Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-523 Exam -

Free 642-523 Sample Questions:

1.For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of­ and a DNS server of
A.dhcpd address­ DMZ dhcpd dns dhcpd enable DMZ
B.dhcpd address range­ dhcpd dns server dhcpd enable DMZ
C.dhcpd range­ DMZ dhcpd dns server dhcpd DMZ
D.dhcpd address range­ dhcpd dns dhcpd enable
Answer: A

2.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to
all interfaces be IPSec protected.
B.You can enable Telnet on all interfaces, but it must be protected with SSH.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces except the outside interface.
Answer: C

3.What is the effect of the per­user­override option when applied to the access­group command syntax?
A.The log option in the per­user access list overrides existing interface log options.
B.It allows for extended authentication on a per­user basis.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
Answer: C

4.In order to recover the Cisco ASA password, which operation mode should you enter?
Answer: D

5.Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations? ip nat all running­configuration nat xlate nat translation
Answer: C

6.What is the result if the WebVPN url­entry parameter is disabled?
A.The end user is unable to access pre­defined URLs.
B.The end user is unable to access any CIFS shares or URLs.
C.The end user is able to access CIFS shares but not URLs.
D.The end user is able to access pre­defined URLs.
Answer: D

7.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose three.)
A.IPsec over TCP
B.IPsec over UDP
Answer: A, B, C

8.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?
A.Use the vlan command on the main interface.
B.Use the shutdown command on the main interface
C.Omit the nameif command on the subinterface
D.Omit the nameif command on the main interface.
Answer: D

9.What are the two purposes of the same­security­traffic permit intra­interface command? (Choose two.)
A.It allows all of the VPN spokes in a hub­and­spoke configuration to be terminated on a single interface.
B.It enables Dynamic Multipoint VPN.
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It allows communication between different interfaces that have the same security level
Answer: A, C

10.How many unique transforms will included in a single transform set while configuring a crypto ipsec transform­set command?
Answer: B

11.Which of these identifies basic settings for the security appliance, including a list of contexts? configuration
B.admin configuration
C.system configuration
D.primary configuration
Answer: C

12.By default, the AIP­SSM IPS software is accessible from the management port at IP address Which CLI command should an administrator use to change the default AIP­SSM management port IP address?
B.hw module 1 recover
D.hw module 1 setup
Answer: C

13.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?
A.set connection
Answer: D

14.Which three potential groups are of users for WebVPN? (Choose three.)
A.employees accessing specific internal applications from desktops and laptops not managed by IT
B.administrators who need to manage servers and networking equipment
C.employees that only need occasional corporate access to a few applications
D.users of a customer service kiosk placed in a retail store
Answer: A, C, D

15.The inline IPS software feature set is available in which security appliances?
A.only Cisco ASA 5520 and 5540 Security Appliances with an AIP­SSM module
B.any Cisco PIX and ASA Security Appliance running v.7 software and an AIP­SSM module
C.only Cisco PIX 515, 525, and 535 Security Appliances with an AIP­SSM module
D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIP­SSM module
Answer: D

16.For the following commands, which one would offer detailed information about the crypto map configurations of a Cisco ASA? crypto map run ipsec sa ipsec sa run crypto map
Answer: D

17.Which one of the following commands will prevent all SIP INVITE packets, such as calling­party and request­method, from specific SIP endpoints?
A.Use the match calling­party command in a class map. Apply the class map to a policy map that contains the match request­methods command.
B.Group the match commands in a SIP inspection class map.
C.Use the match request­methods command in an inspection class map. Apply the inspection class map
to an inspection policy map that contains the match calling­party command.
D.Group the match commands in a SIP inspection policy map.
Answer: B

© 2014, All Rights Reserved