Cisco CCSP Exams » Practice Tests

actualtest 642-384 vce

Cisco — Thu, 09 Sep 2010 08:32:18 +0000

Free 642-384 vce Dumps | Download Cisco 642-384 vce pdf
26 Jun 2010 … VCE file extensions are files that run with the Visual CertExam 642-384 software. This 642-384 software allows users to design, …
www.examcollection.biz/642-384-vce.html – Cached
Download Free passguide 642-384 Dumps | Latest Cisco 642-384 …
8 Aug 2010 … Free 642-384 vce Dumps | Download Cisco 642-384 vce pdf 26 Jun 2010 … Try PassGuide 642-384 demo and see for yourself! …

actualtest 642-384
www.ciscoexams.org/passguide-642-384/ – Cached
Download Free 642-384 Dumps | Latest Cisco 642-384 Certification Exams
15 Apr 2010 … It obtained its leadership and trust of the users from the very beginning of its work on the 642-384 vce training materials market. …
www.ciscoexams.org/642-384/ – Cached
Free 642-384 dumps | Best Cisco 642-384 Practice Tests
5 May 2010 … Examcollection 642-384 VCE examcollection uploads all 642-384 dumps, meanwhile you are able to find direct links,the files ere compressed in …
www.sadikhov.us/642-384.html – Cached
Free 642-374 dumps | Best Cisco 642-374 Practice Tests
20 May 2010 … Request real 642-384(Rational Quality Manager v2.0) test braindumps?, you should choose the latest actualtests 642-384 vce format file,The …
www.sadikhov.us/642-374-2.html – Cached
Free Download Actualtest 642-384 Certification Exam
29 May 2010 … Recommended Cisco Training about 642-384 PDF: The following courses are the recommended training for 642-384 vce exam. 642-384 Q & A with …
www.actualtest.org/cisco/642-384/ – Cached
Download Cisco.CertifyMe.642-383.v2010-03-04.by.Taylor.77q.vce
5 Mar 2010 … Do you have any exam or tesking for dump 642-384….please ? … Files with VCE extension can be opened with Visual CertExam Suite. …
www.examcollection.com/…/Cisco.CertifyMe.642-383.v2010-03-04.by.Taylor.77q.vce.file.html?… – Cached
Free PassGuide Cisco 642-384 exam Braindumps | Download cisco …
5 May 2010 … Actualtests 642-384 vce provides actual test questions and answers, which combines with the original tests, overing 96% of the real paper …
www.braindumps.cc/cisco-642-384-exam.html – Cached
Free Testinside 642-384 exam Download | Testinside Cisco 642-384 …
cisco 642-384 testking free cisco 642-384 vce version cisco 642-384 paper cisco 642-384 testking review cisco 642-384 video training cisco 642-384 latest …
www.testinside.biz/642-384-exam/ – Cached
Free Download PassGuide 642-384 Practice Test Dumps | Latest …
17 Jun 2010 … You will be 100% guaranteed to pass your exam with our unparalleled quality Cisco 642-384 VCE tests. passguide …

000-202 Exam

Cisco — Tue, 27 Apr 2010 05:54:14 +0000

Itcerthome remains one of these most updated websites which is popular all over the world for its manifold characteristics. It keeps excellent information on IT Certifications and provides the current data. It has not only thorough information on every
certification but also provides you your required study material for your targeted certification.
The range of the contents of IBM 000-202 exam tests the skills of the candidate in installing, operating, and solving problems related to troubleshoot in any network system.
On account of the significant topics covered in IBM 000-202 exam, it is necessary on the part of the students to give thorough attention to the study contents of the
certification exam. They should try their best to expand their knowledge on various complexities of the field, so that they should be capable in handling troubleshoot problems
in practical situations.
The IT professionals having certification in IBM 000-202 exam are given serious tasks in medium and large and medium-ranged companies. Any deficiency on their part may cause
problems for their own career. Moreover, IBM 000-202 exam itself requires a thorough study of the IT field. You can achieve success in the exam only if you have fully prepared
yourself for the evaluation.
Itcerthome offers free demo for IBM 000-202 exam . You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

If you prepare for the 000-202 exam using our Itcerthome testing engine, we guarantee your success in the first attempt. If
you do not pass the IBM 000-202 exam on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you
another same value product for free.

Here are some of the basic tips for you to pass this 000-202 exam.
1. Online Study Materials
There are a lot of online materials that are helpful in passing this 000-202 exam. Do a lot of questions to improve yourself and
at the same time preparing for the exam. Make sure that you review all types of questions before sitting for the exam.
2. Additional Study References
You will not be guaranteed with a passing mark if you rely 100% on the theory part. You need to gain extra knowledge by doing
practical work. There are some additional study documents that are useful for you to refer such as Itcerthome’s resoures.
3. Ask the Expert
You can always ask your senior IT experts if you face difficulties while doing your practical work. This will definitely
accelerate your learning capability.
After knowing all these steps, get yourself ready with the 000-202 exam. Remember to plan for your exam few months ahead.

Passguide 642-983 for Cisco certification exam are your ultimate source of success

Cisco — Fri, 16 Apr 2010 05:59:41 +0000

642-983 exam has increased in popularity in recent years. this exam ranks high. At Passguide, you will find the best training materials for 642-983 exam. We are continuously updating the 642-983, be sure to keep checking back for the updates.

Passguide 642-983 for Cisco certification exam are your ultimate source of success. You will find them rich in learning and knowledge, guaranteeing 100% success. The Passguide 642-983 cover all content of Cisco 642-983 exam,therefore, they are able to assure you success in your certification exam. These easily understood questions and answers in PDF make it simple for you to download and utilize. Great faith has been shown to Passguide 642-983 questions and answers by more and more successful candidates.

At Passguide we are committed to you ongoing success. Our exams and questions are constantly being updated and compared to industry standards.

