Cisco 642-521 PDF Download, 50% Discount Cisco 642-521 Certification Exam On Our Store

Welcome to download the newest Pass4itsure SY0-401 dumps:

Flydumps certification Cisco 642-521 exam is a very important Hitachi certification exam in the IT industry, would like the examination must be fully prepared for the Cisco 642-521 exam is necessary. If you choose to enroll in the Cisco 642-521 exam you should choose a good learning materials or to choose a good training methods to prepare for the Cisco 642-521 exam. The Select Flydumps 100% to help you pass the Cisco 642-521 exam, according to the Cisco 642-521 exam subjects Flydumps Cisco 642-521 test is constantly changing, constantly update will provide the latest content of the Cisco 642-521. Flydumps have real and original Cisco 642-521 exam sample questions for preparing. Flydumps Cisco 642-521 exam sample questions and a close resemblance to the real Cisco 642-521 exam practice questions and answers.

QUESTION 108
How does the DNS Guard feature help prevent UDP sesion hijacking and DoS attacks?
A. It prevents all DNS responses from passing through the PIX Firewall.
B. It prevents any DNS name resolution requests to DNS servers behind the PIX Firewall.
C. Only the first reply from any given DNS server is allowed through the PIX Firewall. The PIX discards all other replies from the same server.
D. If multiple DNS servers are queried, only the first answer from the first server to reply is allowed through the PIX Firewall. The PIX does not wait for the default UDP timer to close the sessions but tears down connections to all DNS servers after receiving the first reply.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 109
When configuring a crypto map, which command correctly specifies the peer to which IPSec-protected traffic can be forwarded?
A. crypto map set peer 192.168.7.2
B. crypto map 20 set-peer insidehost
C. crypto-map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which command correctly specifies a transform set for a crypto map?
A. crypto transform-set name pix2
B. crypto map peer2 10 set transform-set pix2
C. transform-set pix2 set crypto map MYMAP
D. crypto-map policy 10 set 192.168.7.2
E. crypto map peer7 10 set peer 192.168.7.2
F. crypto transform peer2 10 set transform-set pix2

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
The LAN-based failover you configured does not work. Why? Choose two reasons.
A. You used a hub for failover operation.
B. You used a switch for failover operation.
C. You used a dedicated VLAN for failover operation.
D. You did not set a failover IP address.
E. You did not use a crossover Ethernet cable between the two PIX Firewalls.
F. You used a crossover Ethernet cable between the two PIX Firewalls.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 112
You have used the privilege command to set privilege levels for PIX Firewall commands. How can an administrator now gain access to a particular privilege level?
A. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the user name for that level.
B. From the > prompt, enter the login command with a privilege-level designation, when prompted enter the password.
C. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the password for that level.
D. From the > prompt, enter the enable command with a privilege-level designation, when prompted, enter the password for that level.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
What is the maximum number of PIX Firewalls the AUS will support?
A. 100
B. 500
C. 750
D. 1000
E. 2000

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 115
At a small site in the above network diagram, network administrator chose to authenticate WWW cut-through proxy traffic via a local database on the PIX Firewall. What commands should the administrator enter to accomplish this?

A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which statements about creating VPNs in PDM are true? Choose two.
A. When the inactivity timeout for all IPSec SAs have expired for a given VPN Client, the tunnel is established.
B. PDM supports tunnel policies that are not bound to an interface.
C. To create a crypto map, select crypto maps from the IPSec branch of the categories tree.
D. PDM hides the concept of crypto map.
E. After you create a tunnel policy in the VPN tab’s tunnel policy window, you must bind it to an interface from the Access Rules tab.
F. PDM does not support tunnel policies that are not bound to an interface. You must select an interface for a tunnel policy when you create it.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 117
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 118
Which protocols does the PIX Firewall use to enable call handling sessions, particularly two-party audio conferences or calls?
A. Remote Function Call
B. Session Initiation Protocol
C. Real-Time Transport Protocol
D. Point-to-Point Protocol over Ethernet

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 119
What command reassigns a specific command to a different privilege level?
A. privilege
B. command auth
C. level-priv D. curpriv

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Why use the shun command?
A. PIX Firewall does not support shunning
B. to enable the PIX Firewall to detect and block intrusion attempts
C. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its source address
D. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its destination address

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
What is the default port number that the PIX Firewall uses to contact the AUS?
A. 25
B. 110
C. 443
D. 444

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You are attempting to create a protocol object group to contain a group of protocols frequently used by users on your network. You enter the command object-group protocol PROTO. What happens?
A. You get an error message
B. You get the proper syntax for the object-group command
C. You get a sub-command prompt: pixfirewall (config-protocol)#
D. You get the prompt pixfirewall(config)# access-list so that you can quickly insert the object group into an ACL

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have 100 users on your internal network; you want only six of these users to perform FTP, Telnet, or HTTP outside the network. Which PIX Firewall feature do you enable?
A. access lists
B. AAA
C. object grouping
D. VAC+

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 125
The administrator would like to create an inactivity timeout value of 10 minutes on all console cable sessions. To do so, the administrator would enter which command?
A. Pix1 (config) # enable timeout 10
B. Pix1 (config) # console timeout 10
C. Pix1 (config) # authentication console timeout 10
D. Pix1 (config) # console-idle-timeout timeout10

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
If you configure a VPN between a Cisco VPN Client and the PIX Firewall using pre-shared keys for authentication, which should you do? Choose two.
A. Use pre-shared keys for authentication.
B. Use digital certificates for authentication instead of pre-shared keys.
C. Do not use digital certificates for authentication.
D. Ensure that the password on the VPN client matches the vpngroup password on the PIX Firewall.
E. Ensure that the group name differs from the VPN group name on the PIX Firewall.
F. Ensure that the group name on the VPN Client matches the vpngroup name on the PIX Firewall.
Correct Answer: DF Section: (none) Explanation

Explanation/Reference:
QUESTION 127
The PDM runs on which operating systems? Choose the best answer.
A. Windows, Macintosh, and Linux
B. Windows and Sun Solaris
C. Windows, Linux, and Sun Solaris
D. Windows and Linux

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which command enables IKE on the outside interface?
A. ike enable outside
B. ipsec enable outside
C. isakmp enable outside
D. ike enable (outbound)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Cisco IP phones download their configurations from a TFTP server. How do you enable the PIX Firewall to provide information about a TFTP server to the IP phones?
A. using the tftp server command
B. enable the PIX Firewall’s TFTP fixup
C. configure the PIX Firewall’s DHCP server and enable DHCP option 150 or DHCP option 66
D. configure the PIX Firewall’s TFTP server and enable TFTP option 150 or DHCP option 66

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

When deciding to choose Flydumps Cisco 642-521 exam sample questions, you will choose the success in Cisco 642-521 exam. You aren’t planning to purchase a non reusable solution. Cisco 642-521 exam sample questions changes are supplied no cost. It doesn’t matter how shortly you choose grab the specific Cisco 642-521 exam sample questions accreditation, take the real Cisco 642-521 questions qualification, it will be easy just to walk in the screening space as assured as the Certification Administrator. Several Cisco 642-521 study books contain questions at the end of each chapter. Candidates should be able to practice Cisco 642-521 exam sample questions. If you plan for your free using your Flydumps assessment serps, most people ensure making money online within the initial endeavor.

Welcome to download the newest Pass4itsure SY0-401 dumps: http://www.pass4itsure.com/SY0-401.html

ISEB BH0-005 Exam Collection, First-hand ISEB BH0-005 New Questions On Sale

Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Flydumps Cisco 642-521 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps assistance.

QUESTION 71
What command applies a blocking function to an interface receiving an attack?
A. conduit
B. ip deny
C. interface
D. shun

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
After configuring a PIX Firewall to run two OSPF processes, what is the default state for passing LSA 3 advertisements?
A. LSA 3 advertisements can pass between areas within a process, but not between processes.
B. LSA 3 advertisements can pass between processes, but not between areas within a process.
C. LSA 3 advertisements can not pass between processes or areas.
D. LSA 3 advertisements can pass between processes and areas.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Your primary PIX Firewall is currently the active unit in your failover topology. What will happen to the current IP addresses on the primary PIX Firewall if it fails?
A. They become those of the standby PIX Firewall.
B. The ones on the primary PIX Firewall remain the same, but the current IP addresses of the secondary become the virtual IP addresses you configured.
C. They are deleted.
D. The ones on both the primary and secondary PIX Firewalls are deleted and both assume the failover IP addresses you configured.

