[ Free Actualtest Braindumps- IT certification training&Study Guide,Guarantee to PASS! ]
» PassGuide.com-Provides Actualtest Questions And Answers,Successful for IT Certification or Full Refund for you Tue 09 Feb 2010 - 00:15:05 *
Welcome, Guest. Please Lost your Pass? or register.

Login with username, password
Search  
Archives


passguide

Recent Posts


Top Posts of the Day

  • No posts viewed yet.

Tags


Blogroll
« »
Actualtests CCSP 642-523

Securing Networks with PIX and ASA : 642-523 Exam642-523 SNPA
Securing Networks with PIX and ASA

Exam Number: 642-523
Associated Certifications: CCSP/Cisco Firewall Specialist
Duration: 90 minutes (63 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA Security Appliance products.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Install and configure a Security Appliance for basic network connectivity
Describe the Security Appliance hardware and software architecture
Determine the Security Appliance hardware and software configuration and verify if it is correct
Use setup or the CLI to configure basic network settings, including interface configurations
Use appropriate show commands to verify initial configurations
Configure NAT and global addressing to meet user requirements
Configure DHCP client option
Set default route
Configure logging options
Describe the firewall technology
Explain the information contained in syslog files
Configure static address translations
Configure Network Address Translations: PAT
Verify network address translation operation

Configure a Security Appliance to restrict inbound traffic from untrusted sources
Configure access-lists to filter traffic based on address, time, and protocols
Configure object-groups to optimize access-list processing
Configure Network Address Translations: Nat0
Configure Network Address Translations: Policy NAT
Configure java/activeX filtering
Configure URL filtering
Verify inbound traffic restrictions
Configure static port redirection
Configure a net static
Set embryonic and connection limits on the Security Appliance

Configure a Security Appliance to provide secure connectivity using site-to-site VPNs
Explain the basic functionality of IPsec
Configure IKE with preshared keys
Differentiate between the types of encryption
Configure IPsec parameters
Configure crypto-maps and ACLs

Configure a Security Appliance to provide secure connectivity using remote access VPNs
Explain the functions of EasyVPN
Configure IPsec using EasyVPN Server/Client
Configure the Cisco Secure VPN client
Explain the purpose of SSL VPN
Configure WebVPN services: Server/Client
Verify VPN operations
Install and Configure SVCs
Install and Configure Cisco Secure Desktop

Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance
Explain differences between L2 and L3 operating modes
Configure Security Appliance for transparent mode (L2)
Explain purpose of virtual firewalls
Configure Security Appliance to support virtual firewall
Monitor and maintain virtual firewall
Explain the types, purpose and operation of fail-over
Install appropriate topology to support cable-based or LAN-based fail-over
Explain the hardware, software and licensing requirements for high-availability
Configure the Security Appliance for active/standby fail-over
Configure the Security Appliance for stateful fail-over
Configure the Security Appliance for active-active fail-over
Verify fail-over operation
Recover from a fail-over
Allocate resources to virtual firewalls

Configure AAA services for the Security Appliance
Configure ACS for Security Appliance support
Configure Security Appliance to use AAA feature
Configure authentication using both local and external databases
Configure authorization using an external database
Configure the ACS server for downloadable ACLs
Configure accounting of connection start/stop
Verify AAA operation

Configure routing and switching on a Security Appliance
Enable DHCP server and relay functionality
Configure VLANs on a Security Appliance interface
Configure Security Appliance to pass multi-cast traffic

Configure Security Appliance advanced application layer and modular policy features
Configure a class-map
Configure a policy-map
Configure a service-policy
Configure a ftp-map
Configure a http-map
Configure an inspection protocol
Explain the function of protocol inspection
Explain DNS guard feature
Describe the AIP-SSM HW and SW
Load IPS SW in the AIP-SSM
Verify AIP-SSM
Configure an IPS modular policy
Describe the CSC-SSM HW and SW
Configure a typed class map
Configure a typed policy map
Use typed policy maps to specify granular inspection parameters for a policy map
Configure regex class maps
Create regular expressions
Load CSC SW on the SSM
Verify the CSC-SSM
Divert traffic to the CSC-SSM
Initialize the CSC-SSM

