Cisco 642-521 PDF Download, 50% Discount Cisco 642-521 Certification Exam On Our Store

Welcome to download the newest Pass4itsure SY0-401 dumps:

Flydumps certification Cisco 642-521 exam is a very important Hitachi certification exam in the IT industry, would like the examination must be fully prepared for the Cisco 642-521 exam is necessary. If you choose to enroll in the Cisco 642-521 exam you should choose a good learning materials or to choose a good training methods to prepare for the Cisco 642-521 exam. The Select Flydumps 100% to help you pass the Cisco 642-521 exam, according to the Cisco 642-521 exam subjects Flydumps Cisco 642-521 test is constantly changing, constantly update will provide the latest content of the Cisco 642-521. Flydumps have real and original Cisco 642-521 exam sample questions for preparing. Flydumps Cisco 642-521 exam sample questions and a close resemblance to the real Cisco 642-521 exam practice questions and answers.

QUESTION 108
How does the DNS Guard feature help prevent UDP sesion hijacking and DoS attacks?
A. It prevents all DNS responses from passing through the PIX Firewall.
B. It prevents any DNS name resolution requests to DNS servers behind the PIX Firewall.
C. Only the first reply from any given DNS server is allowed through the PIX Firewall. The PIX discards all other replies from the same server.
D. If multiple DNS servers are queried, only the first answer from the first server to reply is allowed through the PIX Firewall. The PIX does not wait for the default UDP timer to close the sessions but tears down connections to all DNS servers after receiving the first reply.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 109
When configuring a crypto map, which command correctly specifies the peer to which IPSec-protected traffic can be forwarded?
A. crypto map set peer 192.168.7.2
B. crypto map 20 set-peer insidehost
C. crypto-map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which command correctly specifies a transform set for a crypto map?
A. crypto transform-set name pix2
B. crypto map peer2 10 set transform-set pix2
C. transform-set pix2 set crypto map MYMAP
D. crypto-map policy 10 set 192.168.7.2
E. crypto map peer7 10 set peer 192.168.7.2
F. crypto transform peer2 10 set transform-set pix2

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
The LAN-based failover you configured does not work. Why? Choose two reasons.
A. You used a hub for failover operation.
B. You used a switch for failover operation.
C. You used a dedicated VLAN for failover operation.
D. You did not set a failover IP address.
E. You did not use a crossover Ethernet cable between the two PIX Firewalls.
F. You used a crossover Ethernet cable between the two PIX Firewalls.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 112
You have used the privilege command to set privilege levels for PIX Firewall commands. How can an administrator now gain access to a particular privilege level?
A. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the user name for that level.
B. From the > prompt, enter the login command with a privilege-level designation, when prompted enter the password.
C. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the password for that level.
D. From the > prompt, enter the enable command with a privilege-level designation, when prompted, enter the password for that level.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
What is the maximum number of PIX Firewalls the AUS will support?
A. 100
B. 500
C. 750
D. 1000
E. 2000

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 115
At a small site in the above network diagram, network administrator chose to authenticate WWW cut-through proxy traffic via a local database on the PIX Firewall. What commands should the administrator enter to accomplish this?

A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which statements about creating VPNs in PDM are true? Choose two.
A. When the inactivity timeout for all IPSec SAs have expired for a given VPN Client, the tunnel is established.
B. PDM supports tunnel policies that are not bound to an interface.
C. To create a crypto map, select crypto maps from the IPSec branch of the categories tree.
D. PDM hides the concept of crypto map.
E. After you create a tunnel policy in the VPN tab’s tunnel policy window, you must bind it to an interface from the Access Rules tab.
F. PDM does not support tunnel policies that are not bound to an interface. You must select an interface for a tunnel policy when you create it.

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 117
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 118
Which protocols does the PIX Firewall use to enable call handling sessions, particularly two-party audio conferences or calls?
A. Remote Function Call
B. Session Initiation Protocol
C. Real-Time Transport Protocol
D. Point-to-Point Protocol over Ethernet

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 119
What command reassigns a specific command to a different privilege level?
A. privilege
B. command auth
C. level-priv D. curpriv

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Why use the shun command?
A. PIX Firewall does not support shunning
B. to enable the PIX Firewall to detect and block intrusion attempts
C. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its source address
D. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its destination address

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
What is the default port number that the PIX Firewall uses to contact the AUS?
A. 25
B. 110
C. 443
D. 444