Passguide ’s Cisco 642-983 Study Guide provide comprehensive coverage of Cisco 642-983 Exam Objectives while keeping it all still simple enough for you to understand it easily. Our Cisco 642-983 Study Guide is prepared keeping in mind a beginner and don’t use complex wordings or terms. It is easy to pass your Cisco 642-983 Exam in your first attempt using our Cisco 642-983 Study Guide.

We update our Cisco 642-983 Study Guide as soon as the Exam Objectives change. Our Certified Experts and Professionals prepare this Cisco 642-983 Study Guide for you combining all the knowledge and keeping in view the latest Cisco 642-983 Exam Objectives. Your success is guaranteed in Cisco 642-983 Exam using our Study Guide because you always get the latest and most accurate Cisco 642-983 Study Guide for us. Try our Cisco 642-983 Study Guide today.

642-983 Practice Questions & Answers and 642-983 Practice Testing Software at Passguide is comprehensive and updated regularly as well in line with the latest Cisco 642-983 Exam Objectives and gives you 100% success in 642-983 exam. It doesn’t cost you too much to buy Passguide 642-983 Exam while letting you pass your Cisco 642-983 Certification Exam on your first attempt.

With the help of Passguide, you can pass Cisco 642-983 exam easily!

passguide 642-515 demo

Cisco — Sat, 19 Dec 2009 13:45:04 +0000

QUESTION: 22
Refer to the exhibit. You have been asked to verify the Cisco ASA security appliance interfaces that are used for a web connection from the Internet to a DMZ web server. Based on the Configuration > Device Setup > Interfaces pane that is shown, which two interfaces will a connection traverse when it is coming from the Internet and connecting to the web server with the IP address 172.16.20.10? (Choose two.)

A. GigabitEthernet0/0
B. GigabitEthernet0/1
C. GigabitEthernet0/2.10
D. GigabitEthernet0/2.20
E. GigabitEthernet0/2.30
F. Management0/0

Answer: A, D

QUESTION: 23
Refer to the exhibit. Based on the Configuration > Device Setup > Interfaces pane that is shown, what is the model number of this Cisco ASA security appliance?
***Exhibit Missing***

A. Cisco ASA 5505 Adaptive Security Appliance
B. Cisco ASA 5510 Adaptive Security Appliance
C. Cisco ASA 5520 Adaptive Security Appliance
D. Cisco ASA 5540 Adaptive Security Appliance
E. Cisco ASA 5550 Adaptive Security Appliance F. Cisco ASA 5580 Adaptive Security Appliance

Answer: A

QUESTION: 24
Refer to the exhibit. You are reviewing the configuration of the clientssl SSL VPN connection profile, which was created by a junior administrator. In the clientssl profile, which authentication method is configured?

A. The Cisco ASA security appliance requires AAA authenticate to the external AAA server
LOCAL if the remote user does not have an identity certificate for authentication.
B. The Cisco ASA security appliance accepts an identity certificate or a username and password for authentication of remote users, but not both.
C. The Cisco ASA security appliance requires a username and password if the remote user does not have an identity certificate for authentication.
D. The Cisco ASA security appliance requires both an identity certificate and username and password for authentication of remote users.

Answer: D

QUESTION: 25
You are the administrator of a Cisco ASA security appliance. Your management has asked you to configure the Cisco ASA security appliance, using Modular Policy Framework to block executables with the .exe file extension from being downloaded. Which regular expression must you create to match the .exe file extension?
A. .*\.[Ee][Xx][Ee.
B. .*.[Ee][Xx][Ee]
C. .+\.[Ee][Xx][Ee]
D. *.exe
E. +.exe
F. .+.[Ee][Xx][Ee]

Answer: C

QUESTION: 26
Which of these commands causes the Cisco CSC-SSM to load a new software image from a remote TFTP server, via the CLI?

A. hw module 1 recover boot
B. hw module 1 recover config
C. hw module 1 recover reload
D. copy tftp hardware:module1

Answer: A

QUESTION: 27
Refer to the exhibit. The HTTP inspection map named MY_HTTP_MAP is applied to the outside interface of the security appliance. As a result of this configuration, which action does the security appliance take on HTTP traffic entering its outside interface? NOTE: The CLI version of this configuration is provided here.
regex URL_ABC “.+abc\.com” regex URL_DEF “.+def\.com” regex URL_XYZ “.+xyz\.com”
. . .
class-map OUTSIDE_CLASS
match any
class-map type regex match-any URLs match regex URL_ABC
match regex URL_XYZ
class-map type inspect http match-all
RESTRICTED_HTTP
match request body length gt 1000 match not request uri regex class URLs
. . .
policy-map type inspect http MY_HTTP_MAP
parameters
protocol-violation action drop-connection class RESTRICTED_HTTP
drop-connection
policy-map OUTSIDE_POLICY class OUTSIDE_CLASS inspect http MY_HTTP_MAP
. . .
service-policy OUTSIDE_POLICY interface outside

A. Drops any HTTP packet that is destined for def.com and has a header length greater than
1000 bytes
B. Drops any HTTP packet destined for abc.com that has a header length greater than 1000 bytes
C. Drops any HTTP request for xyz.com that has a body length greater than 1000 bytes
D. Drops any HTTP request for def.com that has a body length greater than 1000 bytes
E. Drops any HTTP packet that is destined for abc.com or has a body length greater than 1000 bytes
F. Drops any HTTP request that is destined for xyz.com or has a header length greater than
1000 bytes

Answer: D

QUESTION: 28
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance with a Cisco ASA CSC-SSM. You have upgraded the CSC-SSM with a new version of software. When the upgrade has finished, you issue the show module 1 detail command; the results of the command are shown in the exhibit. Why does the command output show that the status of the CSC-SSM is “Up” when it is not activated?

A. The software upgrade image has failed to load properly.
B. The software upgrade image is not the correct software image for the CSC-SSM.
C. The software upgrade image loaded successfully but the CSC-SSM has not had its license applied.
D. The CSC-SSM cannot communicate with the network and therefore cannot apply its configuration to network traffic.
E. The CSC-SSM is in the administrative down state and is waiting to be changed to the administrative up state.