Monitor and manage an installed Security Appliance
Obtain and apply OS updates
Backup and restore configurations and software
Explain the Security Appliance file management system
Perform password/lockout recovery procedures
Obtain and upgrade license keys
Configure passwords for various access methods: Telnet, serial, enable, SSH
Configure various access methods: Telnet, SSH, ASDM
Configure command authorization and privilege levels
Configure local username database
Verify access control methods
Enable ASDM functionality
Verify a Security Appliance configuration via ASDM
Verify the licensing available on a Security Appliance
Add, delete, and modify syslog messages

Free Sample :PassGuide-it certification Printable PDF Or software Download: Actualtest offers free demo for IT certification Exams You can check out the interface, question quality and usability of our IT Simulation exams before you decide to buy it. We are the only one site can offer demo for almost all products http://demo.passguide.com/download passguide braindumps

Exam Number/Code: 642-523
Exam Name:Securing Networks with PIX and ASA

“Securing Networks with PIX and ASA”, also known as 642-523 exam, is a Cisco certification. With the complete collection of questions and answers,Actualtests has assembled to take you through 63 Q&As to your 642-523 Exam preparation. In the 642-523 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Free Demo DownloadActualtests offers free demo for 642-523 exam (Securing Networks with PIX and ASA). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.

QUESTION 11:
What does the activation-key command in the Cisco ASA do?
A. Applies the activation key to the Cisco ASDM so the Cisco ASA can be managed
using a web interface
B. Applies the activation key to the Cisco ASA operating system, so that the Cisco ASA
is licensed and all features are available
C. Activates the SSM module in the Cisco ASA, providing intrusion protection and
content filtering
D. Automatically activates the Cisco ASA, allowing it to be configured right out of the
box
Answer: B
QUESTION 12:
Which three of these are required in order to set up a CSC SSM on the Cisco ASA?
(Choose three.)
A. The IP Address of the CSC interface
642-523
Actualtests.com – The Power of Knowing
B. An SSL Certificate to user for HTTPS connections
C. An E-mail address for notifications
D. Activation codes
E. DNS names of critical hosts
F. IP Addresses of external routers
Answer: A,C,D
QUESTION 13:
Which of these commands enables IKE on the outside interface?
A. isakmp enable outside
B. ike enable outside
C. nameif outside isakmp enable
D. int g0/0 ike enable (outbound)
Answer: A
QUESTION 14:
The Cisco VPN Client supports which three of these tunneling protocols and methods?
(Choose three.)
A. ESP
B. IPSec over UDP
C. LZS
D. SCEP
E. IPSec over TCP
F. AH
Answer: A,B,E
QUESTION 15:
Which three of these are potential groups of users for WebVPN? (Choose three.)
A. Remote Employees that need daily access to the internet corporate network
B. Employees that only need occasional corporate access to a few applications
C. Employees accessing specific internal applications from desktops and laptops not
managed by IT
D. Administrators who need to manage servers and networking equipment
E. Users of a customer service kiosk placed in a retail store
642-523
Actualtests.com – The Power of Knowing
F. Employees that need access to a wide range of corporate applications
Answer: B,C,E
QUESTION 16:
Which of the following statements about the Configuration of WebVPN on the Cisco
ASA is true for Cisco ASA version 7.2?
A. WebVPN and Cisco ASDM can’t be enabled at the same time on the Cisco ASA
B. WebVPN and Cisco ASDM can only be enabled at the same time using the command
line interface
C. WebVPN and Cisco ASDM can’t run on the same interface
