host?A.Sends it to the Cisco ASA Advanced Inspection and Prevention(AIP)-Security Services Module(SSM)for inspection before forwarding it to its destinationB.Sends it to the Cisco ASA 5500 Series Content Security and Control(CSC)SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:D
12.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. Which traffic does the security appliance inspect globally(regardless of the interface on which the traffic enters the security appliance)?(Choose 3)A.HTTPB.DNSC.GTPD.H.323 H.225
Answer:A B D
13.You work as a network engineer at PassGuidecom, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network makes a VoIP call to 172.20.1.15,which is statically mapped to an IP phone on the inside network.What does the security appliance do with the VoIP traffic between host 172.20.1.15 and the host on the partnernet network?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destination unless the connection limit is already metD.Applies low latency queuing as it exits the partnernet interface
Answer:D
14.You work as a network engineer at PaGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the outside network sends e-mail to the public e-mail server.What does the security appliance do with the traffic from the outside host?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:A
15.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network attempts to access the public web server via HTTP.What does the security appliance do with traffic from the partnernet?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:C
16.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the outside network makes a VoIP call to a host on the inside network.What does the security appliance do with the traffic from the host on the outside network?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Drops it
Answer:D
17.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose three.)A.IPsec over TCPB.IPsec over UDPC.ESPD.AH
Answer:A B C
18.Which two options are correct about the impacts of this configuration? (Choose two.) class-map INBOUND_HTTP_TRAFFIC
match access-list TOINSIDEHOST
class-map OUTBOUND_HTTP_TRAFFIC
match access-list TOOUTSIDEHOST
policy-map MYPOLICY
class INBOUND_HTTP_TRAFFIC
inspect http
set connection conn-max 100
policy-map MYOTHERPOLICY
class OUTBOUND_HTTP_TRAFFIC
inspect http
service-policy MYOTHERPOLICY interface inside
service-policy MYPOLICY interface outsideA.Traffic that matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.B.Traffic that enters the security appliance through the inside interface is subject to HTTP inspection.C.Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.D.Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection.
Answer:C D
19.Take the following configuration shown in the exhibit carefully, what traffic will be logged to the AAA server?A.Only authenticated and authorized console connection information will be logged in the accounting database.B.All outbound TCP connection information will be logged in the accounting database.C.No information will be logged. This is not a valid configuration because TACACS+ connection information cannot be captured and logged.D.All connection information will be logged in the accounting database.
Answer:B
20.What are the two purposes of the same-security-traffic permit intra-interface command? (Choose two.)A.It allows all of the VPN spokes in a hub-and-spoke configuration to be terminated on a single interface.B.It enables Dynamic Multipoint VPN.C.It permits communication in and out of the same interface when the traffic is IPSec protected.D.It allows communication between different interfaces that have the same security level
Answer:A C
21.How many unique transforms will included in a single transform set while configuring a crypto ipsec transform-set command?A.threeB.twoC.fourD.one
Answer:B
22.Study the following exhibit carefully, the Cisco ASA adaptive security appliance is using software version 8.0 with the default configuration. Configure the interfaces displayed in the exhibit with the security levels that are shown, and enable the interfaces. Management-only mode is disabled on m0/0. Which two statements correctly describe these interfaces? (Choose two.)A.Interface m0/0 can access interface g0/2, but interface g0/2 cannot access interface m0/0 unless it is given permission.B.Interface g0/1 can access interface m0/0, and interface m0/0 can access interface g0/1.C.Interface g0/1 cannot access interface m0/0 unless it is given permission, and interface m0/0 cannot access interface g0/1 unless it is given permission.D.No traffic can flow between the g0/2 and g0/3 interfaces.
Answer:A D
23.John works as a network administrator , according to the following exhibit. Descriptions are added to class maps for each part of the modular policy framework. Which text should John add to the description command to describe the TO_SERVER class map?