Answer: C

QUESTION: 29
Refer to the exhibit. You installed a digital certificate for a Cisco VPN Client on a laptop for a user. Which reason explains why the certificate is in an “invalid:not active” state?

A. The user has not attempted a VPN connection to the Cisco ASA security appliance.
B. The time on the CA server and the time on the laptop are out of sync.
C. The user has not clicked the Verify button within the Cisco VPN Client.
D. The certificate passphrase must be sent to the CA for validation.
E. The certificate number of “0″ indicates that the certificate has expired.

Answer: B

QUESTION: 30
Refer to the exhibit. You are the administrator of a new Cisco ASA security appliance with a Cisco ASA CSC-SSM. You are using the CSC Setup Wizard from within Cisco ASDM to configure the CSC-SSM for traffic selection. During the configuration of traffic selection, the CSC Setup Wizard asks If CSC card fails and provides two options. What will each of these options do if chosen? (Choose two.)

A. The Permit option allows traffic that is configured for CSC inspection to continue through the Cisco ASA security appliance, if the CSC card fails.
B. The Close option allows traffic that is configured for CSC inspection to bypass the CSC if the CSC card fails.
C. The Permit option allows the Cisco ASA security appliance to apply the CSC inspection configuration through the Cisco Modular Policy Framework, even if the CSC card fails.
D. The Close option does not allow traffic that is configured for CSC inspection to continue when the CSC card fails.
E. The Permit option allows traffic to continue to flow to the CSC for inspection, even when a hardware failure has been detected.
F. The Close option does not allow any traffic that is traversing the Cisco ASA security appliance to continue when the CSC card fails.

Answer: A, D

QUESTION: 31
Which three types of encapsulation does the Cisco ASA security appliance support for IPsec
NAT transparency? (Choose three.)
A. L2TP over IPsec
B. IPsec over GRE
C. IPsec over TCP
D. IPsec over UDP
E. IPsec over PPTP
F. NAT-T

Answer: C, D, F

QUESTION: 32
Refer to the exhibit. The HTTP inspection map named HTTP_POLICY is applied to the partnernet interface of the security appliance. Which of these actions does the security appliance take as a result of its configuration for HTTP traffic that enters its partnernet interface?

A. Drops and logs HTTP request messages for which the request method is put or the request header host field contains either the string example1.com or the string example2.com
B. Drops and logs HTTP request messages for which the request method is put and the request header host field contains either the string example1.com or the string example2.com C. Drops and logs HTTP request messages for which the request method is put and the request header host field contains the strings example1.com and example2.com
D. Drops and logs HTTP request messages for which the request method is put or the request header host field contains the strings example1.com and example2.com
E. Drops HTTP request messages for which the request method is put, and logs HTTP request messages for which the request header host field contains either the string example1.com or the string example2.com
F. Logs HTTP request messages for which the request method is put, and drops HTTP request messages for which the request header host field contains either the string example1.com or the string example2.com

Answer: B

QUESTION: 33
A recent network upgrade at a branch office has changed the network topology of the branch, and the site-to-site VPN tunnel that runs between the branch and the corporate office has been reconfigured to perform Reverse Route Injection to accommodate the recent change. You are running OSPF between the corporate Cisco ASA security appliance and routers on the internal network. Assuming that the VPN configuration is correct, which step do you need to perform on the corporate Cisco ASA security appliance to ensure that these new routes are visible to internal routers that are running OSPF?
A. Reverse Route Injection requires that you configure a new OSPF process that will add these routes to the Cisco ASA security appliance routing table.
B. Reverse route injection requires that you add a static route for each branch-office network to the Cisco ASA security appliance routing table.
C. Reverse Route Injection uses static routes, so you must configure OSPF to redistribute the static routes.
D. Reverse Route Injection uses RIP, so you must add a RIP process and redistribute the learned RIP routes into OSPF.
E. Reverse Route Injection uses EIGRP, so you must add an EIGRP process and redistribute the learned EIGRP routes into OSPF.

Answer: C

QUESTION: 34
Using a valid identity certificate from her certificate authority, an administrator of a Cisco ASA security appliance has used the IPsec VPN Wizard to create the necessary configuration for remote-access VPN tunnels. When she tests the remote-access VPN, the VPN tunnel does not come up. Assuming that the remote-access VPN configuration created by the wizard is correct and that valid certificates are being used by the Cisco ASA security appliance and Cisco VPN Client, which corrective action must be configured or corrected for the VPN tunnel to come up properly?
A. The IKE phase one configuration is not part of the IPsec VPN Wizard configuration and must be configured.
B. The IKE phase two configuration is not part of the IPsec VPN Wizard configuration and must be configured.
C. The crypto ACL configuration is not part of the IPsec VPN Wizard configuration and must be configured.
D. The mapping of digital certificates to connection profile is not part of the IPsec VPN Wizard configuration and must be configured.
E. NAT-Transparency configuration is not part of the IPsec VPN Wizard configuration and must be configured.

Answer: D

QUESTION: 35
You are configuring a Cisco ASA 5520 Adaptive Security Appliance as a Easy VPN hardware client. But from within Cisco ASDM, you cannot find the Easy VPN Remote configuration option within the Remote Access VPN menu. Why would you not be able to find this configuration option within Cisco ASDM on the ASA 5520 Adaptive Security Appliance?
A. The version of Cisco ASDM software loaded on the Cisco ASA security appliance does not support the Easy VPN feature.
B. The version of Cisco ASDM software loaded on the Cisco ASA security appliance is corrupt.
C. Only the Cisco ASA 5505 Adaptive Security Appliance can be a Easy VPN hardware client.
D. The Easy VPN feature with the BIOS of the ASA 5520 Adaptive Security Appliance was not enabled.

Answer: C

QUESTION: 36
Refer to the exhibit. You have been tasked to configure your Cisco ASA security appliance for port forwarding access to the internal e-mail server that is running POP3 (TCP port 110) and SMTP (TCP port 25). Which two configurations of the port forwarding list will allow remote users to access the internal email server through port forwarding? (Choose two.)