D. WebVPN and Cisco ASDM can both be enabled on the same interface but must run
on different TCP ports
Answer: D
QUESTION 17:
Which command configures the Cisco ASA console for SSH access by a local user?
A. ssh username sysadmin password cisco123
B. aaa authentication ssh console LOCAL
C. aaa authentication ssh LOCAL
D. ssh console username sysadmin password cisco123
Answer: B
QUESTION 18:
SIMULATION
Network topology exhibit:
642-523
Actualtests.com – The Power of Knowing
You work as a network engineer at Certkiller .com. You have installed a brand new ASA.
You have configured it with factory-default, single mode.
Your boss, Ms. Certkiller, has asked you to make further configurations.
More specifically, use host Certkiller A to:
* add two security appliance contexts and tx2.
* allocate appropriate interface to each context
* identify location from which the system downloads the context configuration
* the context named dminand will support interfaces GigabetEthernet0/0 and
GigabitEthernet0/1
* the context named dminand must be stored in the ASA flash file admin.cfg
* the context named tx2 will support interfaces GigabetEthernet0/2 and
GigabitEthernet0/3
* the context named tx2 must be stored in the ASA flash file ctx2.cfg
You are finished with the task after the contexts are created, interfaces allocated and
context configuration file locations are configured in the ASA system context.
Answer:
Explanation:
ASA(config)#admin-context admin
ASA(config)#context admin
ASA(config-ctx)#allocate-interface gigabitethernet0/0
ASA(config-ctx)#allocate-interface gigabitethernet0/1
ASA(config-ctx)#config-url flash:/admin.cfg
ASA(config-ctx)#exit
ASA(config)#context tx2
ASA(config-ctx)#allocate-interface gigabitethernet0/2
ASA(config-ctx)#allocate-interface gigabitethernet0/3
ASA(config-ctx)#config-url flash:/ctx2.cfg
642-523
Actualtests.com – The Power of Knowing
QUESTION 19:
Which of these commands would block all SIP INVITE packets, such as calling-party
and request-method from specific SIP EndPoints?
A. Use the match calling-party command in a class map. Apply the class map to a policy
map that contains the match request-methods command.
B. Group match commands in the global_polocy policy map
C. Group the match commands in a SIP inspection policy map
D. Group the match commands in a SIP inspection class map
Answer: D
QUESTION 20:
Which three of these protocols can the content security and control module for the Cisco
ASA be configured to scan? (Choose three.)
A. Telnet
B. SMTP
C. FTP
D. POP3
E. HTTPS
F. SSH
Answer: B,C,D

Free download:pass4sure CCSP 642-523
Free download?testking CCSP 642-523

Download Free PassGuide Product, Help you pass any it Exams,Click Me
Actualtests Free Downloads

Type

 Exam Bible NEW Questions & Answers

Latest Updated

 Download link
Testking torrent All Actual-Test 's Exam Pack

858

 1 days ago Full Download
passguide dumps

Download Free Latest Actualtests Certification Braindumps

  1. Free Actualtest Actualtests CCSP 642-551
  2. Free Actualtest Actualtests CCSP 642-552
  3. Free Actualtest Actualtests CCSP 642-511
  4. Free Actualtest Actualtests CCSP 642-503
  5. Free Actualtest Actualtests CCSP 642-513
  6. Free Actualtest Actualtests CCSP 642-533
  7. Free Actualtest Actualtests CCSP 642-591
  8. Free Actualtest Actualtests CCSP 642-524
  9. Free Actualtest Actualtests CCSP 642-515
  10. Free Actualtest Actualtests CCSP 642-522

Viewed 368 times
By [ Download Free Actualtests Dumps ] On [ October 6th, 2008 - 10:34 pm ] in [ Cisco ] -
Tags: [ ]

Comment

Leave a Reply
Categories


Top Posts Overall


Meta
Any charges made through this site will appear as Pass Guide Certification LTD. PassGuide Materials do not contain actual questions and answers from Microsoft's Certification Exams