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 74
What is the maximum number of transforms in a transform set?
A. 3
B. 6
C. 9
D. 10

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which command enables intrusion detection in the PIX Firewall?
A. shun
B. enable ids
C. ip audit
D. ids enable

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 76
How does the PDM running on the FWSM differ from PDM running on the PIX Firewall?
A. When running on the FWSM, the PDM has a Startup Wizard.
B. When running on the FWSM, the PDM has a VPN Wizard.
C. When running on the FWSM, the PDM does not have a VPN tab.
D. When running on the FWSM, the PDM does not have a System Properties tab.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What is the purpose of the who command?
A. to enable you to view which IP addresses are currently accessing the PIX Firewall console via Telnet
B. to enable you to view which IP addresses are currently accessing the PIX Firewall console via SSH
C. to remove Telnet access from a previously authorized IP address
D. to enable you to view who is currently accessing the PIX Firewall Device Manager console from a browser
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 78
Which tasks enable DHCP server support on the PIX Firewall? Choose two.
A. Specify a range of addresses for the DHCP server to distribute by using the dhcp ippool command.
B. Specify a range of addresses for the DHCP server to distribute by using the dhcpd address command.
C. Use the iphelper command to enable the PIX Firewall to pass broadcast messages between its DHCP client and DHCP server.
D. Enable the DHCP daemon within the PIX Firewall to listen for DHCP client requests on the enabled interface by using the dhcpd enable command.
E. Enable the PIX Firewall to distribute IP addresses to its DHCP clients from a global pool by using the global command with the dhcp option. Specify the IP address of at least one DNS server.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which statements about the static command are true? Choose two.
A. It cannot be used alone for outbound connections.
B. Statics take precedence over nat and global command pairs.
C. The nat and global command pairs take precedence over statics.
D. If a global IP address will be used for PAT, you should not use the same global IP address for a static translation.
E. If a global IP address will be used for port address translation, you should use the same global IP address for a static translation.
F. If a global IP address will be used in a global pool for use with NAT, you should use the same global IP address for a static translation.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 80
How can downloadable ACLs increase your efficiency when you find yourself creating massive amounts of ACLs on several different PIX Firewalls?
A. They enable you to configure your PIX Firewall to download pre-written ACLs from Cisco Connection Online.
B. You can enter an ACL once, in Cisco Secure ACS, and then have it downloaded to any number of PIX Firewalls during user authentication.
C. You can create all ACLs on one PIX Firewall and distribute them to other PIX Firewalls by using the download command on the receiving PIX Firewall or the upload command on the sending PIX Firewall.
D. You can enter an ACL once in Cisco Secure ACS, and then have it downloaded to no more than 100 PIX Firewalls during authorization.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 81
When are duplicate objects allowed in object groups?
A. when they are due to the inclusion of group objects
B. when a group object is included, which causes the group hierarchy to become circular
C. never
D. always, because there are no conditions or restrictions

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Why is the group tag in the aaa-server command important?
A. The aaa command references the group tag to know where to direct authentication, authorization, or accounting traffic.
B. The group tag identifies which users require authorization to use certain services.
C. The group tag identifies which user groups must authenticate.
D. The group tag enables or disables user authentication services.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What is the purpose of the command ip local pool MYPOOL 10.0.0.20-10.0.0.29?
A. to designate a pool of IP addresses for NAT
B. to designate a pool of IP addresses that will dynamically be assigned to PPPoE clients
C. to designate a pool of IP addresses that will be dynamically assigned to DHCP clients
D. to designate a pool of IP addresses that will be dynamically assigned to VPN clients via IKE mode configuration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which statements about ACLs are true? Choose two.
A. By default, all access in an ACL is permitted.
B. Using the access-group command creates ACL entries.
C. For traffic moving from a lower security level interface to a higher security level interface, the
destination host must have a statically mapped address.
D. For traffic moving from a higher security level interface to a lower security level interface, the source address argument of the ACL command is the translated address of the host or network.
E. For traffic moving from a lower security level interface to a higher security level interface, the source address argument of the ACL command is the global IP address assigned in the static command.
F. For traffic moving from a lower security level interface to a higher security level interface, the destination address argument of the ACL command is the global IP address assigned in the static command.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which commands configure the PIX Firewall’s PPPoE client?
A. only vpdn group, vpdn username, and ip address pppoe
B. only vpngroup and vpnusername
C. only vpdn group and interface pppoe
D. only vpngroup and ip address pppoe

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which transform sets are pre-defined by PDM? Choose two.
A. AH-SHA-HMAC
B. ESP-DES-MD5
C. ESP-3DES-SHA
D. AH-MD5_HMAC
E. AH-DES-MD5
F. nat 0 match acl

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which statement about AH and ESP security protocols is true?
A. Each can be used alone or in conjunction with the other.
B. You must choose one or the other. They cannot be used together.
C. They must be used together.
D. If you need data encryption, data authentication, and replay-detection, you must use both.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 88
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
The XYZ Corporation security manager wants the easy VPN remote office PIX Firewall, PIX1, to authenticate itself with ACS server, ACS1, at the central site before a VPN tunnel is established. As the network administrator, at which location and what command should be enter to enable remote PIX device authentication? (Choose two.)

A. vpnclient oxford unit-authentication
B. vpngroup oxford secure-unit-authentication
C. vpngroup oxford network-extension-mode ACS1
D. configure at PIX1
E. configure at PIX2

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which object group types can be created in the PIX Firewall? Choose three.
A. icmp-type
B. service
C. server host
D. ACL out
E. DHCP
F. protocol

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
After reviewing the above network diagram, which command should an administrator use to map the www server on the DMZ to a static address on the outside network, 192.168.6.9?

A. pix1 (config)# static (dmz,outside) 172.26.26.50 192.168.6.9
B. pix1 (config)# static (outside,dmz) 192.168.6.9 172.26.26.50
C. pix1 (config)# static (dmz,outside) 192.168.6.9 172.26.26.50
D. pix1 (config)# static (outside,dmz) 172.26.26.50 192.168.6.9

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which must you do to enable hosts behind the PIX Firewall to receive multicast transmissions? Choose two.
A. Use the igmp join-group command to configure the PIX Firewall to join a multicast group.
B. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast safe mode.
C. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast promiscuous mode.
D. Use the igmp forward command to enable IGMP forwarding on each PIX Firewall interface connected to hosts that will receive multicast transmissions.
E. Use the permit option of the access-list command to configure an ACL that allows traffic to permissible Class D destination addresses.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 94
For added security, the network manager wants PCs on the inside network at the remote office to authenticate with an ACS server, ACS1, at the central site before allowing these individuals PCs to access a VPN tunnel. As the network administrator, at which location and what commands should they enter to force remote PC users to authenticate before allowing them access to a VPN tunnel? (Choose two.)

A. vpngroup oxford user-authentication vpngroup oxford authentication-server ACS1
B. Configured at PIX1
C. Configured at PIX2
D. vpngroup oxford individual-user-authentication ACS1
E. vpngroup oxford mode network-extension-mode vpngroup oxford authentication-server ACS1

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which is likely to cause standard failover via the special serial cable not to work? Choose two.
A. The two PIX Firewalls are running different versions of software.
B. The hardware models are the same.
C. The secondary PIX Firewall has not been properly configured as a secondary PIX Firewall.
D. The secondary PIX Firewall has a 3DES license.
E. The hardware models are different.
F. The standby PIX Firewall has not yet replicated its configuration to the primary PIX Firewall.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 96
To configure the PIX Firewall to forward multicast transmissions from an inside source, which steps are necessary? Choose two.
A. Use the igmp join-group command to enable the PIX Firewall to forward IGMP reports.
B. Use the igmp forward command to enable multicast forwarding on each PIX Firewall interface.
C. Use the multicast interface command to enable multicast forwarding on each PIX Firewall interface.
D. Use the route command to create a static route from the transmission source to the next-hop router interface.
E. Use the mroute command to create a static route from the transmission source to the next-hop router interface.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
drag drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 98
What PIX Firewall feature simplifies the integration of two existing networks that use overlapping IP address spaces?
A. NAT 0
B. inside NAT
C. outside NAT
D. expanded NAT

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 99
The PIX Firewall logs information about packets, such as source and destination IP addresses, in the stateful session flow table. When does this happen?
A. each time it is reloaded
B. each time a TCP or UDP outbound connection attempt is made
C. only when a TCP inbound or outbound connection attempt is made
D. each time a TCP or UDP inbound or outbound connection attempt is made

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Which statement about license keys for PIX Firewalls is true?
A. License keys are specific to the PIX Firewall software versions.
B. License keys exist for the PIX Firewall 515E software version only.
C. License keys are not specific to a particular PIX Firewall software version.
D. License keys are not required for any of the PIX Firewall software versions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which component of the PIX MC selects devices or groups for configuration through the configuration tab?
A. devices tab
B. object bar
C. activity bar
D. object selector

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
An administrator wants to add a comment about access-list aclin line 2. What command should they enter to accomplish this addition?