PG-asa1(config)#access-list UDP permit udp any any
PG-asa1(config)#access-list TCP permit tcp any any
PG-asa1(config)#access-list PUBLIC_WEB permit ip any 10.10.10.100 255.255.255.255 PG-asa1(config)#class-map ALL_VDP
PG-asa1(config-cmap)#description “This class-map matches all UDP traffic”
PG-asa1(config-cmap)#match access-list VDP
PG-asa1(config-cmap)#class-map ALL_TCP
PG-asa1(config-cmap)#description “This class-map matches all TCP traffic”
PG-asa1(config-cmap)#match access-list TCP
PG-asa1(config-cmap)#class-map ALL_WEB_SERVER
PG-asa1(config-cmap)#description “This class-map matches all HTTP traffic”
PG-asa1(config-cmap)#match port tcp eq http
PG-asa1(config-cmap)#class-map TO_SERVER
PG-asa1(config-cmap)#match access-list PUBLIC_WEBA.description “This class-map matches all TCP traffic for the public web server.”B.description “This class-map matches all HTTP traffic for the public web server.”C.description “This class-map matches all HTTPS traffic for the public web server.”D.description “This class-map matches all IP traffic for the public web server.”
Answer:D
24.What is the reason that you want to configure VLANs on a security appliance interface?A.for use in conjunction with device-level failover to increase the reliability of your security applianceB.for use in transparent firewall mode, where only VLAN interfaces are usedC.to increase the number of interfaces available to the network without adding additional physical interfaces or security appliancesD.for use in multiple context mode, where you can map only VLAN interfaces to contexts
Answer:C
25.By default, the AIP-SSM IPS software is accessible from the management port at IP address 10.1.9.201/24. Which CLI command should an administrator use to change the default AIP-SSM management port IP address?A.interfaceB.hw module 1 recoverC.setupD.hw module 1 setup
Answer:C
26.Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?A.show ipsec saB.show crypto mapC.show run ipsec saD.show run crypto map
Answer:D
27.Which three potential groups are of users for WebVPN? (Choose three.)A.employees accessing specific internal applications from desktops and laptops not managed by ITB.administrators who need to manage servers and networking equipmentC.employees that only need occasional corporate access to a few applicationsD.users of a customer service kiosk placed in a retail store
Answer:A C D
28.Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)A.BGP dynamic routingB.802.1Q VLANsC.OSPF dynamic routingD.static routes
Answer:B C D
29.Which one of the following commands will prevent all SIP INVITE packets, such as calling-party and request-method, from specific SIP endpoints?A.Use the match calling-party command in a class map. Apply the class map to a policy map that contains the match request-methods command.B.Group the match commands in a SIP inspection class map.C.Use the match request-methods command in an inspection class map. Apply the inspection class map to an inspection policy map that contains the match calling-party command.D.Group the match commands in a SIP inspection policy map.
Answer:B
30.Which two statements are true about multiple context mode? (Choose two.)A.Multiple context mode does not support IPS, IPsec, and SSL VPNs, or dynamic routing protocols.B.Multiple context mode enables you to create multiple independent virtual firewalls with their own security policies and interfaces.C.Multiple context mode enables you to add to the security appliance a hardware module that supports up to four independent virtual firewalls.D.When you convert from single mode to multiple mode, the security appliance automatically adds an entry for the admin context to the system configuration with the name “admin.”
Answer:B D
31.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?A.Use the vlan command on the main interface.B.Use the shutdown command on the main interfaceC.Omit the nameif command on the subinterfaceD.Omit the nameif command on the main interface.
Answer:D
32.For creating and configuring a security context, which three tasks are mandatory? (Choose three.)A.allocating interfaces to the contextB.assigning MAC addresses to context interfacesC.creating a context nameD.specifying the location of the context startup configuration
Answer:A C D
33.Study the exhibit carefully. Which two types of failover is this adaptive security appliance configured for? (Choose two.)
PG-asa1# show failover Failover On Cable status:
N/A-LAN-based failover enabled Failover unit Primary Failover LAN Interface:
Ianfail GigabitEthernet0/2 (up) Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 4 of 250 maximum Group 1 last failover at:
15:54:49 UTC Sept 17 2006 Group 2 last failover at:
15:55:00 UTC Sept 17 2006A.stateful failoverB.LAN-based failoverC.cable-based failoverD.Active/Active failover