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You are attempting to create a protocol object group to contain a group of protocols frequently used by users on your network. You enter the command object-group protocol PROTO. What happens?
A. You get an error message
B. You get the proper syntax for the object-group command
C. You get a sub-command prompt: pixfirewall (config-protocol)#
D. You get the prompt pixfirewall(config)# access-list so that you can quickly insert the object group into an ACL

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have 100 users on your internal network; you want only six of these users to perform FTP, Telnet, or HTTP outside the network. Which PIX Firewall feature do you enable?
A. access lists
B. AAA
C. object grouping
D. VAC+

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 125
The administrator would like to create an inactivity timeout value of 10 minutes on all console cable sessions. To do so, the administrator would enter which command?
A. Pix1 (config) # enable timeout 10
B. Pix1 (config) # console timeout 10
C. Pix1 (config) # authentication console timeout 10
D. Pix1 (config) # console-idle-timeout timeout10

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
If you configure a VPN between a Cisco VPN Client and the PIX Firewall using pre-shared keys for authentication, which should you do? Choose two.
A. Use pre-shared keys for authentication.
B. Use digital certificates for authentication instead of pre-shared keys.
C. Do not use digital certificates for authentication.
D. Ensure that the password on the VPN client matches the vpngroup password on the PIX Firewall.
E. Ensure that the group name differs from the VPN group name on the PIX Firewall.
F. Ensure that the group name on the VPN Client matches the vpngroup name on the PIX Firewall.
Correct Answer: DF Section: (none) Explanation

Explanation/Reference:
QUESTION 127
The PDM runs on which operating systems? Choose the best answer.
A. Windows, Macintosh, and Linux
B. Windows and Sun Solaris
C. Windows, Linux, and Sun Solaris
D. Windows and Linux

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which command enables IKE on the outside interface?
A. ike enable outside
B. ipsec enable outside
C. isakmp enable outside
D. ike enable (outbound)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Cisco IP phones download their configurations from a TFTP server. How do you enable the PIX Firewall to provide information about a TFTP server to the IP phones?
A. using the tftp server command
B. enable the PIX Firewall’s TFTP fixup
C. configure the PIX Firewall’s DHCP server and enable DHCP option 150 or DHCP option 66
D. configure the PIX Firewall’s TFTP server and enable TFTP option 150 or DHCP option 66

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

When deciding to choose Flydumps Cisco 642-521 exam sample questions, you will choose the success in Cisco 642-521 exam. You aren’t planning to purchase a non reusable solution. Cisco 642-521 exam sample questions changes are supplied no cost. It doesn’t matter how shortly you choose grab the specific Cisco 642-521 exam sample questions accreditation, take the real Cisco 642-521 questions qualification, it will be easy just to walk in the screening space as assured as the Certification Administrator. Several Cisco 642-521 study books contain questions at the end of each chapter. Candidates should be able to practice Cisco 642-521 exam sample questions. If you plan for your free using your Flydumps assessment serps, most people ensure making money online within the initial endeavor.

Welcome to download the newest Pass4itsure SY0-401 dumps: http://www.pass4itsure.com/SY0-401.html

ISEB BH0-005 Exam Collection, First-hand ISEB BH0-005 New Questions On Sale

Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Flydumps Cisco 642-521 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps assistance.

QUESTION 71
What command applies a blocking function to an interface receiving an attack?
A. conduit
B. ip deny
C. interface
D. shun

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
After configuring a PIX Firewall to run two OSPF processes, what is the default state for passing LSA 3 advertisements?
A. LSA 3 advertisements can pass between areas within a process, but not between processes.
B. LSA 3 advertisements can pass between processes, but not between areas within a process.
C. LSA 3 advertisements can not pass between processes or areas.
D. LSA 3 advertisements can pass between processes and areas.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Your primary PIX Firewall is currently the active unit in your failover topology. What will happen to the current IP addresses on the primary PIX Firewall if it fails?
A. They become those of the standby PIX Firewall.
B. The ones on the primary PIX Firewall remain the same, but the current IP addresses of the secondary become the virtual IP addresses you configured.
C. They are deleted.
D. The ones on both the primary and secondary PIX Firewalls are deleted and both assume the failover IP addresses you configured.