Answer: Pending

QUESTION: 37
You have configured Cisco Secure Desktop on your Cisco ASA security appliance. You need to configure Cisco Secure Desktop to perform Host Scan checks on the remote endpoint. Which three available Basic Host Scan checks can you configure? (Choose three.)
A. Registry
B. User rights
C. File
D. Groups E. Process F. Shares

Answer: A, C, E

QUESTION: 38
As the administrator of a Cisco ASA security appliance, you have been tasked to configure SSL VPNs to require digital certificates. Which four configuration options are available on the Cisco ASA security appliance for digital certificate management for SSL VPNs ? (Choose four.)
A. The Cisco ASA security appliance can be configured to have a local CA that is subordinate to an external CA.
B. The subordinate local CA on the Cisco ASA security appliance can issue certificates to users who require a certificate for their SSL VPN connections.
C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections.
D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA.
E. The Cisco ASA security appliance can be configured as a standalone local CA.
F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections.
G. An external CA must be used for SSL VPN users who require certificates for their SSL VPN connections.
H. The Cisco ASA security appliance must be configured to retrieve its identity certificate from an external CA.

Answer: C, D, E, F

QUESTION: 39
Which two types of digital certificate enrollment processes are available for the Cisco ASA
security appliance? (Choose two.)
A. LDAP
B. FTP
C. HTTP
D. SCEP
E. Manual
F. TFTP

Answer: D, E

QUESTION: 40
With Cisco ASA Adaptive Security Appliance Software Version 7.x and later, which IPsec standard is not supported on the Cisco ASA security appliance?
A. SHA-1
B. DES C. MD5
D. ESP E. AH F. AES

Answer: E

QUESTION: 41
Refer to the exhibit. You have configured Telnet port forwarding to a specific server on the clientless SSL VPN portal. A clientless SSL VPN user has called to complain that after she starts the application helper, her attempts to establish a Telnet connection to 10.0.4.3 time out. Assuming that the clientless SSL VPN configuration is correct, which type of Telnet connection would you have the end user make?

A. To 10.0.4.3 on TCP port 2300
B. To 10.0.4.3 on TCP port 23
C. To 127.0.0.1 on TCP port 23
D. To 127.0.0.1 on TCP port 2300

Answer: D

QUESTION: 42
Refer to the exhibit. You are configuring a DAP for SSL VPN connections to your Cisco ASA security appliance. You add an Endpoint Attribute Type of “File” and select the Endpoint ID of “10,” based on the configuration that is shown. Within which area of the Cisco ASA security appliance configuration is this endpoint attribute defined?

A. DAP policy
B. SSL VPN group policy
C. SSL VPN connection profile
D. user-specific policy
E. Cisco Secure Desktop

Answer: E

[offer] latest p4s 642-533 pdf Format

Cisco — Sat, 19 Dec 2009 13:28:38 +0000

[offer] latest p4s 642-533 pdf Format
To download 642-533 in pdf format please follow below link

http://www.megaupload.com/?d=Q2PMSL92

Product Description Exam Number/Code: 642-533
Exam Number/Code: 642-533
Exam Name:Implementing Cisco Intrusion Prevention System (IPS)
“Implementing Cisco Intrusion Prevention System (IPS)”, also known as 642-533 exam, is a Cisco certification.With the complete collection of questions and answers, Pass4sure has assembled to take you through 118 Q&As to your 642-533 Exam preparation. In the 642-533 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
[OFFER] 642-533 latest P4S v 4.18 w/ 118q
Hey Guys,

Here is the latest IPS 642-533 P4S that I know that many people were after, including me! Its the real deal with 118q because I had to go and buy it – I just ask for a bit of ‘quid pro quo’ if possible guys, if anyone has the latest P4S SNRS 642-504 version could you please share it so I can keep my costs down!

I’ve put in powerpoint format and it looks fine on testing.

Enjoy and good luck!!

http://www.4shared.com/file/121273953/213ef41f/P4S-642533-v4-18.html

[Offer]SNAF 642-524 Study Material

Cisco — Sat, 19 Dec 2009 13:24:25 +0000

SNAF Quick Refrence
Code:

http://rapidshare.com/files/187394780/SNAF.pdf

P4$ 642-524
Code:

http://rapidshare.com/files/187386181/4P_642-524.zip

passguide ccsp 642-515 test questions

Cisco — Sat, 19 Dec 2009 13:10:29 +0000

Questions and Answers : 91 Q&AsLatest Update: December-14th 2009Price: $125.99 $69.99
Product Description

Exam Number/Code: 642-515
Exam Name: Securing Networks with ASA Advanced
For candidates making preparation for the Cisco 642-515 exam, what they most desire is to easily pass the 642-515 (Securing Networks with ASA Advanced) exam. PassGuide 642-515 includes 91 questions and answers, which are collected and collated by experts of Cisco. With our 642-515 study materials, you can successfully take Cisco certification of 642-515 exam and go further on Cisco career path.
Free 642-515 Demo
Download Demo of Cisco 642-515 exam for free (in PDF format ) before you decide to purchase it. Thus,you can know better about the quality of our practice exam and then make your right decision.
Cisco 642-515

Securing Networks with ASA Advanced

Q&A V3.20

www.PassGuide.com

Study Tips

This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.

Go through the entire document at least twice so that you make sure that you are not
missing anything.

Latest Version

We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 120 days after the purchase. You should check your
member zone at PassGuide an update 3-4 days before the scheduled exam date.

Feedback

If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.

Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————

A. 0
B. 1
C. 10
D. 100

Answer: C

QUESTION: 2
Refer to the exhibit. You are the administrator of multiple remote Cisco ASA security appliances, which are administered through Cisco ASDM. You recently configured one of these Cisco ASA security appliances for SSL VPNs and are requiring a client certificate, as shown. How would this configuration affect your next ASDM connection to this Cisco ASA security appliance?

