Securing Networks with PIX and ASA Exam(SNPA) : 642-522 Exam The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.

Exam Number/Code: 642-522
Exam Name: Securing Networks with PIX and ASA Exam(SNPA)
VUE Code: 642-522
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

“Securing Networks with PIX and ASA Exam(SNPA)”, also known as 642-522 exam, is a Cisco certification.
Preparing for the 642-522 exam? Searching 642-522 Test Questions, 642-522 Practice Exam, 642-522 Dumps?

With the complete collection of questions and answers, PassGuide has assembled to take you through 63 Q&A we offer correct answers for simulate questions. to your 642-522 Exam preparation. In the 642-522 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
642-522 SNPA
Securing Networks with PIX and ASA Exam
Last day to test 10/13/2007
Exam Number: 642-522
Associated Certifications: CCSP, Cisco Firewall Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.
Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Install and configure a security appliance for basic network connectivity

* Describe the Security Appliance hardware and software architecture
* Determine the Security Appliance hardware and software configuration and verify if it is correct
* Use setup or the CLI to configure basic network settings, including interface configurations
* Use appropriate show commands to verify initial configurations
* Configure NAT and global addressing to meet user requirements
* Configure DHCP client option
* Set default route
* Configure logging options
* Describe the firewall technology
* Explain the information contained in syslog files
* Configure static address translations
* Configure Network Address Translations: PAT
* Configure static port redirection
* Configure a net static
* Set embryonic and connection limits on the security appliance
* Verify network address translation operation

Configure a security appliance to restrict inbound traffic from untrusted sources

* Configure access-lists to filter traffic based on address, time, and protocols
* Configure object-groups to optimize access-list processing
* Configure Network Address Translations: Nat0
* Configure Network Address Translations: Policy NAT
* Configure java/activeX filtering
* Configure URL filtering
* Verify inbound traffic restrictions

Configure a security appliance to provide secure connectivity using site-to-site VPNs

* Explain certificates, certificate authorities and how they are used
* Explain the basic functionality of IPSec
* Configure IKE with preshared keys
* Configure IKE to use certificates
* Differentiate between the types of encryption
* Configure IPSec parameters
* Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs

* Explain the functions of EasyVPN
* Configure IPSec using EasyVPN Server/Client
* Configure the Cisco Secure VPN client
* Explain the purpose of WebVPN
* Configure WebVPN services: Server/Client
* Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance

* Explain differences between L2 and L3 operating modes
* Configure security appliance for transparent mode (L2)
* Explain purpose of virtual firewalls
* Configure security appliance to support virtual firewall
* Monitor and maintain virtual firewall
* Explain the types, purpose and operation of fail-over
* Install appropriate topology to support cable-based or LAN-based fail-over
* Explain the hardware, software and licensing requirements for high-availability
* Configure the SA for active/standby fail-over
* Configure the SA for stateful fail-over
* Configure the SA for active-active fail-over
* Verify fail-over operation
* Recover from a fail-over

Free Pass4sure p4s Practice Engine Demo Download PassGuide offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try passguide exam practice engine

Configure AAA services for access through a security appliance

* Configure ACS for security appliance support
* Configure security appliance to use AAA feature
* Configure authentication using both local and external databases
* Configure authorization using an external database
* Configure the ACS server for downloadable ACLs
* Configure accounting of connection start/stop
* Verify AAA operation

Configure routing and switching on a security appliance

* Enable DHCP server and relay functionality
* Configure VLANs on a security appliance interface
* Configure routing functionality of security appliance including OSPF, RIP
* Configure security appliance to pass multi-cast traffic
* Configure ICMP on the security appliance

Configure a modular policy on a security appliance

* Configure a class-map
* Configure a policy-map
* Configure a service-policy
* Configure a ftp-map
* Configure a http-map
* Configure an inspection protocol
* Explain the function of protocol inspection
* Explain DNS guard feature
* Describe the AIP-SSM HW and SW
* Load IPS SW on the AIP-SSM
* Verify AIP-SSM
* Configure an IPS modular policy