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 74
What is the maximum number of transforms in a transform set?
A. 3
B. 6
C. 9
D. 10

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which command enables intrusion detection in the PIX Firewall?
A. shun
B. enable ids
C. ip audit
D. ids enable

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 76
How does the PDM running on the FWSM differ from PDM running on the PIX Firewall?
A. When running on the FWSM, the PDM has a Startup Wizard.
B. When running on the FWSM, the PDM has a VPN Wizard.
C. When running on the FWSM, the PDM does not have a VPN tab.
D. When running on the FWSM, the PDM does not have a System Properties tab.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What is the purpose of the who command?
A. to enable you to view which IP addresses are currently accessing the PIX Firewall console via Telnet
B. to enable you to view which IP addresses are currently accessing the PIX Firewall console via SSH
C. to remove Telnet access from a previously authorized IP address
D. to enable you to view who is currently accessing the PIX Firewall Device Manager console from a browser
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 78
Which tasks enable DHCP server support on the PIX Firewall? Choose two.
A. Specify a range of addresses for the DHCP server to distribute by using the dhcp ippool command.
B. Specify a range of addresses for the DHCP server to distribute by using the dhcpd address command.
C. Use the iphelper command to enable the PIX Firewall to pass broadcast messages between its DHCP client and DHCP server.
D. Enable the DHCP daemon within the PIX Firewall to listen for DHCP client requests on the enabled interface by using the dhcpd enable command.
E. Enable the PIX Firewall to distribute IP addresses to its DHCP clients from a global pool by using the global command with the dhcp option. Specify the IP address of at least one DNS server.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which statements about the static command are true? Choose two.
A. It cannot be used alone for outbound connections.
B. Statics take precedence over nat and global command pairs.
C. The nat and global command pairs take precedence over statics.
D. If a global IP address will be used for PAT, you should not use the same global IP address for a static translation.
E. If a global IP address will be used for port address translation, you should use the same global IP address for a static translation.
F. If a global IP address will be used in a global pool for use with NAT, you should use the same global IP address for a static translation.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 80
How can downloadable ACLs increase your efficiency when you find yourself creating massive amounts of ACLs on several different PIX Firewalls?
A. They enable you to configure your PIX Firewall to download pre-written ACLs from Cisco Connection Online.
B. You can enter an ACL once, in Cisco Secure ACS, and then have it downloaded to any number of PIX Firewalls during user authentication.
C. You can create all ACLs on one PIX Firewall and distribute them to other PIX Firewalls by using the download command on the receiving PIX Firewall or the upload command on the sending PIX Firewall.
D. You can enter an ACL once in Cisco Secure ACS, and then have it downloaded to no more than 100 PIX Firewalls during authorization.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 81
When are duplicate objects allowed in object groups?
A. when they are due to the inclusion of group objects
B. when a group object is included, which causes the group hierarchy to become circular
C. never
D. always, because there are no conditions or restrictions

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Why is the group tag in the aaa-server command important?
A. The aaa command references the group tag to know where to direct authentication, authorization, or accounting traffic.
B. The group tag identifies which users require authorization to use certain services.
C. The group tag identifies which user groups must authenticate.
D. The group tag enables or disables user authentication services.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What is the purpose of the command ip local pool MYPOOL 10.0.0.20-10.0.0.29?
A. to designate a pool of IP addresses for NAT
B. to designate a pool of IP addresses that will dynamically be assigned to PPPoE clients
C. to designate a pool of IP addresses that will be dynamically assigned to DHCP clients
D. to designate a pool of IP addresses that will be dynamically assigned to VPN clients via IKE mode configuration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which statements about ACLs are true? Choose two.
A. By default, all access in an ACL is permitted.
B. Using the access-group command creates ACL entries.
C. For traffic moving from a lower security level interface to a higher security level interface, the
destination host must have a statically mapped address.
D. For traffic moving from a higher security level interface to a lower security level interface, the source address argument of the ACL command is the translated address of the host or network.
E. For traffic moving from a lower security level interface to a higher security level interface, the source address argument of the ACL command is the global IP address assigned in the static command.
F. For traffic moving from a lower security level interface to a higher security level interface, the destination address argument of the ACL command is the global IP address assigned in the static command.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which commands configure the PIX Firewall’s PPPoE client?
A. only vpdn group, vpdn username, and ip address pppoe
B. only vpngroup and vpnusername
C. only vpdn group and interface pppoe
D. only vpngroup and ip address pppoe

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which transform sets are pre-defined by PDM? Choose two.
A. AH-SHA-HMAC
B. ESP-DES-MD5
C. ESP-3DES-SHA
D. AH-MD5_HMAC
E. AH-DES-MD5
F. nat 0 match acl

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which statement about AH and ESP security protocols is true?
A. Each can be used alone or in conjunction with the other.
B. You must choose one or the other. They cannot be used together.
C. They must be used together.
D. If you need data encryption, data authentication, and replay-detection, you must use both.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 88
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
The XYZ Corporation security manager wants the easy VPN remote office PIX Firewall, PIX1, to authenticate itself with ACS server, ACS1, at the central site before a VPN tunnel is established. As the network administrator, at which location and what command should be enter to enable remote PIX device authentication? (Choose two.)