A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
C. You would be required to download the identity certificate of the remote Cisco ASA security appliance.
D. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.

Answer: D

QUESTION: 3
Refer to the exhibit. You are the administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You have been tasked to deploy the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic that is to be passed to the AIP-SSM. On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)

A. Inside interface
B. Dmz interface
C. Internet interface
D. Globally on all interfaces
E. Outside interface

Answer: B, E

QUESTION: 4
Refer to the exhibit. You are configuring the Cisco ASA security appliance as the hub in a hub- and-spoke site-to-site VPN. Which of these configurations will enable traffic to flow between spokes?

A.
B.

Answer: D

QUESTION: 5
Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?

A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
C. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
D. Yes, because the log action for headers greater than 200 bytes would be the last match.

Answer: A

QUESTION: 6
Refer to the exhibit. The network security administrator for XYZ Corporation wants to configure the corporate Cisco ASA security appliance to take the following actions on its outside interface:
–rate limit all IP traffic from telecommuting system engineers to the insidehost
–drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes

–prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server Which set of Modular Policy Framework components will be involved in accomplishing this goal?

A. One Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer ¾
policy map
B. One Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
C. Two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
D. Three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map

Answer: A

QUESTION: 7
Refer to the exhibit. You have configured a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. During the configuration, you defined a list of backup servers for the security appliance to use. After a few hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?

A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
B. The group policy that was configured on the primary VPN server was pushed to your Easy
VPN client and overwrote the list of backup servers that you had configured.
C. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured. D. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.

Answer: B

QUESTION: 8
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance that is configured with a local CA. Based on the exhibit, for which purpose would the user student1 use this password?

A. Authentication to the SSL VPN server
B. Retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
C. Retrieval of the Cisco ASA security appliance identity certificate
D. The initial authentication to the SSL VPN server

Answer: B

QUESTION: 9
Refer to the exhibit. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session will trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often referred to as TCP-over-TCP meltdown. Based on the Cisco ASDM configuration that is shown, which Cisco ASA security appliance configuration will help alleviate this problem?

A. Keepalive Messages
B. Compression
C. MTU size of 500
D. Datagram TLS

Answer: D

QUESTION: 10
Refer to the exhibit. You have been tasked with configuring your Cisco ASA security appliance for EIGRP routing. Based on the information that is provided in the exhibit, which two Cisco ASDM configurations will add these networks to the configuration of EIGRP?

Answer: A

QUESTION: 11
Which two of these choices are types of queues available on the Cisco ASA security appliance when implementing QoS? (Choose two.)
A. Weighted fair queue
B. Last in first out queue
C. Policing queue
D. Low latency queue
E. Custom queue
F. Best effort queue
G. Round robin queue

Answer: D, F

QUESTION: 12
Refer to the exhibit. The FTP inspection map named L7FTPPOLICY is applied to the outside interface of the security appliance. As a result of this configuration, which of the following actions does the security appliance take on FTP traffic entering its outside interface?

A. Resets and logs connections from any user who attempts to retrieve files via FTP; resets connections from xyz.com users who attempt to deliver files via FTP
B. Resets connections from abc.com and xyz.com users when they attempt to retrieve files via
FTP; logs any user connections that attempt to deliver files via FTP
C. Resets and logs connections from abc.com users when they attempt to retrieve files via FTP; resets all FTP connections from xyz.com users; resets any user connections that attempt to deliver files via FTP
D. Resets and logs connections from abc.com users only when they attempt to retrieve files via FTP: resets connections from xyz.com users only when they attempt to deliver files via FTP

Answer: C

QUESTION: 13
Which two internal channels are used for communication between the Cisco ASA AIP-SSM
and the Cisco ASA security appliance? (Choose two.)
A. Session channel
B. Command channel
C. Inline channel
D. Promiscuous channel
E. Control channel
F. Data channel

Answer: E, F

QUESTION: 14
Refer to the exhibit. An administrator is editing user-specific policy. The administrator has configured a group policy for Sales to use the IP address pool that is defined by the pool VPNPOOL and to allow as many as three simultaneous logins. Based on the exhibit, when this user connects, what will be the IP address assigned to the connection and what will be the number of simultaneous logins allowed for this user? (Choose two.)

A. The user will receive an IP address from the VPNPOOL.
B. The user will be allowed to make only one connection.
C. The user will be allowed to make connections up to the limit that is defined in the default group policy.
D. The user will be assigned the IP address from the user-specific policy.
E. The user will be allowed to make as many as three simultaneous connections.
F. The user will receive an IP address from the address pool that is defined in the default group policy.

Answer: B, D

QUESTION: 15
Which three Cisco Modular Policy Framework features are bidirectional? (Choose three.)
A. AIP policy
B. QoS input policing
C. CSC policy
D. QoS priority queue
E. Application inspection
F. QoS output policing

Answer: A, C, E

QUESTION: 16
You have been tasked to configure your Cisco ASA security appliance for multiple VLANs that use one physical interface. You must make sure that the switch in which the physical Cisco ASA security appliance interface is connected has been configured for the appropriate VLAN tagging protocol. Which VLAN tagging protocol will the Cisco ASA security appliance use to communicate with this switch?
A. IEEE 802.1X
B. IEEE 802.1Q
C. IEEE 802.1AE
D. ISL
E. IEEE 802.3

Answer: B

QUESTION: 17
Refer to the exhibit. If a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool would the Cisco ASA security appliance use for the NAT?

A. 192.168.8.101 – 192.168.8.105
B. 192.168.8.106 – 192.168.8.110
C. 192.168.8.20 – 192.168.8.110
D. 192.168.8.20 – 192.168.8.100

Answer: D

QUESTION: 18
You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?
A. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.
B. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
C. The tunnel group and DSCP traffic matching criteria were configured within the Service
Policy Rule Wizard.
D. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.

