exam 642-523 preparation questions

Exam 642-523 study material

Made available by Aonetesting.com

Free 642-523 Exam Preparation Questions

Exam 642-523: Securing Networks with PIX and ASA

For Latest 642-523 Exam Questions and study guides- visit- http://www.aonetesting.com/642-523.html

http://www.aonetesting.com/642-523.html



Question:1 Which statement about Telnet and the security appliance is true? A. You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic

to all interfaces be IPSec protected. B. You can enable Telnet on all interfaces, but it must be protected with SSH. C. You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic

to the outside interface be IPSec protected. D. You can enable Telnet on all interfaces except the outside interface.

Answer: C Question:2 Please look at the follwing picture: Which of the following traffic is permitted based on the current access-list configuration?

A. FTP traffic from any outside host to the 172.16.1.2 host on the DMZ1 network B. HTTP and HTTPS traffic from the 172.16.10.2 DMZ2 host to any host on the outside C. Any IP traffic from any outside host to the 172.16.10.2 host on the DMZ2 network D. Any IP traffic from any outside host to the 172.16.1.2 host on the DMZ1 network

Answer: A Question:3 How is the address translation feature of the security appliance used in the current configuration? (Choose two)


A. Dynamic NAT is used to translate any host on the inside to a mapped address from the address pool of 192.168.1.20 to 192.168.1.254.

B. Port Address Translation (PAT) is used to translate any host on the inside to the 192.168.1.10 global address.

C. Static NAT is used to translate the 172.16.10.2 DMZ2 host address to a global address of 192.168.1.12

D. Dynamic NAT is used to translate any host on the DMZ1 network and the DMZ2 network to a mapped address from the address pool of 192.168.1.20 to 192.168.1.254.


Answer: A, C Question:4 Why does the PIX security appliance record information about a packet in its stateful session flow table? A. To establish a proxy session by relaying the application layer requests and responses between two

endpoints B. To track outbound UDP connections C. To compare against return packets for determining whether the packet should be allowed

through the firewall D. To build the reverse path forwarding (RFP) table to prevent spoofed source IP address Answer: C Question:5 What is the currently configured default gateway IP address on the security appliance?

A. 172.16.10.1 B. 172.16.1.1 C. 192.168.1.1 D. 10.0.1.1

Answer: C Question:6 Which hosts are allowed to manage this security appliance using ASDM or HTTPS?

A. The 10.0.1.11 host only B. The 172.16.1.2 host only

C. The 172.16.10.2 host only D. Any host on the 10.0.1.0/24 subnet

Answer: A Question:7 Which of these identifies basic settings for the security appliance, including a list of contexts? A. Network configuration B. Admin configuration C. System configuration D. Primary configuration

Answer: C Question:8 Which interface on this security appliance is enabled for DHCP server functionality?

A. None B. GigabitEthernet0/2 C. GigabitEthernet0/1 D. GigabitEthernet0/0

Answer: C Question:9 What is the maximum number of VLANs and physical interfaces supported based on the current security appliance software license?

A. 25 VLANs and 6 interfaces B. 10 VLANs and 3 interfaces C. 50 VLANs and 8 interfaces D. 100 VLANs and unlimited interfaces

Answer: D Question:10 An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections? A. Set connection B. Nat C. Static D. HTTP-map

Answer: D


For complete Exam 642-523 Training kits and Self-Paced Study Material

Visit:http://www.aonetesting.com/642-523.html

http://www.aonetesting.com


http://www.aonetesting.com/



exam 642-523 preparation questions

Documents