A. vpnclient oxford unit-authentication
B. vpngroup oxford secure-unit-authentication
C. vpngroup oxford network-extension-mode ACS1
D. configure at PIX1
E. configure at PIX2

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which object group types can be created in the PIX Firewall? Choose three.
A. icmp-type
B. service
C. server host
D. ACL out
E. DHCP
F. protocol

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
After reviewing the above network diagram, which command should an administrator use to map the www server on the DMZ to a static address on the outside network, 192.168.6.9?

A. pix1 (config)# static (dmz,outside) 172.26.26.50 192.168.6.9
B. pix1 (config)# static (outside,dmz) 192.168.6.9 172.26.26.50
C. pix1 (config)# static (dmz,outside) 192.168.6.9 172.26.26.50
D. pix1 (config)# static (outside,dmz) 172.26.26.50 192.168.6.9

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which must you do to enable hosts behind the PIX Firewall to receive multicast transmissions? Choose two.
A. Use the igmp join-group command to configure the PIX Firewall to join a multicast group.
B. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast safe mode.
C. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast promiscuous mode.
D. Use the igmp forward command to enable IGMP forwarding on each PIX Firewall interface connected to hosts that will receive multicast transmissions.
E. Use the permit option of the access-list command to configure an ACL that allows traffic to permissible Class D destination addresses.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 94
For added security, the network manager wants PCs on the inside network at the remote office to authenticate with an ACS server, ACS1, at the central site before allowing these individuals PCs to access a VPN tunnel. As the network administrator, at which location and what commands should they enter to force remote PC users to authenticate before allowing them access to a VPN tunnel? (Choose two.)

A. vpngroup oxford user-authentication vpngroup oxford authentication-server ACS1
B. Configured at PIX1
C. Configured at PIX2
D. vpngroup oxford individual-user-authentication ACS1
E. vpngroup oxford mode network-extension-mode vpngroup oxford authentication-server ACS1

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which is likely to cause standard failover via the special serial cable not to work? Choose two.
A. The two PIX Firewalls are running different versions of software.
B. The hardware models are the same.
C. The secondary PIX Firewall has not been properly configured as a secondary PIX Firewall.
D. The secondary PIX Firewall has a 3DES license.
E. The hardware models are different.
F. The standby PIX Firewall has not yet replicated its configuration to the primary PIX Firewall.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 96
To configure the PIX Firewall to forward multicast transmissions from an inside source, which steps are necessary? Choose two.
A. Use the igmp join-group command to enable the PIX Firewall to forward IGMP reports.
B. Use the igmp forward command to enable multicast forwarding on each PIX Firewall interface.
C. Use the multicast interface command to enable multicast forwarding on each PIX Firewall interface.
D. Use the route command to create a static route from the transmission source to the next-hop router interface.
E. Use the mroute command to create a static route from the transmission source to the next-hop router interface.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
drag drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 98
What PIX Firewall feature simplifies the integration of two existing networks that use overlapping IP address spaces?
A. NAT 0
B. inside NAT
C. outside NAT
D. expanded NAT

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 99
The PIX Firewall logs information about packets, such as source and destination IP addresses, in the stateful session flow table. When does this happen?
A. each time it is reloaded
B. each time a TCP or UDP outbound connection attempt is made
C. only when a TCP inbound or outbound connection attempt is made
D. each time a TCP or UDP inbound or outbound connection attempt is made

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Which statement about license keys for PIX Firewalls is true?
A. License keys are specific to the PIX Firewall software versions.
B. License keys exist for the PIX Firewall 515E software version only.
C. License keys are not specific to a particular PIX Firewall software version.
D. License keys are not required for any of the PIX Firewall software versions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which component of the PIX MC selects devices or groups for configuration through the configuration tab?
A. devices tab
B. object bar
C. activity bar
D. object selector

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
An administrator wants to add a comment about access-list aclin line 2. What command should they enter to accomplish this addition?