Answer: A

QUESTION: 19
What are the three main components of Cisco Modular Policy Framework? (Choose three.)
A. Security policy
B. Policy map
C. Security map
D. Route map
E. Class map
F. Interface map
G.Traffic policy
H. Service policy

Answer: B, E, H

QUESTION: 20
When configuring port forwarding for a clientless SSL VPN connection, which end user privilege level is required at the endpoint if port forwarding is to work?
A. Guest level
B. Administrator level
C. System level
D. User level

Answer: B

passguide cisco ccsp 642-504 pdf

Cisco — Sat, 19 Dec 2009 13:08:05 +0000

Cisco 642-524

Securing Networks with ASA Foundation

Q&A V3.21

www.PassGuide.com

Important Note
Please Read Carefully

Study Tips

This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.

Go through the entire document at least twice so that you make sure that you are not
missing anything.

Latest Version

Feedback

Each pdf file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular pdf file is
being distributed by you, CertBible reserves the right to take legal action against you
according to the International Copyright Laws.
1.Tom works as a network administrator for the PG company. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status. Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?A.failover resetB.failover primary activeC.failover activeD.failover exec standby
Answer:C
2.For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?A.dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZB.dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZC.dhcpd range 10.0.1.100-10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZD.dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer:A
3.Look at the following exhibit carefully, which one of the four diagrams displays a correctly configured network for a transparent firewall?A.1B.2C.3D.4
Answer:D
4.What is the effect of the per-user-override option when applied to the access-group command syntax?A.The log option in the per-user access list overrides existing interface log options.B.It allows for extended authentication on a per-user basis.C.It allows downloadable user access lists to override the access list applied to the interface.D.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
Answer:C
5.John works as a network administrator for the PG company. According to the exhibit, the only traffic that John would like to allow through the corporate Cisco ASA adaptive security appliance is inbound HTTP to the DMZ network and all traffic from the inside network to the outside network. John also has configured the Cisco ASA adaptive security appliance, and access through it is now working as expected with one exception: contractors working on the DMZ servers have been surfing the Internet from the DMZ servers, which (unlike other Company XYZ hosts) are using public, routable IP addresses. Neither NAT statements nor access lists have been configured for the DMZ interface. What is the reason that the contractors are able to surf the Internet from the DMZ servers? (Note: The 192.168.X.X IP addresses are used to represent routable public IP addresses even though the 192.168.1.0 network is not actually a public routable network.)A.An access list on the outside interface permits this traffic.B.NAT control is not enabled.C.The DMZ servers are using the same global pool of addresses that is being used by the inside hosts.D.HTTP inspection is not enabled.
Answer:B
6.In order to recover the Cisco ASA password, which operation mode should you enter?A.configureB.unprivilegedC.privilegedD.monitor
Answer:D
7.Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)A.For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.B.If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.C.The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.D.If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Answer:B C D
8.Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?A.show ip nat allB.show running-configuration natC.show xlateD.show nat translation
Answer:C
9.Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)A.It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.B.It supports SIP with NAT but not with PAT.C.It supports multimedia with or without NAT.D.It supports RTSP, H.323, Skinny, and CTIQBE.
Answer:A C D
10.What is the result if the WebVPN url-entry parameter is disabled?A.The end user is unable to access pre-defined URLs.B.The end user is unable to access any CIFS shares or URLs.C.The end user is able to access CIFS shares but not URLs.D.The end user is able to access pre-defined URLs.
Answer:D
11.You work as a network engineer at Pass4sure.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network attempts to use FTP to download a file from InsideHost,which resides on the inside interface of the security appliance.What does the security appliance do with the traffic from the partnernet host?A.Sends it to the Cisco ASA Advanced Inspection and Prevention(AIP)-Security Services Module(SSM)for inspection before forwarding it to its destinationB.Sends it to the Cisco ASA 5500 Series Content Security and Control(CSC)SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:D
12.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. Which traffic does the security appliance inspect globally(regardless of the interface on which the traffic enters the security appliance)?(Choose 3)A.HTTPB.DNSC.GTPD.H.323 H.225
Answer:A B D
13.You work as a network engineer at PassGuidecom, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network makes a VoIP call to 172.20.1.15,which is statically mapped to an IP phone on the inside network.What does the security appliance do with the VoIP traffic between host 172.20.1.15 and the host on the partnernet network?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destination unless the connection limit is already metD.Applies low latency queuing as it exits the partnernet interface
Answer:D
14.You work as a network engineer at PaGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the outside network sends e-mail to the public e-mail server.What does the security appliance do with the traffic from the outside host?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:A
15.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the partnernet network attempts to access the public web server via HTTP.What does the security appliance do with traffic from the partnernet?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Forwards it directly to its destination unless the connection limit is already met
Answer:C
16.You work as a network engineer at PassGuide.com, you are asked to examine the current Modular Policy Framework configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manager (ASDM) utility. You need to answer the multiple-choice questions in this simulation by use of the appropriate Cisco ASDM configuration screens. A host on the outside network makes a VoIP call to a host on the inside network.What does the security appliance do with the traffic from the host on the outside network?A.Sends it to the AIP-SSM for inspection before forwarding it to its destinationB.Sends it to the CSC-SSM for inspection before forwarding it to its destinationC.Forwards it directly to its destinationD.Drops it
Answer:D
17.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose three.)A.IPsec over TCPB.IPsec over UDPC.ESPD.AH
Answer:A B C
18.Which two options are correct about the impacts of this configuration? (Choose two.) class-map INBOUND_HTTP_TRAFFIC
match access-list TOINSIDEHOST
class-map OUTBOUND_HTTP_TRAFFIC
match access-list TOOUTSIDEHOST
policy-map MYPOLICY
class INBOUND_HTTP_TRAFFIC
inspect http
set connection conn-max 100
policy-map MYOTHERPOLICY
class OUTBOUND_HTTP_TRAFFIC
inspect http
service-policy MYOTHERPOLICY interface inside
service-policy MYPOLICY interface outsideA.Traffic that matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.B.Traffic that enters the security appliance through the inside interface is subject to HTTP inspection.C.Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.D.Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection.
Answer:C D
19.Take the following configuration shown in the exhibit carefully, what traffic will be logged to the AAA server?A.Only authenticated and authorized console connection information will be logged in the accounting database.B.All outbound TCP connection information will be logged in the accounting database.C.No information will be logged. This is not a valid configuration because TACACS+ connection information cannot be captured and logged.D.All connection information will be logged in the accounting database.
Answer:B
20.What are the two purposes of the same-security-traffic permit intra-interface command? (Choose two.)A.It allows all of the VPN spokes in a hub-and-spoke configuration to be terminated on a single interface.B.It enables Dynamic Multipoint VPN.C.It permits communication in and out of the same interface when the traffic is IPSec protected.D.It allows communication between different interfaces that have the same security level
Answer:A C
21.How many unique transforms will included in a single transform set while configuring a crypto ipsec transform-set command?A.threeB.twoC.fourD.one
Answer:B
22.Study the following exhibit carefully, the Cisco ASA adaptive security appliance is using software version 8.0 with the default configuration. Configure the interfaces displayed in the exhibit with the security levels that are shown, and enable the interfaces. Management-only mode is disabled on m0/0. Which two statements correctly describe these interfaces? (Choose two.)A.Interface m0/0 can access interface g0/2, but interface g0/2 cannot access interface m0/0 unless it is given permission.B.Interface g0/1 can access interface m0/0, and interface m0/0 can access interface g0/1.C.Interface g0/1 cannot access interface m0/0 unless it is given permission, and interface m0/0 cannot access interface g0/1 unless it is given permission.D.No traffic can flow between the g0/2 and g0/3 interfaces.
Answer:A D
