642-523 Sample Exam Questions, Cisco Practice Exam Demos Free Download

3COM

Adobe

Apple

Avaya

BEA Systems

Business Objects

Check Point

Cisco

Citrix

CIW

CompTIA

CWNP

EC-Council

EMC

Exam Express

Exin

Foundry Networks

HDI

Hitachi

IBM

ISC

ISEB

Juniper Networks

Lotus

LPI

Microsoft

Mile2

Network Appliance

Nortel

Novell

Oracle

PMI

RedHat

RSA Security

SAIR

SAS Institute

SNIA

Sun

Sybase

Symantec

Teradata

Tibco

Veritas

VMware

Cisco 642-523 Exam - Passitexam.com

Free 642-523 Sample Questions:

1.For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.10010.0.1.108 and a DNS server of 192.168.1.2?
A.dhcpd address 10.0.1.10010.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
B.dhcpd address range 10.0.1.10010.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ
C.dhcpd range 10.0.1.10010.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
D.dhcpd address range 10.0.1.10010.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer: A

2.Which description is correct about the output provided in the exhibit?

A.The ACLOUT access list has been designed to allow the IP address with the network address of
192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B.The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a network address of 192.168.6.0.
C.The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
D.The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
Answer: A

3.What is the effect of the peruseroverride option when applied to the accessgroup command syntax?
A.The log option in the peruser access list overrides existing interface log options.
B.It allows for extended authentication on a peruser basis.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
Answer: C

4.In order to recover the Cisco ASA password, which operation mode should you enter?
A.configure
B.unprivileged
C.privileged
D.monitor
Answer: D

5.Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?
A.show ip nat all
B.show runningconfiguration nat
C.show xlate
D.show nat translation
Answer: C

6.What is the result if the WebVPN urlentry parameter is disabled?
A.The end user is unable to access predefined URLs.
B.The end user is unable to access any CIFS shares or URLs.
C.The end user is able to access CIFS shares but not URLs.
D.The end user is able to access predefined URLs.
Answer: D

7.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose three.)
A.IPsec over TCP
B.IPsec over UDP
C.ESP
D.AH
Answer: A, B, C

8.Tom is a network administrator, study the exhibit carefully. He wants to authenticate remote users who are accessing the P4SWEB server from the Internet. When a remote user initiates a session to the P4SWEB server, the ASA1 security appliance will verify the user's credentials with the TX_ACS AAA server via RADIUS. In order to achieve this goal, Tom needs to load and configure Cisco ACS software on the TX_ACS AAA server. During the process, he should appropriately configure the AAA client information in the Cisco ACS network configuration window. What should Tom place in field A (AAA Client Hostname) and field B (AAA Client IP address)?

A.A P4SPC B 192.168.2.10
B.A TX_ACS B 10.0.1.10
C.A P4SWEB B 172.16.1.2
D.A ASA1 B 10.0.1.1
Answer: D

9.What are the two purposes of the samesecuritytraffic permit intrainterface command? (Choose two.)
A.It allows all of the VPN spokes in a hubandspoke configuration to be terminated on a single interface.
B.It enables Dynamic Multipoint VPN.
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It allows communication between different interfaces that have the same security level
Answer: A, C

10.How many unique transforms will included in a single transform set while configuring a crypto ipsec transformset command?
A.three
B.two
C.four
D.one
Answer: B

11.Which of these identifies basic settings for the security appliance, including a list of contexts?
A.network configuration
B.admin configuration
C.system configuration
D.primary configuration
Answer: C

12.By default, the AIPSSM IPS software is accessible from the management port at IP address
10.1.9.201/24. Which CLI command should an administrator use to change the default AIPSSM management port IP address?
A.interface
B.hw module 1 recover
C.setup
D.hw module 1 setup
Answer: C

13.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?
A.set connection
B.nat
C.static
D.HTTPmap
Answer: D

14.Which three potential groups are of users for WebVPN? (Choose three.)
A.employees accessing specific internal applications from desktops and laptops not managed by IT
B.administrators who need to manage servers and networking equipment
C.employees that only need occasional corporate access to a few applications
D.users of a customer service kiosk placed in a retail store
Answer: A, C, D

15.The inline IPS software feature set is available in which security appliances?
A.only Cisco ASA 5520 and 5540 Security Appliances with an AIPSSM module
B.any Cisco PIX and ASA Security Appliance running v.7 software and an AIPSSM module
C.only Cisco PIX 515, 525, and 535 Security Appliances with an AIPSSM module
D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIPSSM module
Answer: D

16.For the following commands, which one would offer detailed information about the crypto map configurations of a Cisco ASA?
A.show crypto map
B.show run ipsec sa
C.show ipsec sa
D.show run crypto map
Answer: D

17.Which one of the following commands will prevent all SIP INVITE packets, such as callingparty and requestmethod, from specific SIP endpoints?
A.Use the match callingparty command in a class map. Apply the class map to a policy map that contains the match requestmethods command.
B.Group the match commands in a SIP inspection class map.
C.Use the match requestmethods command in an inspection class map. Apply the inspection class map
to an inspection policy map that contains the match callingparty command.
D.Group the match commands in a SIP inspection policy map.
Answer: B

18.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?
A.Use the vlan command on the main interface.
B.Use the shutdown command on the main interface
C.Omit the nameif command on the subinterface
D.Omit the nameif command on the main interface.
Answer: D

19.Please look at the follwing picture: Which of the following traffic is permitted based on the current accesslist configuration?

A.FTP traffic from any outside host to the 172.16.1.2 host on the DMZ1 network
B.HTTP and HTTPS traffic from the 172.16.10.2 DMZ2 host to any host on the outside
C.Any IP traffic from any outside host to the 172.16.10.2 host on the DMZ2 network
D.Any IP traffic from any outside host to the 172.16.1.2 host on the DMZ1 network
Answer: A

20.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to
all interfaces be IPSec protected.
B.You can enable Telnet on all interfaces, but it must be protected with SSH.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces except the outside interface.
Answer: C

Copyright (c) 2001-2010 PassITExam.com®
World Class IT Certification Dumps, Practice Exams - Pass at your first try! Testking Free Exam Questions