A. pix1(config)# access-list aclin line 1 remark partner server http access
B. pix1(config)# access-list aclin line 2 remark partner server http access
C. pix1(config)# access-list aclin line 1 comment partner server http access
D. pix1(config)# access-list aclin line 2 comment partner server http access

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 103
A user on the dmz is complaining that they can not gain access to the inside host via HTTP. After reviewing the network diagram and partial configuration, the network administrator determined the following:

A. The static (inside, dmz) command is not configured correctly.
B. The PIX is configured correctly; the issue is with the user’s PC.
C. The nat (dmz) command is missing.
D. The global (dmz) command is not configured correctly.
E. The dmzin access list is not configured correctly.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 104
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 105
You are creating a site-to-site VPN using IPSec between two PIX Firewalls. Which step is optional when configuring the crypto maps on the Firewalls?
A. Create a crypto map entry identifying the crypto map with a unique crypto map name and sequence number.
B. Specify which transform sets are allowed for this crypto map entry.
C. Specify a dynamic crypto map to act as a policy template where the missing parameters are later dynamically configured to match a peer’s requirements.
D. Assign an ACL to the crypto map entry.
E. Specify the peer to which IPSec-protected traffic can be forwarded.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Type the command that reboots the PIX Firewall
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 107
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

Flydumps Cisco 642-521 practice test is the best training materials. If you are an IT staff, it will be your indispensable training materials. Do not take your future betting on tomorrow. Flydumps Cisco 642-521 practice test are absolutely trustworthy. We are dedicated to provide the materials to the world of the candidates who want to participate in IT exam. To get the Cisco 642-521 exam certification is the goal of many IT people & Network professionals. The pass rate of Flydumps is incredibly high. We are committed to your success.

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take

Cisco 642-521 Practice, Download Latest Cisco 642-521 PDF Dumps On Our Store

New VCE and PDF– If you want to pass Cisco 642-521 exam successfully,do not miss to test Cisco latest Cisco 642-521 brain dumps.All Cisco 642-521 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.

QUESTION 51
The graphic shows a partial configuration. An account manager (AM) at a small site wants to access the boston_sales.cisco.com server. The account manager knows the name, but not the IP address of the server. The AM’s PC requests DNS resolution of the inside web server address from a DNS server on an outside network. To enable the PIX Firewall to perform a DNS A record translation correctly for the above mentioned application, the DNS key word should be added to which of the above mentioned commands?

A. Nat command
B. Global command
C. Access-list command
D. Static command

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You installed PDM on a PIX Firewall with an existing configuration. You notice that you have access only to the monitoring tab. What is the most likely cause of this problem?
A. You are running PDM on a software image earlier than 6.0.
B. You have a command in your configuration that PDM does not support.
C. You have not specified the host or network authorized to initiate an HTTP connection to the PIX Firewall.
D. You installed a corrupt pdmxx.bin file.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What protocol does the PIX MC use to communicate with the PIX Firewall?
A. HTTP
B. SSH
C. HTTPS
D. SNMP

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 55
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which statement about authentication and the PIX Firewall is true?
A. One network cannot authenticate with both TACACS+ and RADIUS.
B. One network can authenticate with both TACACS+ and RADIUS.
C. If any network connected to your PIX Firewall authenticates with RADIUS, all other networks must use RADIUS for authentication.
D. If any network connected to your PIX Firewall authenticates with TACACS+, any other networks that use authentication and connect to the PIX Firewall must also use TACAS+.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which statements about the PIX Firewall’s PAT feature are true? Choose three.
A. It maps TCP port numbers to a single IP address.
B. It cannot be used with NAT.
C. It provides security by hiding the outside source address, using a global IP address from the PIX Firewall.
D. A PAT address can be a virtual address, different from the outside address.
E. It provides security by hiding the inside source address, using a single IP address from the PIX Firewall.
F. The IP address of a PIX Firewall interface cannot be used as the PAT address.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which statements about intrusion detection in the PIX Firewall are true? Choose two.
A. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored unless you disable them.
B. Only the signatures you enable will be monitored.
C. The PIX Firewall supports only inbound auditing.
D. IP audit policies must be applied to an interface with the ip audit interface command.
E. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored and cannot be disabled until you remove the policy from the interface.
F. IP audit policies must be applied to an interface with the ip audit signature command.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Identify a problem with packet-filtering firewalls.
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. It is difficult to add new services to the firewall.
C. Packets cannot pass through the filter by being fragmented.
D. Packets can pass through the filter by being fragmented.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which two commands can be used to enable SYN Flood Guard? Choose two.
A. alias
B. nat
C. static
D. synflood