23.John works as a network administrator , according to the following exhibit. Descriptions are added to class maps for each part of the modular policy framework. Which text should John add to the description command to describe the TO_SERVER class map?
PG-asa1(config)#access-list UDP permit udp any any
PG-asa1(config)#access-list TCP permit tcp any any
PG-asa1(config)#access-list PUBLIC_WEB permit ip any 10.10.10.100 255.255.255.255 PG-asa1(config)#class-map ALL_VDP
PG-asa1(config-cmap)#description “This class-map matches all UDP traffic”
PG-asa1(config-cmap)#match access-list VDP
PG-asa1(config-cmap)#class-map ALL_TCP
PG-asa1(config-cmap)#description “This class-map matches all TCP traffic”
PG-asa1(config-cmap)#match access-list TCP
PG-asa1(config-cmap)#class-map ALL_WEB_SERVER
PG-asa1(config-cmap)#description “This class-map matches all HTTP traffic”
PG-asa1(config-cmap)#match port tcp eq http
PG-asa1(config-cmap)#class-map TO_SERVER
PG-asa1(config-cmap)#match access-list PUBLIC_WEBA.description “This class-map matches all TCP traffic for the public web server.”B.description “This class-map matches all HTTP traffic for the public web server.”C.description “This class-map matches all HTTPS traffic for the public web server.”D.description “This class-map matches all IP traffic for the public web server.”
Answer:D
24.What is the reason that you want to configure VLANs on a security appliance interface?A.for use in conjunction with device-level failover to increase the reliability of your security applianceB.for use in transparent firewall mode, where only VLAN interfaces are usedC.to increase the number of interfaces available to the network without adding additional physical interfaces or security appliancesD.for use in multiple context mode, where you can map only VLAN interfaces to contexts
Answer:C
25.By default, the AIP-SSM IPS software is accessible from the management port at IP address 10.1.9.201/24. Which CLI command should an administrator use to change the default AIP-SSM management port IP address?A.interfaceB.hw module 1 recoverC.setupD.hw module 1 setup
Answer:C
26.Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?A.show ipsec saB.show crypto mapC.show run ipsec saD.show run crypto map
Answer:D
27.Which three potential groups are of users for WebVPN? (Choose three.)A.employees accessing specific internal applications from desktops and laptops not managed by ITB.administrators who need to manage servers and networking equipmentC.employees that only need occasional corporate access to a few applicationsD.users of a customer service kiosk placed in a retail store
Answer:A C D
28.Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)A.BGP dynamic routingB.802.1Q VLANsC.OSPF dynamic routingD.static routes
Answer:B C D
29.Which one of the following commands will prevent all SIP INVITE packets, such as calling-party and request-method, from specific SIP endpoints?A.Use the match calling-party command in a class map. Apply the class map to a policy map that contains the match request-methods command.B.Group the match commands in a SIP inspection class map.C.Use the match request-methods command in an inspection class map. Apply the inspection class map to an inspection policy map that contains the match calling-party command.D.Group the match commands in a SIP inspection policy map.
Answer:B
30.Which two statements are true about multiple context mode? (Choose two.)A.Multiple context mode does not support IPS, IPsec, and SSL VPNs, or dynamic routing protocols.B.Multiple context mode enables you to create multiple independent virtual firewalls with their own security policies and interfaces.C.Multiple context mode enables you to add to the security appliance a hardware module that supports up to four independent virtual firewalls.D.When you convert from single mode to multiple mode, the security appliance automatically adds an entry for the admin context to the system configuration with the name “admin.”
Answer:B D
31.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?A.Use the vlan command on the main interface.B.Use the shutdown command on the main interfaceC.Omit the nameif command on the subinterfaceD.Omit the nameif command on the main interface.
Answer:D
32.For creating and configuring a security context, which three tasks are mandatory? (Choose three.)A.allocating interfaces to the contextB.assigning MAC addresses to context interfacesC.creating a context nameD.specifying the location of the context startup configuration
Answer:A C D
33.Study the exhibit carefully. Which two types of failover is this adaptive security appliance configured for? (Choose two.)
PG-asa1# show failover Failover On Cable status:
N/A-LAN-based failover enabled Failover unit Primary Failover LAN Interface:
Ianfail GigabitEthernet0/2 (up) Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 4 of 250 maximum Group 1 last failover at:
15:54:49 UTC Sept 17 2006 Group 2 last failover at:
15:55:00 UTC Sept 17 2006A.stateful failoverB.LAN-based failoverC.cable-based failoverD.Active/Active failover
Answer:B D
34.Which two descriptions are correct about configuring passive RIP on the security appliance based on the following exhibit? (Choose two.)A.You must specify a classful network IP address to define a network for the RIP routing process.B.If you enable passive RIP, all interfaces must operate in passive mode.C.There is no limit to the number of networks you can specify for the RIP routing process.D.Enabling passive RIP mode causes the security appliance to receive all RIP routing updates but send only a default route to neighboring routers.
Answer:A C
35.Which of these identifies basic settings for the security appliance, including a list of contexts?A.network configurationB.admin configurationC.system configurationD.primary configuration
Answer:C
36.Study the exhibit carefully. The security policy for PG Corporation allows only the following traffic through the corporate adaptive security appliance: –outbound NTP traffic from the inside network to any outside destination –FTP traffic from the inside network to the FTP server on the DMZ –outbound HTTP traffic from the inside network to any outside destination –FTP traffic from the outside 192.168.6.0/24 network to the FTP server on the DMZ –any HTTP traffic from the outside to the web server on the DMZ The network administrator configured access rules according to the security policy requirements but made two mistakes. Which are two mistakes? (Choose two.)A.missing ACEB.incorrect destination addressC.missing ACLD.incorrect order of ACLs
Answer:B D
37.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?A.set connectionB.natC.staticD.HTTP-map
Answer:D
38.Which option correctly describes the order to upgrade the license (activation key) for your security appliance from Cisco ASDM?A.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears on the chassis of the security appliance.
Step 2 Reboot the security appliance to ensure that the image in flash and the running image are the same.
Step 3 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with no spaces.
Step 4 Click Update Activation Key in the Activation Key panel.
Step 5 Reload the security appliance to activate the flash activation key.B.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears in the show version command output. Step 2 Reboot the security appliance to ensure that the image in flash and the running image are the same.
Step 3 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with one space between each element.
Step 4 Click Update Activation Key in the Activation Key panel.
Step 5 Reload the security appliance to activate the flash activation key.C.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears in the show version command output. Step 2 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a three- or four-element hexadecimal string with one space between each element.
Step 3 Click Update Activation Key in the Activation Key panel.
Step 4 Click Save in the Cisco ASDM toolbar.D.Step 1 Obtain an activation key from http://www.cisco.com/go/license by providing the serial number for the security appliance as it appears on the chassis of the security appliance.
Step 2 Go to Configuration > Device Management > System Image/Configuration > Activation Key in Cisco ASDM and enter the activation key as a four- or five-element hexadecimal string with no spaces.
Step 3 Click Update Activation Key in the Activation Key panel.
Step 4 Click Save in the Cisco ASDM toolbar.
Answer:B
39.You are a network administrator for the PG company. After the primary adaptive security appliance failed, the secondary adaptive security appliance was automatically activated. You fixed the problem. Now you would like to restore the primary to “active” status. When issued on the primary adaptive security appliance, which command would reactivate the primary adaptive security appliance and return it to “active” status?A.failover secondary standby group 1B.failover primary activeC.failover active group 1D.failover secondary group 1
Answer:C
40.Which two scenarios correctly describe the impact of the configuration shown in the exhibit? (Choose two.)A.User addison enters the login command at the > prompt and logs in with the correct username and password when prompted. User addison can then enter the global configuration mode on the security appliance.B.User carter enters the enable command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode.C.User carter enters the login command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode on the security appliance.D.User kenny enters the enable command at the > prompt and logs in with the correct username and password when prompted. User kenny can then enter the global configuration mode.
Answer:A D
41.While configuring a crypto map, which command will be used to specify the peer to which IPsec-protected traffic could be forwarded?A.crypto-map policy 10 set 192.168.7.2B.crypto map set peer 192.168.7.2C.crypto map 20 set-peer insidehostD.crypto map peer7 10 set peer 192.168.7.2
Answer:D