Answer:B D
34.Which two descriptions are correct about configuring passive RIP on the security appliance based on the following exhibit? (Choose two.)A.You must specify a classful network IP address to define a network for the RIP routing process.B.If you enable passive RIP, all interfaces must operate in passive mode.C.There is no limit to the number of networks you can specify for the RIP routing process.D.Enabling passive RIP mode causes the security appliance to receive all RIP routing updates but send only a default route to neighboring routers.
Answer:A C
35.Which of these identifies basic settings for the security appliance, including a list of contexts?A.network configurationB.admin configurationC.system configurationD.primary configuration
Answer:C
36.Study the exhibit carefully. The security policy for PG Corporation allows only the following traffic through the corporate adaptive security appliance: –outbound NTP traffic from the inside network to any outside destination –FTP traffic from the inside network to the FTP server on the DMZ –outbound HTTP traffic from the inside network to any outside destination –FTP traffic from the outside 192.168.6.0/24 network to the FTP server on the DMZ –any HTTP traffic from the outside to the web server on the DMZ The network administrator configured access rules according to the security policy requirements but made two mistakes. Which are two mistakes? (Choose two.)A.missing ACEB.incorrect destination addressC.missing ACLD.incorrect order of ACLs
Answer:B D
37.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?A.set connectionB.natC.staticD.HTTP-map
Answer:D
38.Which option correctly describes the order to upgrade the license (activation key) for your security appliance from Cisco ASDM?A.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears on the chassis of the security appliance.
Step 2 Reboot the security appliance to ensure that the image in flash and the running image are the same.
Step 3 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with no spaces.
Step 4 Click Update Activation Key in the Activation Key panel.
Step 5 Reload the security appliance to activate the flash activation key.B.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears in the show version command output. Step 2 Reboot the security appliance to ensure that the image in flash and the running image are the same.
Step 3 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with one space between each element.
Step 4 Click Update Activation Key in the Activation Key panel.
Step 5 Reload the security appliance to activate the flash activation key.C.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears in the show version command output. Step 2 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a three- or four-element hexadecimal string with one space between each element.
Step 3 Click Update Activation Key in the Activation Key panel.
Step 4 Click Save in the Cisco ASDM toolbar.D.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears on the chassis of the security appliance.
Step 2 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with no spaces.
Step 3 Click Update Activation Key in the Activation Key panel.
Step 4 Click Save in the Cisco ASDM toolbar.
Answer:B
39.You are a network administrator for the PG company. After the primary adaptive security appliance failed, the secondary adaptive security appliance was automatically activated. You fixed the problem. Now you would like to restore the primary to “active” status. When issued on the primary adaptive security appliance, which command would reactivate the primary adaptive security appliance and return it to “active” status?A.failover secondary standby group 1B.failover primary activeC.failover active group 1D.failover secondary group 1
Answer:C
40.Which two scenarios correctly describe the impact of the configuration shown in the exhibit? (Choose two.)A.User addison enters the login command at the > prompt and logs in with the correct username and password when prompted. User addison can then enter the global configuration mode on the security appliance.B.User carter enters the enable command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode.C.User carter enters the login command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode on the security appliance.D.User kenny enters the enable command at the > prompt and logs in with the correct username and password when prompted. User kenny can then enter the global configuration mode.
Answer:A D
41.While configuring a crypto map, which command will be used to specify the peer to which IPsec-protected traffic could be forwarded?A.crypto-map policy 10 set 192.168.7.2B.crypto map set peer 192.168.7.2C.crypto map 20 set-peer insidehostD.crypto map peer7 10 set peer 192.168.7.2
Answer:D