Monitor and manage an installed security appliance

* Obtain and apply OS updates
* Backup and restore configurations and software
* Explain the security appliance file management system
* Perform password/lockout recovery procedures
* Obtain and upgrade license keys
* Configure passwords for various access methods: Telnet, serial, enable, SSH
* Configure various access methods: Telnet, SSH, PDM
* Configure command authorization and privilege levels
* Configure local username database
* Verify access control methods
* Enable ASDM functionality
* Verify a security appliance configuration via ASDM
* Verify the licensing available on a security appliance

QUESTION 24
The following output was seen on a Certkiller PIX firewall:
Refer to the show run output in the exhibit shown above. Which access-list
configuration using the object-groups shown will only permit HTTP and HTTPS
traffic from any host on 10.1.1.0/24 to any host on 192.168.1.0/24?
A. access-list aclin extended permit tcp object-group test2 object-group test1
object-group test3
B. access-list aclin extended permit tcp object-group test1 object-group test2
object-group test3
C. access-list aclin extended permit tcp object-group test1 object-group test3
object-group test2
D. access-list aclin extended permit ip object-group test1 object-group test2
Answer: B
Explanation:
To use object groups in an access list, replace the normal protocol (protocol), network
(source_addressmask, etc.), service (operator port), or ICMP type (icmp_type) parameter
with object-group grp_id parameter.
For example, to use object groups for all available parameters in theaccess-list {tcp |
udp} command, enter the following command:
hostname(config)# access-list access_list_name [line line_number] [extended]{deny|
permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group
nw_grp_id [object-group svc_grp_id] [log[[level] [interval secs] | disable | default]]
[inactive | time-range time_range_name]
Fundamentally, the same access rules apply whether of not object groups are used. First,
the source network or networks is looked at, then the destination network, and finally the
protocols used. Therefore, choice B is correct.
Reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf0.html#

w
QUESTION 25
A new Certkiller security appliance is being configured for object groups. Which two
of these are valid types of object groups? (Choose two)
A. Ping
B. Service
C. Protocol
D. Port
E. TCP
F. UDP
Answer: B, C
Explanation:
The following lists the various object groups that can be configured:
- ICMP-Type Object Group
The ICMP-type object group is used in order to specify specific ICMP types for use only
with ICMP access control lists (ACLs) and conduits.
- Network Object Group
Use the network object group in order to specify host IP addresses or subnet ranges that
you want to define in an ACL or conduit.
- Protocol Object Group
Use the protocol object group in order to specify a protocol(s) that you want to define in
an ACL or conduit.
- Service Configuration
Use the service object group in order to specify specific or ranges of TCP and/or UDP
ports that you want to define in an ACL or conduit.
Reference:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml#using

QUESTION 26
Object groups are being configured on a Certkiller security appliance. When are
duplicate objects allowed in object groups?
A. Never
B. Always, because there are no conditions or restrictions.
C. When a group object is included and causes the group hierarchy to become circular.
D. When they are due to the inclusion of group objects.
Answer: D

Questions and Answers : 63 Q&A we offer correct answers for simulate questions.
Updated: 2008-2-19
Market Price: $129.99
Member Price: $79.99

Free download:PassGuide CCSP 642-522
Free download:PassGuide CCSP 642-522
more info:www.ciscoexams.org

PassGuide Certificaton Practice test,Study Guide,Training Materials

1. Free P4S Cisco CCSP Exam 642-521 v2.83
2. Free PassGuide ccsp 642-551 v2.73
3. Free P4S Cisco CCSP Exam 642-532 v2.93
4. Free PassGuide ccsp 642-515 SNAA 2.95
5. Free PassGuide cisco ccsp 642-591 2.93
6. Free PassGuide ccsp 642-523 v2.73
7. Free PassGuide ccsp 642-522 v2.93
8. Free PassGuide ccsp 642-522 v2.73
9. Free PassGuide Cisco CCSP Exam 642-545 2.77
10. Free P4S Cisco CCSP Exam 642-552 v2.73
11. Free PassGuide CCSP 642-524 SNAF 2.83
12. Free P4S Cisco CCSP Exam 642-551 v2.93

PassGuide certification Braindumps and training materials are GUARANTEED to help you pass your IT exams.Such as Microsoft Cisco, CompTIA, Oracle,IBM, Sun Juniper HP Checkpoint and other vendor.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All PassGuide's Exam Pack	858	1 days ago	PassGuideTesting Engines

PassGuide Braindumps-PassGuide Test Software Help You Quick Pass Any IT Certifications Exams