passguide ccsp 642-524 pdf demo

Cisco — Sat, 19 Dec 2009 13:05:02 +0000

Cisco 642-524

Securing Networks with ASA Foundation

Q&A V3.21

www.PassGuide.com

Important Note
Please Read Carefully

Study Tips

This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.

Go through the entire document at least twice so that you make sure that you are not
missing anything.

Latest Version

Feedback

Actualtest cisco ccsp 642-545

Cisco — Mon, 15 Dec 2008 12:43:51 +0000

CCSP 642-545 Simulation
Actualtests 642-545 Exam will provide you with exam simulation questions and actual answers that reflect the actual exam. These Actualtests 642-545 simulation questions and answers provide you with the experience of taking the actual test. Actualtests 642-545 Exam is not just simulation questions and answers. They are your access to high technical expertise and accelerated learning capacity. Actualtests 642-545 questions have detailed explanations for every answer and thus ensures that you fully understand the questions and the concept behind the questions.

Product 642-545 Description

Exam Number:642-545
Exam Name:Implementing Cisco Security Monitoring, Analysis and Response System : 642-545 Exam
Market Price:$129.99
Member Price:$99.99
Where can you buy the 642-545 exam online?
We recommend Pass4sure 642-545 Testing Engine which will help you pass the 642-545 exam.

Actualtests Demo 642-545 Exam Details
Comprehensive questions with complete details about Actualtests 642-545 exam
Tested by many real exams before publishing
Verified Actualtests 642-545 Answers Researched by Industry Experts
Actualtests 642-545 exam questions accompanied by exhibits
Drag and Drop questions as experienced in the Real Actualtests 642-545 Exams
How to prepare for 642-545 exam?
We designed Actualtests 642-545 Simulation kit to help you get certified effortlessly. Now you don’t need to spend your time and money searching for Actualtests 642-545 certification materials, books, etc., Actualtests 642-545 exam simulation contains everything you need to get certified. Just follow the instructions, focus on the study material and getting certified will be easy.
Free down:pass4sure 642-545
Free down:testking 642-545