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 64
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 65
lab A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 66
What is the function of the support tool in the PIX MC?
A. to allow technical support to remotely administer the PIX MC
B. to show available support options for the PIX MC
C. to create a file that captures information about the PIX MC
D. to place the PIX MC in safe mode so you can troubleshoot it

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which type of downloadable ACLs are best when there are frequent requests for downloading a large ACL?
A. named ACLs
B. unnamed ACLs
C. dynamic ACLs
D. static ACLs

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which statement about authorization and the PIX Firewall is true?
A. The PIX Firewall supports downloadable ACLs using RADIUS.
B. The PIX Firewall does not support per-user authorization.
C. The PIX Firewall does not support TACACS+ authorization.
D. The PIX Firewall supports downloadable ACLs using TACACS+.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
How do you configure the PIX Firewall to protect against SYN floods?
A. Use the emb_conns argument to limit the number of fully opened connections.
B. Set the max_conns option in the nat command to less than the server can handle.
C. Set the emb_limit option in the name command to less than the server can handle.
D. Set the emb_limit option in the static command to less than the server can handle.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
An IT professional at the DEF Corporation asked the corporation’s PIX Firewall administrator if a user on the inside network could access two sites on the Internet and present two different source IP addresses. When accessing an FTP server, the source IP address is translated to 192.168.0.9. When accessing a web server, the source address is translated to 192.168.0.21. The PIX Firewall administrator could accomplish this application by completing which of the following tasks?

A. Configure NAT and global commands.
B. Configure NAT 0 access-list and global commands.
C. Configure outside NAT and global commands.
D. Configure NAT access-list and global commands.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Both PDF and software format demos for Cisco 642-521 exam dumps are offered by Flydumps for free.You can try Cisco 351-080 free demo before you decide to buy the full version practice test.Cisco 642-521 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-521 dumps will not only help you pass in one attempt,but also save your valuable time.

New Updated Cisco 642-521 Exam Of Flydumps For Free Download

Do not worry about your Cisco 642-521 exam, Lead2pass now has published the new veriosn Cisco 642-521 exam dumps with more new added questions and answers, also you can free download Cisco 642-521 vce test software and pdf dumps on Flydumps.com.

Exam A
QUESTION 1
Which of the following is a problem with packet-filtering firewalls?
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented.
C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 18

Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-5

QUESTION 2
At which of the following stages will the PIX Firewall log information about packets, such as source and destination IP addresses, in the stateful session table?
A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made.
D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology maintains complete
session state. Each time a Transimission Control Protocol (TCP) or User Datagram Protocol (UDP)
connection is established for inbound or outbound connections, the information is logged in a stateful
session flow table.

Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-7 PIX FW Advanced, Cisco Press, p. 19

QUESTION 3
John the security administrator at Certkiller Inc. is working on configuring the PIX Firewall. John must choose two features on the PIX Firewall? (Choose two)
A. One feature is it uses Cisco Finesse operating system.
B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication connections.
Correct Answer: AF Section: (none) Explanation Explanation/Reference:
Explanation:
The PIX Firewall features the following technologies and benefits Non-Unix, secure, real-time, embedded
system ASA Cut-through proxy – A user-based authentication method of both inbound and outbound
connections, providing improved performance in comparison to that of a proxy server.
Statefull packet filtering Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-
like operating system. Use of Finesse eliminates the risks associated with general-purpose operating
system.

Reference:
Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9

QUESTION 4
What is the operating system that a pix runs?
A. unix
B. solaris
C. windows
D. none of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened firewall, limiting its
vulnerabilities.

QUESTION 5
What encryption protocols does the pix firewall support for vpn’s? Choose all that apply.
A. MD5
B. 3DES
C. AES
D. DES
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES encryption protocols for
IPSEC VPN’s.

QUESTION 6
What is the maximum number of interfaces the PIX Firewall 535 supports with an unrestricted license?
A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are
configurable with the unrestricted license.

Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/
products_installation_guide_chapter09186a 00801a9

QUESTION 7
As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported on a PIX Firewall. Which of the following statements regarding the capabilities of AES on the PIX Firewall is valid?
A. Supported in software only on all models.
B. Supported on software on all models and in hardware in a VAC card.
C. Not supported by the PIX 501 and 506.
D. Supported in software on all models and in hardware on a VAC+ card.
E. Supported in software on all models and in hardware on an AIM II card.
F. None of the above.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 29

QUESTION 8
Which of the following are valid pix models? Choose all that apply.
A. 505
B. 515
C. 530
D. 535
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall comes in 6 different models. 501, 506, 515, 520, 525, 535. There is also the FWSM blade.