A. pix1(config)# access-list aclin line 1 remark partner server http access
B. pix1(config)# access-list aclin line 2 remark partner server http access
C. pix1(config)# access-list aclin line 1 comment partner server http access
D. pix1(config)# access-list aclin line 2 comment partner server http access

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 103
A user on the dmz is complaining that they can not gain access to the inside host via HTTP. After reviewing the network diagram and partial configuration, the network administrator determined the following:

A. The static (inside, dmz) command is not configured correctly.
B. The PIX is configured correctly; the issue is with the user’s PC.
C. The nat (dmz) command is missing.
D. The global (dmz) command is not configured correctly.
E. The dmzin access list is not configured correctly.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 104
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 105
You are creating a site-to-site VPN using IPSec between two PIX Firewalls. Which step is optional when configuring the crypto maps on the Firewalls?
A. Create a crypto map entry identifying the crypto map with a unique crypto map name and sequence number.
B. Specify which transform sets are allowed for this crypto map entry.
C. Specify a dynamic crypto map to act as a policy template where the missing parameters are later dynamically configured to match a peer’s requirements.
D. Assign an ACL to the crypto map entry.
E. Specify the peer to which IPSec-protected traffic can be forwarded.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Type the command that reboots the PIX Firewall
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 107
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

Flydumps Cisco 642-521 practice test is the best training materials. If you are an IT staff, it will be your indispensable training materials. Do not take your future betting on tomorrow. Flydumps Cisco 642-521 practice test are absolutely trustworthy. We are dedicated to provide the materials to the world of the candidates who want to participate in IT exam. To get the Cisco 642-521 exam certification is the goal of many IT people & Network professionals. The pass rate of Flydumps is incredibly high. We are committed to your success.

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take

Cisco 642-521 Practice, Download Latest Cisco 642-521 PDF Dumps On Our Store

New VCE and PDF– If you want to pass Cisco 642-521 exam successfully,do not miss to test Cisco latest Cisco 642-521 brain dumps.All Cisco 642-521 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.

QUESTION 51
The graphic shows a partial configuration. An account manager (AM) at a small site wants to access the boston_sales.cisco.com server. The account manager knows the name, but not the IP address of the server. The AM’s PC requests DNS resolution of the inside web server address from a DNS server on an outside network. To enable the PIX Firewall to perform a DNS A record translation correctly for the above mentioned application, the DNS key word should be added to which of the above mentioned commands?

A. Nat command
B. Global command
C. Access-list command
D. Static command

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You installed PDM on a PIX Firewall with an existing configuration. You notice that you have access only to the monitoring tab. What is the most likely cause of this problem?
A. You are running PDM on a software image earlier than 6.0.
B. You have a command in your configuration that PDM does not support.
C. You have not specified the host or network authorized to initiate an HTTP connection to the PIX Firewall.
D. You installed a corrupt pdmxx.bin file.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What protocol does the PIX MC use to communicate with the PIX Firewall?
A. HTTP
B. SSH
C. HTTPS
D. SNMP

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 55
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which statement about authentication and the PIX Firewall is true?
A. One network cannot authenticate with both TACACS+ and RADIUS.
B. One network can authenticate with both TACACS+ and RADIUS.
C. If any network connected to your PIX Firewall authenticates with RADIUS, all other networks must use RADIUS for authentication.
D. If any network connected to your PIX Firewall authenticates with TACACS+, any other networks that use authentication and connect to the PIX Firewall must also use TACAS+.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which statements about the PIX Firewall’s PAT feature are true? Choose three.
A. It maps TCP port numbers to a single IP address.
B. It cannot be used with NAT.
C. It provides security by hiding the outside source address, using a global IP address from the PIX Firewall.
D. A PAT address can be a virtual address, different from the outside address.
E. It provides security by hiding the inside source address, using a single IP address from the PIX Firewall.
F. The IP address of a PIX Firewall interface cannot be used as the PAT address.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which statements about intrusion detection in the PIX Firewall are true? Choose two.
A. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored unless you disable them.
B. Only the signatures you enable will be monitored.
C. The PIX Firewall supports only inbound auditing.
D. IP audit policies must be applied to an interface with the ip audit interface command.
E. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored and cannot be disabled until you remove the policy from the interface.
F. IP audit policies must be applied to an interface with the ip audit signature command.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Identify a problem with packet-filtering firewalls.
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. It is difficult to add new services to the firewall.
C. Packets cannot pass through the filter by being fragmented.
D. Packets can pass through the filter by being fragmented.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which two commands can be used to enable SYN Flood Guard? Choose two.
A. alias
B. nat
C. static
D. synflood

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 64
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 65
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 66
What is the function of the support tool in the PIX MC?
A. to allow technical support to remotely administer the PIX MC
B. to show available support options for the PIX MC
C. to create a file that captures information about the PIX MC
D. to place the PIX MC in safe mode so you can troubleshoot it

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which type of downloadable ACLs are best when there are frequent requests for downloading a large ACL?
A. named ACLs
B. unnamed ACLs
C. dynamic ACLs
D. static ACLs

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which statement about authorization and the PIX Firewall is true?
A. The PIX Firewall supports downloadable ACLs using RADIUS.
B. The PIX Firewall does not support per-user authorization.
C. The PIX Firewall does not support TACACS+ authorization.
D. The PIX Firewall supports downloadable ACLs using TACACS+.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
How do you configure the PIX Firewall to protect against SYN floods?
A. Use the emb_conns argument to limit the number of fully opened connections.
B. Set the max_conns option in the nat command to less than the server can handle.
C. Set the emb_limit option in the name command to less than the server can handle.
D. Set the emb_limit option in the static command to less than the server can handle.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
An IT professional at the DEF Corporation asked the corporation’s PIX Firewall administrator if a user on the inside network could access two sites on the Internet and present two different source IP addresses. When accessing an FTP server, the source IP address is translated to 192.168.0.9. When accessing a web server, the source address is translated to 192.168.0.21. The PIX Firewall administrator could accomplish this application by completing which of the following tasks?

A. Configure NAT and global commands.
B. Configure NAT 0 access-list and global commands.
C. Configure outside NAT and global commands.
D. Configure NAT access-list and global commands.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Both PDF and software format demos for Cisco 642-521 exam dumps are offered by Flydumps for free.You can try Cisco 351-080 free demo before you decide to buy the full version practice test.Cisco 642-521 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-521 dumps will not only help you pass in one attempt,but also save your valuable time.

Cisco 642-513 PDF, Prepare for the Cisco 642-513 Practice Exam Covers All Key Points

Flydumps Cisco 642-513 exam material details are researched and created by the Most Professional Certified Authors who are regularly using current exams experience to create precise and logical dumps.You can get questions and answers from many other websites or books,but logic is the main key of success,and Flydumps will give you this key of success.

QUESTION 30
An agent kid was built on a Certkiller CSA, MC. How can this Agent kit be sent out to host machines?
A. Via a URL that is e-mailed to clients
B. Via a TFTP server
C. Via an FTP server
D. Via a Telnet server
E. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference: Once you build an agent kit on CSA MC, you deliver the generated URL, via email for example, to end users so that they can download and install the Cisco Security Agent. They access the URL to download and then install the kit. This is the recommended method of agent kit distribution. But you may also point users to a URL for the CiscoWorks system. This URL will allow them to see all kits that are available. That URL is: https://<ciscoworks system name>/csamc50/kits If you are pointing users to the “kits” URL and you have multiple agent kits listed here, be sure to tell users which kits to download. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_installation_guide_chapter09186a00805ae b
QUESTION 31
A new group has been created in which some Certkiller hosts need to be moved to. Which action must be taken before a host can enforce rules when it has been moved to a new group?
A. Save
B. Generate rules
C. Deploy
D. Clone
E. Write to memory

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Once you have configured a policy and attached it to a new group, you need to distribute the policy to the
agents that are part of this new group. We do this by first generating our rule programs.
Click Generate rules in the bottom frame of CSA MC. All pending database changes ready for distribution
appear.
If everything looks okay, you can click the Generate button that now appears in the bottom frame. This
distributes your policy to the agents.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_installation_guide_chapter09186a00805ae b

QUESTION 32
The Certkiller CSA administrator is building agent kits for distribution. Which two items make up Agent kits? (Choose two)
A. Groups
B. Hosts
C. Policies
D. Rules
E. Network shim

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: Host groups reduce the administrative burden of managing a large number of agents. Grouping hosts together also lets you apply the same policy to a number of hosts. A group is the only element required to build Cisco Security Agent kits. When hosts register with CSA MC, they are automatically put into their assigned group or groups. Once hosts are registered you can edit their grouping at any time. Once this is accomplished you can configure some policies and distribute them to installed and registered Cisco Security Agents. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_installation_guide_chapter09186a00805ae b
QUESTION 33
How can you configure a Certkiller host to poll in to the Certkiller CSA MC before its scheduled polling interval; using the CSA MC?
A. Click the Poll button on the Agent UI
B. Choose the Poll Now button on the CSA MC
C. Choose the Send Polling Hint option in the CSA MC
D. Enter a polling interval in the appropriate box on the CSA MC

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Hosts poll into CSA MC to retrieve policies. You can shorten or lengthen this polling time in the Group
configuration page. You can also send a hint message to tell hosts to poll in before their set polling interval.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_installation_guide_chapter09186a00805ae b

QUESTION 34
A new agent kit was created in the Certkiller CSA network, and needs to be downloaded to end users. What status is shown when an Agent kit is prepared for downloading to hosts?
A. Prepared
B. Ready
C. Needs rule generation
D. Complete
E. None of the above

Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: Agent Kit Status When you create an agent kit, it is given one of three status levels based on how far into the configuration you’ve progressed. Those status levels are as follows: Ready: This means the agent kit is ready for download to host systems. Needs rule generation: This means that all agent kit configuration parameters are complete, but you must generate rules before the kit can be downloaded. Incomplete: This means that you have not configured all the necessary parameters for this agent kit. You must complete the configuration and then generate rules before the kit can be downloaded. Undeployable: This status will only occur if you have ungenerated kits on the MC and then you upgrade the MC to a newer version. Agent kits that were created but never generated and have an old version number can never be deployed and should be deleted. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 35
Software updates are available for numerous Certkiller users. Which operating system does not receive a notification window when a software update is available from the CSA MC?
A. Linux
B. Windows
C. HPUX
D. Solaris
E. All of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The status window of the agent user interface can provide end users with all of the following: The host name of the machine on which this agent is installed. The name of the CSA MC with which this agent is registered. The date and time the agent registered with CSA MC. The date and time when the agent last polled in to CSA MC (data is not downloaded each time the agent polls). The date and time the agent last downloaded data from CSA MC. Lets users know if there is a software version update available for their agent. Note: The Cisco Security Agent user interface appearance and functionality is the same on all Windows and Linux platforms. However, The Cisco Security Agent user interface does not run on Solaris systems. The Solaris agent has a utility (csactl) to provide some of the capabilities that the Windows and Linux agents provide in their user interface. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 36
A Certkiller host is trying to download policies from the CSA MC. What action must happen before a system that has CSA can download policies configured for it?
A. The system must be rebooted
B. The system must install Agent kits
C. The system must be polled by the CSA MC
D. The system must register with the CSA MC
E. All of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The CSA MC architecture model consists of a central management center which maintains a database of policies and system nodes, all of which have Cisco Security Agent software installed on their desktops and servers. Agents register with CSA MC. CSA MC checks its configuration database for a record of the system. When the system is found and authenticated, CSA MC deploys a configured policy for that particular system or grouping of systems. There are several elements you must configure to create policies that are distributed to the agents. First, you must configure host groups and create Cisco Security Agent kits. After the agents are installed on systems throughout your network, they register with CSA MC. Then, they are automatically placed into their assigned groups. When you generate rules, agents receive the policies intended for them. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 37
The Certkiller security administrator is in the process of naming a policy in the MC. What is the maximum number of characters that a policy name can contain?
A. 24
B. 32
C. 48
D. 64
E. 128

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The policy name is a unique name for this group of hosts. Names are case insensitive, must start with an
alphabetic character, can be up to 64 characters long and can include alphanumeric characters, spaces,
and underscores.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_installation_guide_chapter09186a00805ae b

QUESTION 38
A sniffer and protocol detection rule has been configured in the Certkiller CSA network. What is the purpose of this sniffer and protocol detection rule?
A. to stop sniffers from running on a network
B. to allow sniffers to run on a network
C. to cause an event to be logged when non-IP protocols and sniffer programs are detected running on systems
D. to deny non-IP protocols and sniffer programs from running on systems
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the Sniffer and protocol detection rule to cause an event to be logged when non-IP protocols and
packet sniffer programs are detected running on systems. Non-IP protocols, such as IPX, AppleTalk, and
NetBEUI, are used to provide distributed computing workgroup functions between server and clients and/
or sharing between peer clients.
A packet sniffer (also controlled by this rule type) is a program that monitors and analyzes network traffic.
Using this information, a network manager can troubleshoot network problems. A sniffer can also be used
illegitimately to capture data being transmitted on a network. Sensitive information such as login names

and passwords can be extracted from this data and used to break into systems. The Sniffer and protocol detection rule is a monitoring tool. By adding this rule to a policy, you are causing an event to be logged when any non-IP protocols and packet sniffer programs are detected running on systems which receive this rule. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 39
Connection rate rules are in place within the Certkiller CSA network. What is the purpose of these connection rate limit rules?
A. To limit the number of connections to an application
B. To limit the number of calls to the kernel in a specified time frame
C. To limit the number of network connections within a specified time frame
D. To limit the number of malformed connection requests to a web server
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the connection rate limit rule to control the number of network connections that can be sent or
received by systems within a specified time frame. This is useful in preventing attacks aimed at bringing
down system services, for example, denial of service attacks (server connection rate limiting). This is also
useful in preventing the propagation of denial of service attacks (client connection rate limiting).
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
prod_release_note09186a008019b760.html#65518

QUESTION 40
If a Solaris or Windows system is not rebooted after CSA installation, which three rules are only enforced when new files are opened, new processes are invoked, or new socket connections are made? (Choose three)
A. COM component access rules
B. Network shield rules
C. Buffer overflow rules
D. Network access control rules
E. File access control rules
F. Demand memory access rules

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
Explanation: If a system is not rebooted following the agent installation, the following functionality is not immediately available. (This functionality becomes available the next time the system is rebooted.) Windows agents: Network Shield rules are not applied until the system is rebooted. Network access control rules only apply to new socket connections. Network server services should be stopped and restarted for full network access control security without a system reboot. Data access control rules are not applied until the web server service is restarted. Solaris and Linux agents, when no reboot occurs after install, the following caveats exist Buffer overflow protection is only enforced for new processes. File access control rules only apply to newly opened files. Data access control rules are not applied until the web server service is restarted. At this time, the agent automatically and transparently registers with CSA MC.
Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 41
The Certkiller security administrator is ready to deploy CSA configurations to the Certkiller hosts. Which action do you take when you are ready to deploy your CSA configuration to systems?
A. Select
B. Clone
C. Deploy
D. Generate rules
E. Push

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Generate Rule Programs:
After a policy has been configured and attached to a group that was created, the next task is to distribute
the policy to the agents that are part of the group. We do this by first generating our rule programs. Once
you click the Make Kit button and generate rules, CSA MC produces a kit for distribution
Click Generate rules in the bottom frame of CSA MC. All pending database changes ready for distribution
appear.
If everything looks okay, you can click the Generate button that now appears in the bottom frame. This
distributes your policy to the agents.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_installation_guide_chapter09186a00805ae b

QUESTION 42
Rules are being created for the Certkiller CSA network environment. Which three items make up rules? (Choose three)
A. Variables
B. Applications
C. Application classes
D. Rule modules
E. Policies
F. Actions

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
Explanation: A policy is a collection of rule modules. A rule module is a collection of rules. The rule module acts as the container for these rules while the policy serves as the unit of attachment to groups. Machines with similar security needs are grouped together and assigned one or more policies that specifically target the needs of the group. Rules are made up of variables, application classes, and actions. You use configuration variables to help build the rules that form your policies. Using variables makes it easy for you to maintain policies by letting you make any necessary modifications in one place and having those changes instantiated across all rules and policies. Access control rules are application-centric. The application classes, those shipped with CSA MC and the ones you configure yourself, are the key to the rules you build as part of your security policies. Incorrect Answers:
B: Application classes are used in the creation of rules, not the applications themselves.
D: Rule modules consist of one or more rules. Rules make up rule modules, not the other way around.
E: Rules are used to create policies, not the other way around.
QUESTION 43
The Certkiller CSA network uses both Windows and UNIX stations. Choose three types of rules that apply to both Windows and UNIX systems (Choose three)
A. Agent service control rules
B. Agent UI control rules
C. Application control rules
D. COM component access control rules
E. File version control rules

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Explanation: The following rule types are available for both Windows and UNIX policies. Agent Service Control Use the Agent service control rule to control whether administrators are allowed to stop agent security and whether end users can disable security via the agent UI security slide bar. Agent UI Control Use the Agent UI rule to control how the agent user interface is displayed to end users. In the absence of this rule, end users have no visible agent UI. If this rule is present in a module, you can select to display the agent UI and one or more controls to the end user. These controls give the user the ability to change certain aspects of their agent security. Application Control Use Application control rules to control what applications can run on designated agent systems. This rule type does not control what application can access what resources as do other access control rules. This rule type can stop selected applications from running on systems. If you deny an application class (in total) in this rule, users cannotuse any application in that class. With this rule, you can also prevent an application from running only if that application was invoked by another application you specify. This way, you could prevent a command prompt from running on a system if it is invoked by an application that has downloaded content from the network. Connection Rate Limit Use the connection rate limit rule to control the number of network connections that can be sent or received by applications within a specified time frame. This is useful in preventing attacks aimed at bringing down system services, e.g. denial of service attacks (server connection rating limiting). This is also useful in preventing the propagation of denial of service attacks (client connection rate limiting). Data Access Control Use data access control rules on Web servers to detect clients making malformed web server requests where such requests could crash or hang the server. A malformed request could also be an attempt by an outside client to retrieve configuration information from the web server or to run exploited code on the server. This rule detects and stops such web server attacks by examining the URI portion of the HTTP request. File Access Control Use file access control rules to allow or deny what operations (read, write) selected applications can perform on files. You should understand that file protection encompasses read/write access. Directory protection encompasses directory deletes, renames, and new directory creation. Network Access Control Use network access control rules to control access to specified network services and network addresses. You can also use this rule type to listen for applications attempting to offer unknown or not sanctioned services. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 44
Data Access Control Rules are being configured in the Certkiller CSA MC. Which portion of an HTTP request is examined by data access control rules?
A. The TCP header
B. The UDP header
C. The URI portion of the request
D. The URL portion of the request
E. The HTTP payload