“Securing Networks with ASA Foundation”, also known as 642-524 exam, is a Cisco certification.With the complete collection of questions and answers, Testking has assembled to take you through 147 Q&As to your 642-524 Exam preparation. In the 642-524 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Free Demo DownloadTestking offers free demo for 642-524 exam (Securing Networks with ASA Foundation). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.

Updated: November 26th , 2008 Price: $129.99$125.98 Product DescriptionExam Number/Code: 642-524
Exam Name: 642-524 Value Pack
Our technical expert highly recommend that you buy this “642-524 Q&A+Preparation Labs” value pack. In order that candidates will better grasp the CCSP knowledge, our technical experts outline the examination topics and compile a set of CCSP Preparation Labs, which not only covers all the main and important CCSP knowledge, but also adds some sample questions and analysis of related certification. After you master all the labs, and learn of 642-524 Q&A, you will surely have a thorough understanding of 642-524 knowledge. Value pack is surely the best choice for you to pass 642-524 with high scores.

39.99+99.99=139.98 now! $125.98 $14

Preparation Lab: 17 Labs Updated: November 26th , 2008 Price: $59.99$39.99 642-524 Preparation Labs

Why Testking develops exam 642-524 labs?1. Customer demands. Firstly, pass-the-exam demand. Over the years, Testking has been receiving feedbacks from customers regarding lab problems encountered in their tests. Secondly, practical-application Demand. “Yes, I’ve passed the exam,” some customers said, “but I do not know where the problem is and how to deal with this troubleshooting.”
2. Reality demands.Knowledge of troubleshooting is an important skill and employees are expected to diagnose and solve issues during the daily work. Exam 642-524 Labs enables the users to master common troubleshooting.
3. Technology itself is boring, but actual application is of fun. The discovery-and-solving process of problems will often bring us unexpected pleasure. A group of experts gathered by Testking, after in-depth study and analysis of exam 642-524, has built a set of labs for exam 642-524 which include all labs you may encounter in exam 642-524 and some common troubleshootings application, as well as steps to solve problems. We hope this will be helpful for those customers who are currently preparing for exam 642-524.

Testking Engine FeaturesQuality and Value for the 642-524 ExamTestking Practice Exams for Cisco CCSP 642-524 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-524 ExamIf you do not pass the CCSP 642-524 exam (Securing Networks with ASA Foundation) on your first attempt using our Testking testing engine, we will give you a FULL REFUND of your purchasing fee.
Downloadable, Interactive 642-524 Testing enginesOur Securing Networks with ASA Foundation Exam Preparation Material provides you everything you will need to take a CCSP certification examination. Details are researched and produced by Cisco Certification Experts who are constantly using industry experience to produce precise, and logical.

Comprehensive questions with complete explanations about 642-524 exam 642-524 exam questions accompanied by exhibits Verified Answers Researched by Industry Experts and almost 100% correct 642-524 exam questions updated on regular basis Same type as the certification exams, 642-524 exam preparation is in multiple-choice questions (MCQs). Tested by multiple times before publishing Try free 642-524 exam demo before you decide to buy it in Testking.com Feedbacks Hi all

I passed the exam of 642-524 finally which made me more relax.

My score is 932/1000 which is not worth being proud.

But my objective is to pass the exam.

Short preparation may be the most likely cause of this result.

I think the following part is the emphasis and the importance of this exam: Configure and verify secure connectivity using VPNs, some subjects of which I can’t understand ,this is the cause of losing points

I think doing the P4S tests is more helpful than studying the theory. Certainly, the theory must be mastered.

Wish you passing the exam successfully!
– Bowen (Nov, 17 2008) Hi guys

I took the exam of 642-524 last week, my score is 954/1000.

80% of the subjects are basic, about 10% are difficult.

I spent three weeks on preparations for the exam, the two weeks before the exam are mainly spent on reading(Study Guide and the Exam Guide).The last week was spent for P4S tests.

I think this is very effective.

Good luck!
– Anderson (Nov, 14 2008) Hi friends

I passed the SNAF exam today, my score is 988/1000 which makes me very satisfied. But the happiest thing is passing the exam which allows me to be closer to CCSP.

We shouldn’t imagine that the exam is very difficult, if we prepared completely, the exam seems easier.

As far as I know, the current exams are basic, the people who are interested in security can take the exam.

That’s all.

testking 642-524 pdf vce version
testking ccsp 642-514 rapidshare link

Good luck!

Free down:testking 642-524
Free down:pass4sure 642-524

Product 642-524 Description

Exam Number:642-524
Exam Name:Cisco Certified – Securing Networks with ASA Foundation
Market Price:$129.99
Member Price:$99.99
Where can you buy the 642-524 exam online?
We recommend Pass4sure 642-524 Testing Engine which will help you pass the 642-524 exam.

Pass4sure Demo 642-524 Exam Details
Comprehensive questions with complete details about Pass4sure 642-524 exam
Tested by many real exams before publishing
Verified Pass4sure 642-524 Answers Researched by Industry Experts
Pass4sure 642-524 exam questions accompanied by exhibits
Drag and Drop questions as experienced in the Real Pass4sure 642-524 Exams
How to prepare for 642-524 exam?
We designed Pass4sure 642-524 Simulation kit to help you get certified effortlessly. Now you don’t need to spend your time and money searching for Pass4sure 642-524 certification materials, books, etc., Pass4sure 642-524 exam simulation contains everything you need to get certified. Just follow the instructions, focus on the study material and getting certified will be easy.
Free down:pass4sure 642-524
Free down:Testking 642-524