QUESTION 9
How much flash memory does a pix firewall need to run OS version 6.1?
A. 2mb
B. 4mb
C. 8mb
D. 16mb
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
You need at least 8mb of flash memory to run pix OS version 5.2 and later.

QUESTION 10
What is the maximum number of interfaces the pix 535 can support?
A. 6
B. 8
C. 9
D. 10

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The 535 can support up to 10 different interfaces. The 525 can support 8 and the 515 and 520 can support
up to 6.

QUESTION 11
Which of the following pix models are unable to provide failover? Choose all that apply.
A. 501
B. 506
C. 515
D. 520
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
All pix models including the FWSM can provide failover, except for the 501 and 506.

QUESTION 12
Which of the following is a hardware card that can be installed on a pix to increase vpn throughput?
A. pfs
B. ike
C. stp
D. vac
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Pix firewall models 515, 525, and 535 support VPN Accelerator Cards (VAC’s) that process encryption and
decryption in hardware, relieving the pix cpu.

QUESTION 13
How many available PCI slots does a pix 515 have?
A. 0
B. 1
C. 2
D. 3
E. 4
F. 6
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix 515 has two available pci slots for additional ethernet interfaces to be installed.

CCNA Cisco 642-521 Exam Certification Guide is part of a recommended study program from Cisco 642-521 that includes simulation and hands-on training from authorized Cisco 642-521 Learning Partners and self-study products from Cisco 642-521.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-521 Learning Partners worldwide

Newest PDF And VCE Cisco 642-521 With New Added Questions Of Flydumps For Free Download

Flydumps has timely updated the Cisco 642-521 exam questions. With all the new questions and answers, you will pass the Cisco 642-521 exam easily. If you want to get more Cisco 642-521 exam dumps, you can free download the new version VCE test engine from Flydumps. All Cisco 642-521 dumps are new updated and cover all aspect of the examination.

Exam A
QUESTION 1
Your primary PIX Firewall is currently the active unit in your failover topology. What will happen to the current IP addresses on the primary PIX Firewall if it fails?
A. They become those of the standby PIX Firewall.
B. The ones on the primary PIX Firewall remain the same, but the current IP addresses of the secondary become the virtual IP addresses you configured.
C. They are deleted.
D. The ones on both the primary and secondary PIX Firewalls are deleted and both assume the failover IP addresses you configured.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What is the default port number that the PIX Firewall uses to contact the AUS?
A. 25
B. 110
C. 443
D. 444
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which statements about the PIX Firewall’s DHCP capabilities are true? Choose two.
A. It can be a DHCP server.
B. It cannot be a DHCP client.
C. You must remove a configured domain name.
D. It can be a DHCP server and client simultaneously.
E. It cannot pass configuration parameters it receives from another DHCP server to its own DHCP clients.
F. The PIX Firewall’s DHCP server can be configured to distribute the IP addresses of up to four DNS servers to its clients.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
You already created an ACL named ACLIN to permit traffic from certain Internet hosts to the web server on your DMZ. How do you make the ACL work? Choose two.
A. bind the ACL to the DMZ interface
B. bind the ACL to the inside interface
C. bind the ACL to the outside interface
D. create a static mapping for the DMZ interface
E. create a static mapping for the web server
F. create a conduit mapping for the web server
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
If the FTP protocol fixup is not enabled for a given port, which statements are true? Choose two.
A. Outbound standard FTP will work properly on that port.
B. Outbound passive FTP will not work properly on that port.
C. Outbound standard FTP will not work properly on that port.
D. Outbound standard FTP will work properly on that port if outbound traffic is not explicitly disallowed.
E. Inbound standard FTP will not work properly on that port even if a conduit to the inside server exists.
F. Outbound passive FTP will work properly on that port as long as outbound traffic is not explicitly disallowed.
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 6
While entering a list of host addresses to an ACL, the administrator left out an ACE for host 192.168.0.9. The administrator wants to add an access control entry for 192.168.0.9 between line 3 and line 4 of the existing access-list. What command should be entered to accomplish this addition?