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Use data access control rules on Web servers to detect clients making malformed web server requests where such requests could crash or hang the server. A malformed request could also be an attempt by an outside client to retrieve configuration information from the web server or to run exploited code on the server. This rule detects and stops such web server attacks by examining the URI portion of the HTTP request. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 45
Network access control rules have been implemented in the Certkiller CSA network. What is the purpose of network access control rules?
A. To control access to network services
B. To control access to network addresses
C. To control access to both network services and network addresses
D. To control access to networks
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Use network access control rules to control access to specified network services and network addresses.
You can also use this rule type to listen for applications attempting to offer unknown or not sanctioned
services.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 46
Which two of the following file access rule criteria can you use to allow or deny the operations that the selected applications can perform on files within the Certkiller network? (Choose two)
A. The application attempting to access the file
B. The application attempting to access the service or address
C. The operation attempting to act on the file
D. The direction of the communications
E. The address with which a system is attempting to communicate

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Use file access control rules to allow or deny what operations (read, write) selected applications can
perform on files. You should understand that file protection encompasses read/write access. Directory
protection encompasses directory deletes, renames, and new directory creation.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 47
Network access rules have been implemented into the Certkiller CSA network. Which two of the following network access rules can you use to control access to specified network services? (Choose two)
A. The application attempting to access the file
B. The application attempting to access the service or address
C. The operation attempting to act on the file
D. The direction of the communications

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
Use network access control rules to control access to specified network services and network addresses.
You can also use this rule type to listen for applications attempting to offer unknown or not sanctioned
services.
From the pulldown menu in the CSA MC, select server, client, client or server, or listener (for more
information on the listener option) depending on the direction or type of connection you are controlling or
listening for. Select one or more preconfigured application classes here to indicate the application(s)
whose access to the listed services and addresses you want to exercise control over.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 48
CSA rules need to be applied to the Certkiller windows stations. Which two types of rules apply to Windows systems only? (Choose two)
A. Agent service control rules
B. Clipboard access control rules
C. Agent UI control rules
D. COM component access control rules
E. Data access control rules

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Windows Only Rules The following rules are only available for Windows Rule Modules. Clipboard Access Control Use the clipboard access control rule to dictate which applications can access information that is written to the clipboard. When writing security policies, you may want to protect information from being accessed by other applications or network processes. To fully protect this information, you must consider preventing other applications from accessing protected information that may have been written to the clipboard. COM Component Access Control Use COM component access control rules to allow or deny applications from accessing specified COM components. COM is the Microsoft Component Object Model, the technology that allows objects to interact across process and machine boundaries as easily as within a single process. Each of the Microsoft Office applications (Word, Excel, Powerpoint, etc.) exposes an “Application” COM component which can be used to create macros or utility scripts. While this is useful functionality, it can be used maliciously by an inadvertently downloaded Visual Basic script. File Version Control Use the File version control rule to control the software versions of applications users can run on their systems. For example, if there is a known security hole in one or more versions of a particular application, this rule would prevent those specific versions from running, but would allow any versions not included in this rule to run unimpeded. Kernel Protection Use the Kernel protection rule to prevent unauthorized access to the operating system. In effect, this rule prevents drivers from dynamically loading after system startup. You can specify exceptions to this rule for authorized drivers that you are allowing to load any time after the system is finished booting. NT Event Log Use the NT Event log rule to have specified NT Event Log items appear in the CSA MC Event Log for selected groups. Registry Access Control Use registry access control rules to allow or deny applications from writing to specified registry keys. Service Restart Use the Service restart rule to have the agent restart Windows NT services that have gone down on a system or are simply not responding to service requests. Sniffer and Protocol Detection Use the Sniffer and protocol detection rule to cause an event to be logged when non-IP protocols and packet sniffer programs are detected running on systems. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 49
Many of the Certkiller workstations are UNIX based and CSA rules need to be created for them. Which two types of rules are UNIX-only rules?
A. Network interface control rules
B. COM component access control rules
C. Connection rate limit rules
D. File access control rules
E. Rootkit/kernel protection rules

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation: UNIX Only Rules: The following rules are only available for UNIX Rule Modules. Network Interface Control Use the Network interface control rule to specify whether applications can open a device and act as a sniffer (promiscuous mode). A packet sniffer is a program that monitors and analyzes network traffic. Using this information, a network manager can troubleshoot network problems. A sniffer can also be used illegitimately to capture data being transmitted on a network. Sensitive information such as login names and passwords can be extracted from this data and used to break into systems. Resource Access Control Use the Resource access control rule to protect systems from symbolic link attacks. In this type of attack, an attacker attempts to determine the name of a temporary file prior to its creation by a known application. If the name is determined correctly, the attacker could then create a symbolic link to the target file for which the user of the application has write permissions. The application process would then overwrite the contents of the target file with its own output when it tries to write the named temporary file. Rootkit/ kernel Protection Use the Rootkit / kernel protection rule to control unauthorized access to the operating system. In effect, this rule controls drivers attempting to dynamically load after boot time. You can use to this rule to specify authorized drivers that you are allowing to load any time after the system is finished booting. Syslog Control
Use the Syslog control rule to have specified Solaris and Linux Syslog items appear in the CSA MC Event
Log for selected groups.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 50
The rootKit/kernel protection rule is being utilized in the Certkiller CSA network. What is the purpose of this rootkit/ kernel protection rule?
A. To restrict access to the operating system
B. To log access to the operating system
C. To restrict user access to the operating system
D. To restrict administrator access to the operating system
E. All of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the Rootkit / kernel protection rule to control unauthorized access to the operating system. In effect,
this rule controls drivers attempting to dynamically load after boot time. You can use to this rule to specify
authorized drivers that you are allowing to load any time after the system is finished booting.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 51
The Certkiller CSA network utilizes the network interface control rule. What is the purpose of this rule?
A. To prevent applications from opening devices and acting as a sniffer
B. To provide protocol stack hardening rules
C. To prevent users from opening devices that can act as a sniffer
D. To provide filtering of undesired traffic at the network interface level
E. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Use the Network interface control rule to specify whether applications can open a device and act as a sniffer (promiscuous mode). A packet sniffer is a program that monitors and analyzes network traffic. Using this information, a network manager can troubleshoot network problems. A sniffer can also be used illegitimately to capture data being transmitted on a network. Sensitive information such as login names and passwords can be extracted from this data and used to break into systems. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 52
The Agent UI rule is used to control how the agent user interface is displayed to end users. What action is taken on user query windows when the Agent UI is not present on a system?
A. The default action is always taken
B. All actions are denied
C. All actions are allowed
D. All actions are allowed and logged
E. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
When there is no agent UI present, there are no query user pop-up boxes displayed. The default is
immediately taken on all query user rules and heuristics that are present in the assigned polices. (Note that
this does not apply to cases where the end user manually exits the agent UI. Only the administrator
controlled agent UI rule can affect query pop-up displays on the end user system.)
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 53
The system API rule is being used in the Certkiller CSA network. For which operating system is the system API control rule available?
A. OS2
B. Windows
C. Linux
D. Solaris
E. None of the above.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The System API control rule detects several forms of malicious programming code that is installed on a system by an unsuspecting user either thinking that he or she is running some other type of program, or as a result of some other activity such as reading an attachment to an email message. Once installed, these malicious programs (for example, Trojans) may allow others to access and virtually take over a system across the network. Other errant programs may be set up to automatically send mail messages or other types of network traffic (including system passwords) while the system owner is unaware of what is occurring. Note: Although the system API rule is common to Windows and Unix systems, this rule type is not available for UNIX policies. The system API rule is for Windows only. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 54
New rules were applied to a Certkiller workstation, but the station has not yet been rebooted. Which rules will not be enforced if you fail to reboot a Windows system following installation of the CSA?
A. Network access control rules
B. Buffer overflow rules
C. COM component access control rules
D. Network shield rules
E. None of the above

Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation:
If a system is not rebooted following the agent installation, the following functionality is not immediately
available. (This functionality becomes available the next time the system is rebooted.)
Windows agents:
Network Shield rules are not applied until the system is rebooted. Network access control rules only apply
to new socket connections. Network server services should be stopped and restarted for full network
access control security without a system reboot.
Data access control rules are not applied until the web server service is restarted.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_installation_guide_chapter09186a00805ae b

QUESTION 55
The network shield rule is being applied to devices within the Certkiller CSA network. For which operating system is the network shield rule available?
A. OS2
B. Windows
C. Linux
D. Solaris
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Network shield rule provides network protocol stack hardening capabilities. The features available
here require that the network shim be enabled on an agent system. If the network shim is not enabled,
these rules have no effect when applied. This rule only applies to Windows based operating systems.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 56
Numerous UNIX stations exist on the Certkiller LAN that have been prone to buffer overflow attacks. Which three of these does the buffer overflow rule detect on a UNIX operating system, based on the type of memory space involved? (Choose three)
A. Location space
B. Stack space
C. Slot space
D. Data space
E. Heap space
F. File space

