p4s Securing Networks with PIX and ASA : 642-523 Exam

Exam Number/Code: 642-523
Exam Name: Securing Networks with PIX and ASA

“Securing Networks with PIX and ASA”, also known as 642-523 exam, is a Cisco certification.
Preparing for the 642-523 exam? Searching 642-523 Test Questions, 642-523 Practice Exam, 642-523 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-523 Exam preparation. In the 642-523 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

Questons and Answers : 63 Q&As
Updated: 10/29/2007

Securing Networks with PIX and ASA
Exam Number: 642-523
Associated Certifications: CCSP/Cisco Firewall Specialist
Duration: 90 minutes (63 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA Security Appliance products.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Install and configure a Security Appliance for basic network connectivity

* Describe the Security Appliance hardware and software architecture
* Determine the Security Appliance hardware and software configuration and verify if it is correct
* Use setup or the CLI to configure basic network settings, including interface configurations
* Use appropriate show commands to verify initial configurations
* Configure NAT and global addressing to meet user requirements
* Configure DHCP client option
* Set default route
* Configure logging options
* Describe the firewall technology
* Explain the information contained in syslog files
* Configure static address translations
* Configure Network Address Translations: PAT
* Verify network address translation operation

Configure a Security Appliance to restrict inbound traffic from untrusted sources

* Configure access-lists to filter traffic based on address, time, and protocols
* Configure object-groups to optimize access-list processing
* Configure Network Address Translations: Nat0
* Configure Network Address Translations: Policy NAT
* Configure java/activeX filtering
* Configure URL filtering
* Verify inbound traffic restrictions
* Configure static port redirection
* Configure a net static
* Set embryonic and connection limits on the Security Appliance

Configure a Security Appliance to provide secure connectivity using site-to-site VPNs

* Explain the basic functionality of IPsec
* Configure IKE with preshared keys
* Differentiate between the types of encryption
* Configure IPsec parameters
* Configure crypto-maps and ACLs

Configure a Security Appliance to provide secure connectivity using remote access VPNs

* Explain the functions of EasyVPN
* Configure IPsec using EasyVPN Server/Client
* Configure the Cisco Secure VPN client
* Explain the purpose of SSL VPN
* Configure WebVPN services: Server/Client
* Verify VPN operations
* Install and Configure SVCs
* Install and Configure Cisco Secure Desktop

Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance

* Explain differences between L2 and L3 operating modes
* Configure Security Appliance for transparent mode (L2)
* Explain purpose of virtual firewalls
* Configure Security Appliance to support virtual firewall
* Monitor and maintain virtual firewall
* Explain the types, purpose and operation of fail-over
* Install appropriate topology to support cable-based or LAN-based fail-over
* Explain the hardware, software and licensing requirements for high-availability
* Configure the Security Appliance for active/standby fail-over
* Configure the Security Appliance for stateful fail-over
* Configure the Security Appliance for active-active fail-over
* Verify fail-over operation
* Recover from a fail-over
* Allocate resources to virtual firewalls

Configure AAA services for the Security Appliance

* Configure ACS for Security Appliance support
* Configure Security Appliance to use AAA feature
* Configure authentication using both local and external databases
* Configure authorization using an external database
* Configure the ACS server for downloadable ACLs
* Configure accounting of connection start/stop
* Verify AAA operation

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

Configure routing and switching on a Security Appliance

* Enable DHCP server and relay functionality
* Configure VLANs on a Security Appliance interface
* Configure Security Appliance to pass multi-cast traffic

Configure Security Appliance advanced application layer and modular policy features

* Configure a class-map
* Configure a policy-map
* Configure a service-policy
* Configure a ftp-map
* Configure a http-map
* Configure an inspection protocol
* Explain the function of protocol inspection
* Explain DNS guard feature
* Describe the AIP-SSM HW and SW
* Load IPS SW in the AIP-SSM
* Verify AIP-SSM
* Configure an IPS modular policy
* Describe the CSC-SSM HW and SW
* Configure a typed class map
* Configure a typed policy map
* Use typed policy maps to specify granular inspection parameters for a policy map
* Configure regex class maps
* Create regular expressions
* Load CSC SW on the SSM
* Verify the CSC-SSM
* Divert traffic to the CSC-SSM
* Initialize the CSC-SSM

Monitor and manage an installed Security Appliance

* Obtain and apply OS updates
* Backup and restore configurations and software
* Explain the Security Appliance file management system
* Perform password/lockout recovery procedures
* Obtain and upgrade license keys
* Configure passwords for various access methods: Telnet, serial, enable, SSH
* Configure various access methods: Telnet, SSH, ASDM
* Configure command authorization and privilege levels
* Configure local username database
* Verify access control methods
* Enable ASDM functionality
* Verify a Security Appliance configuration via ASDM
* Verify the licensing available on a Security Appliance
* Add, delete, and modify syslog messages

1. Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an address
pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ
dhcpd dns 192.168.1.2 dhcpd enable DMZ
B. dhcpd range 10.0.1.100-10.0.1.108 DMZ
dhcpd dns server 192.168.1.2 dhcpd DMZ
C. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns 192.168.1.2 dhcpd enable
D. dhcpd address range 10.0.1.100-10.0.1.108
dhcpd dns server 192.168.1.2 dhcpd enable DMZ
Answer: A

4. Which command both verifies that NAT is working properly and displays active NAT translations?
A. show running-configuration nat
B. show nat translation
C. show xlate
D. show ip nat all
Answer: C

5. The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose three.)
A. IPsec over TCP
B. IPsec over UDP
C. ESP
D. AH
E. SCEP
F. LZS
Answer: ABC

6. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1
server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance
will verify the user’s credentials with the TX_ACS AAA server via RADIUS. To accomplish this, the
administrator must load and configure Cisco ACS software on the TX_ACS AAA server. During the process, the
administrator must correctly configure the AAA client information in the Cisco ACS network configuration
window.
What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP address)?

F. LZS
Answer: ABC

11. Which of these commands will provide detailed information about the crypto map configurations of a Cisco
ASA?
A. show run ipsec sa
B. show ipsec sa
C. show crypto map
D. show run crypto map
Answer: D
12. Which of these commands would block all SIP INVITE packets, such as calling-party and request-method,
from specific SIP endpoints?
A. Group the match commands in a SIP inspection policy map.
B. Group the match commands in a SIP inspection class map.
C. Use the match calling-party command in a class map. Apply the class map to a policy map that contains the
match request-methods command.
D. Use the match request-methods command in an inspection class map. Apply the inspection class map to an
inspection policy map that contains the match calling-party command.
E. Group the match commands in the global_policy policy map.
Answer: B

Free download:pass4sure CCSP 642-523
Free download:testking CCSP 642-523
more info:www.ciscoexams.org

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking