Exam 642-523 study material Made available by Testkingprep.com
Free 642-523 Exam Preparation Questions Exam 642-523: Securing Networks with PIX and ASA
For Latest 642-523 Exam Questions and study guides- visit- http://www.testkingprep.com/642-523.html
Question:1 For the following commands, which one would configure the adaptive security appliance to use an ACS server for console access authentication? A. aaa authentication console SRVGRP1 B. aaa authentication serial console LOCAL C. aaa authentication serial console SRVGRP1 LOCAL D. aaa authentication console LOCAL Answer: C Question:2 Study the exhibit carefully. When the show failover command has returned this output, what is the problem with the failover configuration? COMPANY-fw2# show failover Failover ON Cable status: Other side not connected Failover unit Primary Failover LAN Interface: N/A-Serial-based failover enabled Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 3 of 250 maximum Last Failover at: 13:21:38 UTC Dec 10 2004 This host: Primary-Active Active time: 200(sec) Interface outside (192.168.2.2): Normal (Waiting) Interface inside (10.0.2.1): Normal (Waiting) Interface dmz (172.16.2.1): Normal (Waiting) Other host: Secondary-Not detected Active time : 0(sec) Interface outside (192.168.2.7): Unknown (Waiting) Interface inside (10.0.2.7): Unknown (Waiting) Interface dmz (172.16.2.7): Unknown (Waiting) Stateful Failover Logical Update Statistics Link: Unconfigured A. The poll frequency is set too high to detect the secondary failover security appliance. B. The failover cable is not connected to the secondary failover security appliance. C. There is no problem; the timer that detects the secondary failover security appliance has not expired. D. The LAN-based failover interface has been shut down on the security appliance. Answer: B Question:3 You have configured the security appliance and an AAA server for authentication. Why does Telnet and FTP authentication work normally but HTTP authentication does not? A. You must specify HTTPS authentication in your configuration. B. The AAA server is not properly configured to accept HTTP authentication requests. C. You have not enabled HTTP authorization, which is required for HTTP authentication. D. HTTP reauthentication may be taking place with the web browser sending the cached username and password back to the security appliance. Answer: D Question:4 An administrator wants to protect a DMZ web server from SYN flood attacks. Which three of these commands, used individually, would allow the administrator to place limits on the number of embryonic connections? (Choose three.) A. nat B. access-list C. static D. set connection Answer: A, C, D Question:5 Which one of the following commands would offer interface IP information, the interface operational status, and the interface configuration method for an adaptive security appliance? A. show interface detail B. show interface ip brief C. show ip interface D. show interface stats
For Latest 642-523 Exam Questions and study guides- visit- http://www.testkingprep.com/642-523.html
Answer: B Question:6 Why include a deny statement at the end of an ACL, even though the implicit deny at the end of the ACL will block traffic as needed? A. You can view the hit counters with the show access-list command. B. As a back-up, in case the implicit deny does not work. C. There is no reason to include the deny statement. D. You can enable the turbo ACL feature for individual ACLs. Answer: A Question:7 Cisco's Adaptive Security Appliance (ASA) earns the silver in the network firewall category of our 2008 Product Leadership Awards. According to the exhibit. The ASA administrator is tasked to filter a single website on a host with the IP address 10.10.11.4, but allow access to all other websites. The administrator inputs the commands displayed and then executes them. Which two purposes are of the following commands? (Choose two.) COMPANY-asa1(config)# filter url http 0 0 0 0 COMPANY-asa1(config)# filter url except 10.10.11.4 255.255.255.255 0 0 A. Allow access to all website except those hosted at IP address 10.10.11.4 B. Filter the URLs found at the host with the IP address 10.10.11.4 C. Filter all URL requests D. Cause URL requests from the address 10.10.11.4 to be exempted from filtering Answer: C, D Question:8 Which statement best describes Active/Active failover configurations? A. Configure failover interface parameters in the "ADMIN" context. B. Use the failover active command to enable Active/Active failover on the Cisco ASA Security Appliance. C. Configure two failover groups: group 1 and group 2. D. Allocate interfaces to a failover group using the failover group sub-command mode. Answer: C Question:9 Which is a method of identifying the traffic requiring authorization on the security appliance? A. Independently interpreting authorization rules before authentication has occurred to decrease overall AAA processing time B. Specifying ACLs that authorization rules must match C. Checking the authentication rules for a match thus allowing the traffic to be authorized D. Implicitly enabling TACACS+ authorization rules in the response packet Answer: B Question:10 What is the objective of these commands based on the exhibit presented? COMPANY-asa1(config)# class MEDIUM-RESOURCE-SET COMPANY-asa1(config-class)# limit-resource ASDM 5 COMPANY-asa1(config-class)# limit-resource conns 20% A. They limit the MEDIUM-RESOURCE-SET class to five Cisco ASDM sessions and 20% of the system connection limit B. They guarantee five Cisco ASDM sessions and a system connection of 20% for resources belonging to the MEDIUM-RESOURCE-SET class C. They limit the MEDIUM-RESOURCE-SET class to five failed Cisco ASDM connection attempts and 20% of system resources D. They increase the default Cisco ASDM session limit by five for the MEDIUM-RESOURCE-SET class and increase the system connection limit by 20%
For Latest 642-523 Exam Questions and study guides- visit- http://www.testkingprep.com/642-523.html
Answer: A
For Latest 642-523 Exam Questions and study guides- visit- http://www.testkingprep.com/642-523.html
For complete Exam 642-523 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/642-523.html
http://www.testkingprep.com/
For Latest 642-523 Exam Questions and study guides- visit- http://www.testkingprep.com/642-523.html