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
Explanation: A buffer overflow is what happens when two conditions are met: Firstly, an application is coded in a manner such that it trusts that all users of that application will provide the application with reasonable and expected data. Secondly, the application is provided larger quantities of data than it is capable of correctly handling. When these events come together, an application can behave in unexpected and unintentional ways. For applications with special privileges, this can result in external users gaining access to machine resources and privileges which they normally would not be able to acquire. In other words, a hostile, network-based attack on a privileged, trusted application via buffer overflows can result in undesirable
parties gaining access to your system. In the case of UNIX operating systems, there are three distinct
types of buffer overruns which can occur, based upon the type of memory space involved: stack, data, and
heap.
Stack space is used to store data and information which is local to the piece of code currently being
executed in an application, and contains stored away control flow information for the application.
Data space is used to store data with fixed sizes which needs to be shared among different parts of an
application. Often, content in data space has been given initial values.
Heap space is dynamically given out to applications, with the intent that it is relatively short-lived, of varying
size based upon the input datasets, and is frequently visible to numerous sub-components of an
application.
Note:
This rule is UNIX specific. Some corresponding Windows functionality is available from the System API
control rule page.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 57
The Certkiller security administrator is viewing investigation reports generated by the CSA MC. When should you use preconfigured application classes for application deployment investigation?
A. Never
B. Always
C. Only for specific applications
D. Only when applications require detailed analysis

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Application Deployment Investigation is mainly comprised of the reporting capabilities it provides once all the data is collected. You can organize the gathered data in various manners to provide information on how your enterprise operates, the resources that are accessed, resource and application usage time frames, and a great deal more. In turn, this data can inform the crafting of your policies while you create a more secure environment for all your users to operate within. While you cannot configure what types of information you collect using deployment investigation (including the use of preconfigured application classes) you can organize the information that is gathered in various ways. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 58
In the Certkiller Management Center, network address sets need to be configured. In which type of rules are network address sets used?
A. COM component access control rules
B. Connection rate limit rules
C. Network access control rules
D. File control rules
E. File access control rules

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Network Address Sets

Configure network address sets for use in network access control rules to impose restrictions on specified
IP addresses or a range of addresses. Once configured, you can simply enter the name of the address set
in any network access control rules you create.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 59
The Certkiller security manager has configured file sets for use in the Certkiller CSA network. In which type of rules are file sets used?
A. COM component access control rules
B. Resource access control rules
C. File version control rules
D. File access control rules
E. All of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Configure file sets for use in file access control rules and application classes. File sets are groupings of
individual files and directories under one common name. This name is then used in rules that control
directory and file permissions and restrictions. All the parameters that exist under that name are then
applied to the rule where the name is used.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 60
Agent kits are being built on the Certkiller MC to be installed on user stations. What can you optionally install when you choose the Quiet Install option when creating a new Windows Agent kit?
A. The Agent kit shim
B. The protocol shim
C. The network shim
D. The policy shim
E. All of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: In some circumstances, you may not want users to enable the network shim on their systems as part of the agent installation. (Note that the network shim is not optional on UNIX systems.) For example, if users have VPN software or a personal firewall installed on their systems, the network shim’s Portscan detection, SYN flood protection, and malformed packet detection capabilities may be in conflict with VPNs and personal firewalls. (There are no conflicts with the Cisco VPN client.) If you check the Quiet install checkbox when you make kits, you can also select whether the network shim is installed as part of the Quiet install process. To allow users to select whether or not to install the network shim themselves, you would create kits as non-quiet installations. (Do not select the Quiet install checkbox.) This way, users are prompted to enable the network shim during the agent installation.
QUESTION 61
In the Certkiller CSA network, variables are used in the rule sets. Which of the following are types of variables used for CSA? (Choose three)
A. Global sets
B. File sets
C. API sets
D. Data sets
E. Network address sets

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
Explanation:
The diagram below displays how variables relate to access control rules. In the diagram, variables (Event
Sets, Query Settings, File Sets, Network Address Sets, Network Services, Registry Sets, COM Component
Sets, and Data Sets) are shown on the left and the rule types they can be applied to are shown on the
right.
Variable Use in Rules:
Note:
Using variables is optional (note that Application Classes are included in this diagram, but they are not
optional). Nearly all the information used in variable configurations can also be entered directly into
corresponding rule configuration fields. Variables are simply a tool meant to simplify the creation of rules,
especially if the same configurations are used in multiple rules.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 62
Access Control rules are being configured for use in the Certkiller CSA network so that query user options can be used. Which operating system does not allow Query User options?
A. OS2
B. Windows
C. Linux
D. Solaris
E. HPUX

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: When you create access control rules, beyond simply allowing or denying a specific action, you can select to query the user when an action triggers the rule in question. The user can then decide to allow the action, deny it, or terminate the process at that time. When you select to query the user, you are also crafting explanation text to display to the user and whether to allow, deny, or terminate the action by default if the query is not answered within 5 minutes. If the user is not logged in to the system, the default action is taken immediately. Query configurations are a Variable setting which allows you to decide which radio button options are displayed in the pop-up query box, which action is the default, whether the answer given by the user is to be remembered, and what the query text to be displayed will be. For a Query setting, the response to the query is relevant to the question, not the resource. For example, if a File access control rule queries the user for a response and that identical query is also configured for a Network access control rule, the user is not queried again when the Network access control rule triggers. The query response from the previous File access control rule is automatically taken. Note: For Solaris rules, Query user options are not available. Instead, the default action is immediately taken. For Windows and Linux agents, agent settings (including user queries) are configurable by the administrator. If the agent UI is hidden for the group, there are no query user pop-up boxes displayed. The default is immediately taken on all query user rules and heuristics that are present in the assigned polices. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00804
QUESTION 63
The Certkiller security administrator is viewing the audit trail in the CSA MC. What is the purpose of the Audit Trail function?
A. To generate a report listing events matching certain criteria, sorted by event severity
B. To generate a report listing events matching certain criteria, sorted by group
C. To generate a report showing detailed information for selected groups
D. To display a detailed history of configuration changes
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Accessible from the Reports drop-down list in the menu bar, the Audit Trail page displays a list of changes
administrators have made to the CSA MC database. These changes are displayed according to the
following information:
The change itself.
The type of change (configuration category: policies, file sets, groups, and so on).
The date and time the change was made.
The administrator who made the change.
Click the Change Filter link to edit the audit trail viewing parameters according to the following:
Start date (enter date parameters using the same formats as in the Event Log).
End date.
The administrator who made the changes.
The change type (configuration category: policies, file sets, groups, and so on). The number of changes to
display per viewing page.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 64
The Certkiller security Administrator wants to view the most recent events on the CSA MC. Which view within the CSA MC allows users to see a continuously refreshed view of the most recently logged event records?
A. Event Log
B. Event Monitor
C. Event Sets
D. Event Alerts
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Similar to the Event Log, the Event Monitor, available from the Events category in the menu bar, lets you view system events provided by registered agents according to designated severity levels, and the host that generated the event. You can also enter the number of events to be displayed (default value is the last 50 events). Click the Change link to access a pop-up window from which you can edit these values and change the event filter. Unlike the Event Log page, the Event Monitor page automatically refreshes itself at set intervals. The event list is updated with the latest events each time the page refreshes. The footer of this page provides a Refresh button and a Pause button. Use the Refresh button to refresh the page immediately without waiting for the set refresh interval to occur. Use the Pause button to immediately stop the page from refreshing. The set refresh interval will then stop at wherever it is in the countdown. This pause feature is useful when you are testing policies and you want to mark a certain place as a starting point for receiving new events. When you click it, the Pause button becomes a Resume button. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/ products_configuration_guide_chapter09186a00805 a
QUESTION 65
The Certkiller security administrator is viewing the log files in the CSA MC. Which information is logged for file access control rules?
A. Port and direction
B. Registry key
C. Process path
D. PROGID/CLSID
E. All of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The CSA MC Event Log does not contain every occurrence of an event from a system. Duplicate events
are not logged for an hour after the first occurrence. The following information is logged for each rule type.
File access control logging-Process path and file names and file operation are logged. Network access
control logging-Process path, network address, port and direction are logged.
Registry access control logging-Process path and registry key are logged. COM component access control
logging-Process path and COM component PROGID/CLSID are logged.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 66
The Certkiller security administrator is viewing the logs in the CSA MC. What information is logged for registry access control?
A. Port and direction
B. Registry key
C. Registry access events
D. PROGID/CLSID
E. All of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
How Logging Works:
The CSA MC Event Log does not contain every occurrence of an event from a system. Duplicate events
are not logged for an hour after the first occurrence. The following information is logged for each rule type.
File access control logging-Process path and file names and file operation are logged. Network access
control logging-Process path, network address, port and direction are logged.
Registry access control logging-Process path and registry key are logged. COM component access control
logging-Process path and COM component PROGID/CLSID are logged.
A duplicate event is defined as follows:
For file access controls , the name of the application and the file being accessed are the same.
For network access controls, the name of the application, the remote address, and the network service
port are the same.
For registry access controls, the name of the application and the registry key name and value name are
the same.
For COM component access controls, the name of the application and the COM component PROGID or
CLSID are the same.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 67
The Certkiller CSA MC administrator wants to log all of the deny actions. When you choose the Log All Deny Actions option within a group, how are deny actions logged?
A. Deny actions are logged every 5 minutes
B. Deny actions are logged every 10 minutes
C. Every deny action is logged regardless of the specific rule settings
D. Only those deny actions that are configured within specific rules are logged
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Enable Log all deny actions to turn on logging for all deny rules running on hosts within the group
regardless of the individual rule settings for the policy attached to the group. You may wish to use this
feature to turn on all deny logging for diagnostic purposes.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00804