A. pix1(config)# access-list aclin line 4 permit tcp any host 192.168.0.9 eq www
B. pix1(config)# access-list aclin line 3 permit tcp any host 192.168.0.9 eq www
C. pix1(config)# access-list aclin add-line 4 permit tcp any host 192.168.0.9 eq www
D. pix1(config)# access-list aclin add-line 3 permit tcp any host 192.168.0.9 eq www
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
If you configure a VPN between a Cisco VPN Client and the PIX Firewall using pre-shared keys for authentication, which should you do? Choose two.
A. Use pre-shared keys for authentication.
B. Use digital certificates for authentication instead of pre-shared keys.
C. Do not use digital certificates for authentication.
D. Ensure that the password on the VPN client matches the vpngroup password on the PIX Firewall.
E. Ensure that the group name differs from the VPN group name on the PIX Firewall.
F. Ensure that the group name on the VPN Client matches the vpngroup name on the PIX Firewall.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Type the command that reboots the PIX Firewall
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 9
What is the function of the support tool in the PIX MC?
A. to allow technical support to remotely administer the PIX MC
B. to show available support options for the PIX MC
C. to create a file that captures information about the PIX MC
D. to place the PIX MC in safe mode so you can troubleshoot it
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which command enables IKE on the outside interface?
A. ike enable outside
B. ipsec enable outside
C. isakmp enable outside D. ike enable (outbound)
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
A company just completed the rollout of IP/TV. The first inside network MC client to use the new feature claims they can not access the service. After viewing the above PIX Firewall configuration and network diagram again, the administrator was able to determine the following:

A. The PIX multicast configuration is correct, the configuration problem exists in the MC client’s PC.
B. The igmp forward command was not correct, it should be changed to the following: pix1(config-multicast)# igmp forward interface inside
C. The igmp access-group command was not correct, it should be changed to the following: pix1(config-multicast)# igmp object-group 120.
D. The access-list command was not correct, it should be changed to the following: pix1(config)# access-list 120 permit udp any host 224.0.1.50
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 12
For added security, the network manager wants PCs on the inside network at the remote office to authenticate with an ACS server, ACS1, at the central site before allowing these individuals PCs to access a VPN tunnel. As the network administrator, at which location and what commands should they enter to force remote PC users to authenticate before allowing them access to a VPN tunnel? (Choose two.)

A. vpngroup oxford user-authenticationvpngroup oxford authentication-server ACS1
B. Configured at PIX1
C. Configured at PIX2
D. vpngroup oxford individual-user-authentication ACS1
E. vpngroup oxford mode network-extension-modevpngroup oxford authentication-server ACS1
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which statement about the PIX Firewall and virtual HTTP is true?
A. The PIX Firewall enables web browsers to work correctly with its HTTP authentication. The PIX Firewall redirects the web browser’s initial connection to an IP address which resides within the PIX Firewall, authenticates the user, and then redirects the browser back to the URL the user originally requested.
B. The PIX Firewall supports virtual Telnet, but not virtual HTTP.
C. The PIX Firewall enables RADIUS authorization by redirecting the web browser’s initial connection to an IP address which resides on a web server you specify, authorizing the user, and then redirecting the browser back to the URL the user originally requested.
D. The PIX Firewall enables you to access URLs from its console.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
What does the PIX Firewall license determine? Choose three.
A. its ability to provide cut-through proxy services
B. whether it can be managed by PDM
C. number of interfaces supported by the platform
D. amount fo RAM supported by the platform
E. the software image that can be installed
F. failover support
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 15
You have installed a FWSM in your Catalyst 6500 switch, initialized it in the switch, configured switch VLANs, and configured the module interfaces; however, you are unable to establish outbound connections. You check your configuration and find that you have correctly configured the six basic commands (nameif, interface, ip address, nat, global, and route). What could be the cause of the problem?
A. You have not configured a switch VLAN for the inside interface.
B. You need an ACL for the outside interface.
C. The MSFC is configured as a connected router only on the outside interface.
D. You need an ACL for the inside interface.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What is the default polling period that the PIX Firewall uses to check for updates on the AUS?
A. 1440 seconds
B. 720 minutes
C. 1440 minutes
D. 2880 minutes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Cisco 642-521 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 642-521.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question Cisco 642-521 to the text and laying out a complete study plan for review.Cisco 642-521 also includes a wealth of hands-on practice exercises and a copy of the Cisco 642-521 network simulation software that allows you to practice your Cisco 642-521 hands-on skills in a virtual lab environment.The Cisco 642-521 supporting website keeps you fully informed of any exam changes