Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-522 Exam -

Free 642-522 Sample Questions:

1.Which of these identifies basic settings for the security appliance, including a list of contexts?
A.primary configuration configuration
C.system configuration
D.admin configuration
Answer: C

2.What is the effect of the per­user­override option when applied to the access­group command syntax?
A.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
B.The log option in the per­user access list overrides existing interface log options.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It allows for extended authentication on a per­user basis.
Answer: C

3.What are two instances when sparse­mode PIM is most useful? (Choose two.)
A.when there are few receivers in a group
B.when there are many receivers in a group
C.when the type of traffic is intermittent
D.when the type of traffic is constant
E.when the traffic is not ethertype
F.when the traffic is ethertype
Answer: A, C

4.Which command enables IKE on the outside interface?
A.ike enable outside
B.ipsec enable outside
C.isakmp enable outside
D.ike enable (outbound)
Answer: C

5.What is the minimal number of physical interfaces required for all security appliance platforms to support VLANs?
Answer: B

6.What type of tunneling should be used on the VPN Client to allow IPSec traffic through a stateful firewall that may be performing NAT or PAT?
B.IPSec over TCP
C.IPSec over UDP
D.split tunneling
Answer: B

7.What is the result if the WebVPN url­entry parameter is disabled?
A.The end user is unable to access any CIFS shares or URLs.
B.The end user is able to access CIFS shares but not URLs.
C.The end user is unable to access pre­defined URLs.
D.The end user is able to access pre­defined URLs.
Answer: D

8.What are the two purposes of the same­security­traffic permit intra­interface command? (Choose two.)
A.It allows all of the VPN spokes in a hub­and­spoke configuration to be terminated on a single interface.
B.It allows communication between different interfaces that have the same security level
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It enables Dynamic Multipoint VPN.
Answer: A, C

9.When configuring a crypto map, which command correctly specifies the peer to which IPSec­protected traffic can be forwarded?
A.crypto map set peer
B.crypto map 20 set­peer insidehost
C.crypto­map policy 10 set
D.crypto map peer7 10 set peer
Answer: D

10.By default, the AIP­SSM IPS software is accessible from the management port at IP address Which CLI command should an administrator use to change the default AIP­SSM management port IP address?
A.hw module 1 setup
D.hw module 1 recover
Answer: C

11.The inline IPS software feature set is available in which security appliances?
A.any Cisco PIX and ASA Security Appliance running v.7 software and an AIP­SSM module
B.only Cisco PIX 515, 525, and 535 Security Appliances with an AIP­SSM module
C.only Cisco ASA 5520 and 5540 Security Appliances with an AIP­SSM module
D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIP­SSM module
Answer: D

12.Which is a hybrid protocol that provides utility services for IPSec, including authentication of the IPSec peers, negotiation of IKE and IPSec SAs, and establishment of keys for encryption algorithms?
Answer: C

13.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?
A.Use the shutdown command on the main interface
B.Omit the nameif command on the subinterface
C.Use the vlan command on the main interface.
D.Omit the nameif command on the main interface.
E.Use the shutdown and then use the nameif command on the main interface.
Answer: D

14.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces except the outside interface.
B.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to all interfaces be IPSec protected.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces, but it must be protected with SSH.
Answer: C

15.Why does the PIX security appliance record information about a packet in its stateful session flow table? build the reverse path forwarding (RFP) table to prevent spoofed source IP address establish a proxy session by relaying the application layer requests and responses between two endpoints compare against return packets for determining whether the packet should be allowed through the firewall track outbound UDP connections
Answer: C

16.In the Cisco ASA 5500 series, what is the flash keyword aliased to?
C.both Disk0 and Disk1
Answer: A

© 2014, All Rights Reserved