QUESTION 68
The Certkiller security administrator needs to view specific events in the CSA MC. Which view within the CSA MC allows users to see a view of event records based on filtering criteria such as time and severity?
A. Event Summary
B. Event Log
C. Event Monitor
D. Event Sets
E. Event Alerts

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Event Log view, available from the Events category in the menu bar, lets you view system events
provided by registered agents according to designated time frames, event severity levels, and the system
that generated the event. The information displayed at the top of the Event Log page (controlled by the
settings in the Change Filter window, see next section) tells you the following:
Filter by eventset: This displays the name of the Event Set, if any, used to filter the event log view.
or Define a filter with the following parameters:
Time range: This is the current time range set for the event log filter. Severity: This is the current minimum
and maximum severity range set for the event log filter.
Host: This displays which hosts have generated the events viewable in the event log (set as part of the
filter).
Rule Module: From the pulldown list, select a rule module to search for events generated by that module.
Rule ID: Enter the ID number for a rule to search for events generated by that rule. Events per page: This
is the current value set for the number of events displayed on each page of the event log (set as part of the
filter). Filter text: Enter a text string here to either include or exclude in your event message search.
Filter out similar events: When event filtering is enabled (it’s enabled by default), the event log displays an
aggregation of events.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

QUESTION 69
The Certkiller security administrator wants to view CSA events in the MC. Which view within the CSA MC allows users to see overall system status information, including a summary of recorded events, agent configuration, and activity?
A. Status Summary
B. Event Log
C. Event Monitor
D. Event Sets
E. Alerts
F. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Status Summary Status Summary-When you first login, the Status Summary view appears. This page supplies overall system summary information including recorded events and agent rule versions. You can access this page at any time by selecting it from the Events category in the menu bar. The various summary categories available from this page are as follows. Network Status By default, items in the Network Status category do not appear in the list if their number is 0. Simply expand the Network Status view to see all available status items. The status items listed here generally have to do with overall host statistics such as hosts that are not running with up-to-date software versions or the latest rule programs. You can view the number of hosts running in test mode or learn mode, etc. Additionally, the numbers that appear in this status section are clickable and take you to a list of the hosts that comprise that number. Most Active
Use the links available in the Most Active section to view the Hosts, Rules, Applications, or Rule/
Application pairs that have been the most active or triggered the most (logged the most events to the MC).
This information is useful to help you tune your policies for rules that are being tripped too often. This can
also alert you to common unwanted occurrences that may be triggering across your enterprise.
Additionally, you can purge the events that appear in these lists.
Event Counts Per Day
A colored graph displays the event log according to severity level. Click on a color in the graph to view
logged events of that severity level.
Database Maintenance
If there is an alert present in the Database Maintenance category, we recommend that you access the
Database Maintenance page from Maintenance in the menu bar and shrink the database.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
products_configuration_guide_chapter09186a00805 a

Our material on our site Cisco 642-513 is exam-oriented,keeping in view the candidates requirements and level of understanding.Cisco 642-513 materials are in the most popular and easy-to-use PDF version. You can use it on any devices with you anywhere.

New Updated Cisco 642-521 Exam Of Flydumps For Free Download

Do not worry about your Cisco 642-521 exam, Lead2pass now has published the new veriosn Cisco 642-521 exam dumps with more new added questions and answers, also you can free download Cisco 642-521 vce test software and pdf dumps on Flydumps.com.

Exam A
QUESTION 1
Which of the following is a problem with packet-filtering firewalls?
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented.
C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 18

Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-5

QUESTION 2
At which of the following stages will the PIX Firewall log information about packets, such as source and destination IP addresses, in the stateful session table?
A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made.
D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology maintains complete
session state. Each time a Transimission Control Protocol (TCP) or User Datagram Protocol (UDP)
connection is established for inbound or outbound connections, the information is logged in a stateful
session flow table.

Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-7 PIX FW Advanced, Cisco Press, p. 19

QUESTION 3
John the security administrator at Certkiller Inc. is working on configuring the PIX Firewall. John must choose two features on the PIX Firewall? (Choose two)
A. One feature is it uses Cisco Finesse operating system.
B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication connections.
Correct Answer: AF Section: (none) Explanation Explanation/Reference:
Explanation:
The PIX Firewall features the following technologies and benefits Non-Unix, secure, real-time, embedded
system ASA Cut-through proxy – A user-based authentication method of both inbound and outbound
connections, providing improved performance in comparison to that of a proxy server.
Statefull packet filtering Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-
like operating system. Use of Finesse eliminates the risks associated with general-purpose operating
system.

Reference:
Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9

QUESTION 4
What is the operating system that a pix runs?
A. unix
B. solaris
C. windows
D. none of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened firewall, limiting its
vulnerabilities.

QUESTION 5
What encryption protocols does the pix firewall support for vpn’s? Choose all that apply.
A. MD5
B. 3DES
C. AES
D. DES
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES encryption protocols for
IPSEC VPN’s.

QUESTION 6
What is the maximum number of interfaces the PIX Firewall 535 supports with an unrestricted license?
A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are
configurable with the unrestricted license.

Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/
products_installation_guide_chapter09186a 00801a9

QUESTION 7
As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported on a PIX Firewall. Which of the following statements regarding the capabilities of AES on the PIX Firewall is valid?
A. Supported in software only on all models.
B. Supported on software on all models and in hardware in a VAC card.
C. Not supported by the PIX 501 and 506.
D. Supported in software on all models and in hardware on a VAC+ card.
E. Supported in software on all models and in hardware on an AIM II card.
F. None of the above.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 29

QUESTION 8
Which of the following are valid pix models? Choose all that apply.
A. 505
B. 515
C. 530
D. 535
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall comes in 6 different models. 501, 506, 515, 520, 525, 535. There is also the FWSM blade.

QUESTION 9
How much flash memory does a pix firewall need to run OS version 6.1?
A. 2mb
B. 4mb
C. 8mb
D. 16mb
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
You need at least 8mb of flash memory to run pix OS version 5.2 and later.

QUESTION 10
What is the maximum number of interfaces the pix 535 can support?
A. 6
B. 8
C. 9
D. 10

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The 535 can support up to 10 different interfaces. The 525 can support 8 and the 515 and 520 can support
up to 6.

QUESTION 11
Which of the following pix models are unable to provide failover? Choose all that apply.
A. 501
B. 506
C. 515
D. 520
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
All pix models including the FWSM can provide failover, except for the 501 and 506.

QUESTION 12
Which of the following is a hardware card that can be installed on a pix to increase vpn throughput?
A. pfs
B. ike
C. stp
D. vac
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Pix firewall models 515, 525, and 535 support VPN Accelerator Cards (VAC’s) that process encryption and
decryption in hardware, relieving the pix cpu.

QUESTION 13
How many available PCI slots does a pix 515 have?
A. 0
B. 1
C. 2
D. 3
E. 4
F. 6
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix 515 has two available pci slots for additional ethernet interfaces to be installed.

CCNA Cisco 642-521 Exam Certification Guide is part of a recommended study program from Cisco 642-521 that includes simulation and hands-on training from authorized Cisco 642-521 Learning Partners and self-study products from Cisco 642-521.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-521 Learning Partners worldwide

Flydumps Shares Free Official Cisco 642-522 Exam Training Questions And Answers

Because Cisco 642-522 exam has changed recently, Flydumps presents the new version of Cisco 642-522 practice test, which helps candidates to pass the Cisco 642-522 exam easily. The exam dumps covers all aspect of Cisco 642-522 exam. You can visit our website to free Cisco 642-522 download the New Version VCE Player.

Exam A
QUESTION 1
A new PIX firewall was installed in the Certkiller network to guard against outside attacks. Why does this PIX security appliance record information about a packet in its stateful session flow table?
A. To build the reverse path forwarding (RFP) table to prevent spoofed source IP address.
B. To establish a proxy session by relaying the application layer requests and response between two endpoints.
C. To compare against return packets for determining whether the packet should be allowed through the firewall.
D. To track outbound UDP connections.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Adaptive Security Algorithm (ASA), used by the PIXFirewall for stateful application inspection, ensures the secure use of applications and services. Some applications require special handling by the PIXFirewall application inspection function. Applications that require special application inspection functions are those that embed IP addressing information in the user data packet or open secondary channels on dynamically assigned ports. The application inspection function monitors sessions to determine the port numbers for secondary channels. Many protocols open secondary TCP or UDP ports to improve performance. The initial session on a well-known port is used to negotiate dynamically assigned port numbers. The application inspection function monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these ports for the duration of the specific session. Packets going through PIX are checked using these steps: Access control lists (ACLs)-Used for authentication and authorization of connections based on specific networks, hosts, and services (TCP/UDP port numbers). Inspections-Contains a static, pre-defined set of application-level inspection functions. Connections (XLATE and CONN tables)-Maintains state and other information about each established connection. This information is used by ASA and cut-through proxy to efficiently forward traffic within established sessions. 1.A TCP SYN packet arrives at the PIXFirewall to establish a new connection. 2.The PIXFirewall checks the access control list (ACL) database to determine if the connection is permitted. 3.The PIXFirewall creates a new entry in the connection database (XLATE and CONN tables). 4.The PIXFirewall checks the Inspections database to determine if the connection requires application-level inspection. 5.After the application inspection function completes any required operations for the packet, the PIXFirewall forwards the packet to the destination system. 6.The destination system responds to the initial request. 7.The PIXFirewall receives the reply packet, looks up the connection in the connection database, and forwards the packet because it belongs to an established session. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/ products_configuration_guide_chapter09186a00800 e

QUESTION 2
A new Certkiller ASA 5500 was installed in the Certkiller network. In the Cisco ASA 5500 series, what is the flash keyword aliased to?
A. Disk0
B. Disk1
C. Both Disk0 and Disk1
D. Flash0
E. Flash1

Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation:
See the following URL syntax:
disk0:/[path/]filename
For the ASA 5500 series adaptive security appliance, this URL indicates the internal Flash memory. You
can also use flash instead of disk0; they are aliased.
Reference:
http://www.cisco.com/en/US/products/ps6120/
products_configuration_guide_chapter09186a0080450b90.html
QUESTION 3
Cisco firewalls maintain state awareness of all traffic going through it. What is the core component of the PIX firewall that accommodates for this?
A. PFS
B. ASA
C. VAC
D. FWSM
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Adaptive Security Algorithm (ASA) is the brains of the pix, keeping track of stateful connection
information. This allows the firewall to maintain stateful packet awareness to allow for the return traffic to
traverse through the firewall.
QUESTION 4
A new Cisco PIX 535 is being installed in the Certkiller network. What is the maximum number of physical interfaces the PIX Firewall 535 supports with an unrestricted license?
A. 20
B. 10
C. 6
D. 5
E. 3

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are
configurable with the unrestricted license.

-The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.

-A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a total of 10 are
configurable with the unrestricted license.
PIX model license Comparison:
Reference: http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/ products_installation_guide_chapter09186a

QUESTION 5
On a new Certkiller PIX the “same-security-traffic permit intra-interface” configuration command was issued. What are two purposes of this command? (Choose two)
A. It allows all of the VPN spokes in a hub-and-spoke configuration to be terminated on a single interface.
B. It allows communication between different interfaces that have the same security level.
C. It permits communication in and out of the same interface when the traffic is IPSec protected.
D. It enabled Dynamic Multipoint VPN.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation: B is correct, however the other correct answer to this question is certainly not C because in order to make this happen with this command the syntax must be changed from intra-interface to inter-interface. It must be A because the purpose of allowing IPSec to go in and out of the same interface is for a hub and spoke VPN configuration or hairpinning. In other words two clients connected with IPSec to the same interface of a security appliance can send protected traffic between the two of them via the termination point.

QUESTION 6
A new Certkiller security appliance is being installed for the first time. By default, the AIP-SSM IPS software is accessible from the management port at IP address 10.1.9.201/24. Which CLI command should and administrator use to change the default AIP-SSM management port IP address?
A. hw module 1 setup
B. interface
C. setup
D. hw module 1 recover
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
After you have completed configuration of the ASA 5500 series adaptive security appliance to divert traffic
to the AIP SSM, session to the AIP SSM and run the setup utility for initial configuration.

To session to the AIP SSM from the adaptive security appliance, perform the following steps: Step 1 Enter the session 1 command to session from the ASA 5500 series adaptive security appliance to the AIP SSM. hostname# session 1 Step 2 Enter the username and password. The default username and password are both cisco. Note: The first time you log in to the AIP SSM you are prompted to change the default password. Step 3 Enter the setup command to run the setup utility for initial configuration of the AIP SSM. AIP SSM# setup You are now ready to configure the AIP SSM for intrusion prevention, including the ability to change the AIP-SSM management IP address.. Reference: Cisco Security Appliance Command Line Configuration Guide for the Cisco ASA 5500 Series and Cisco PIX 500 Series Software Version 7.0(4) page 19-3

QUESTION 7
A Certkiller ASA appliance is shown below:

Refer to the exhibit above. The Certkiller administrator has configured the first four ports on a Cisco ASA
5540 Security Appliance. The technician attached the next data cable to Port A.
When configuring this interface, what physical type, slot, and port number should the administrator add to
the configuration?

A. GigabitEthernet0/0
B. GigabitEthernet0/5
C. GigabitEthernet0/4
D. Management0/0

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: If you want to use ASDM to configure the security appliance instead of the command-line interface, you can connect to the default management address of 192.168.1.1 (if your security appliance includes a factory default configuration). On the ASA 5500 series adaptive security appliance, the interface to which you connect with ASDM is Management 0/0. For the PIX 500 series security appliance, the interface to which you connect with ASDM is Ethernet 1. If you do not have a factory default configuration, follow the steps in this section to access the command-line interface. You can then configure the minimum parameters to access ASDM by entering the setup command. Reference: Cisco Security Appliance Command Line Configuration Guide for the Cisco ASA 5500 Series and Cisco PIX 500 Series, page 2-84

QUESTION 8
The files on a Certkiller security appliance need to be verified. How can you view the files listed in a PIX flash memory?
A. show pix flash
B. show flash memory
C. show flashfs
D. show flash mfs
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: You can view the size of your configuration from the PIX Firewall console. Either connect a computer to the PIX Firewall unit or use Telnet to access the console. After entering the enable mode password, use the show flashfs command to view the configuration size, as shown in the following example: CK1 #show flashfs flash file system: version:2 magic:0x12345679 file 0: origin: 0 length:2502712 file 1: origin: 2621440 length:2324 file 2: origin: 0 length:0 file 3: origin: 2752512 length:2608708 file 4: origin: 8257536 length:280 The “file 1” line lists the number of characters in your configuration after the “length” parameter. In this example, the configuration consists of 2,324 characters. Divide this number by 1,024 to view the number of kilobytes. The configuration in this example is slightly more than 2 KB. The optimal configuration file size to use with PDM is less than 100KB, which is approximately 1500 lines. PIXFirewall configuration files over 100KB may interfere with the performance of PDM on your workstation. Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/ products_installation_guide_chapter09186a008007 d
QUESTION 9
The Certkiller network is displayed in the following diagram:

Refer to the exhibit above. Users on the DMZ are complaining that they cannot gain access to the inside
host via HTTP. What did the network administrator determine after reviewing the network diagram and partial configuration?
A. The static (inside,dmz) command is not configured correctly.
B. The global (dmz) command is not configured correctly.
C. The nat (dmz) command is missing.
D. The dmzin access list is not configured correctly.
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Based on the configuration above, the real IP address of the WWW server (insidehost) is 10.0.1.11, but there is a static NAT entry that translates this address to 192.168.1.18. Users from the outside will attempt to connect to the server “insidehost” using the 192.168.1.18 IP address. The access list must therefore permit WWW traffic to this host, not the 10.0.1.11 host. The DMZ access list should read “access-list dmzin permit tcp any host 192.168.1.18 eq www”

QUESTION 10
The security team at Certkiller is working on dynamic NAT. How can dynamic outside NAT simplify router configuration on your internal or perimeter networks?
A. It can simplify because you can configure your routing within the nat command.
B. It can simplify because you can configure your routing within the global command.
C. It can simplify by controlling the addresses that appear on these networks.
D. It can simplify because statics take precedence over nat and global command pairs.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Dynamic outside NAT -Translates host addresses on less secure interfaces to a range or pool of IP address on a more secure interface. This is most useful for controlling the address on a more secure interface. This is most useful for controlling the address that appear on inside of the pix firewall and for connecting networks with overlapping addresses. Reference: Cisco Secure PIX Firewall Advanced 3.1 6-11 Inside dynamic NAT: Translates between host addresses on more secure interfaces and a range or pool of IP addresses on a less secure interface. This provides a one-to-one mapping between internal and external addresses that allows internal users to share registered IP addresses and hides internal addresses from view on the public Internet. Reference: Establishing Connectivity www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm
This volume is part of the Exam Certification Guide Series from Cisco 642-522.Cisco 642-522 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-522 Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as Cisco 642-522 exam day nears.