Flydumps Shares Free Official Cisco 642-522 Exam Training Questions And Answers

Because Cisco 642-522 exam has changed recently, Flydumps presents the new version of Cisco 642-522 practice test, which helps candidates to pass the Cisco 642-522 exam easily. The exam dumps covers all aspect of Cisco 642-522 exam. You can visit our website to free Cisco 642-522 download the New Version VCE Player.

Exam A
QUESTION 1
A new PIX firewall was installed in the Certkiller network to guard against outside attacks. Why does this PIX security appliance record information about a packet in its stateful session flow table?
A. To build the reverse path forwarding (RFP) table to prevent spoofed source IP address.
B. To establish a proxy session by relaying the application layer requests and response between two endpoints.
C. To compare against return packets for determining whether the packet should be allowed through the firewall.
D. To track outbound UDP connections.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Adaptive Security Algorithm (ASA), used by the PIXFirewall for stateful application inspection, ensures the secure use of applications and services. Some applications require special handling by the PIXFirewall application inspection function. Applications that require special application inspection functions are those that embed IP addressing information in the user data packet or open secondary channels on dynamically assigned ports. The application inspection function monitors sessions to determine the port numbers for secondary channels. Many protocols open secondary TCP or UDP ports to improve performance. The initial session on a well-known port is used to negotiate dynamically assigned port numbers. The application inspection function monitors these sessions, identifies the dynamic port assignments, and permits data exchange on these ports for the duration of the specific session. Packets going through PIX are checked using these steps: Access control lists (ACLs)-Used for authentication and authorization of connections based on specific networks, hosts, and services (TCP/UDP port numbers). Inspections-Contains a static, pre-defined set of application-level inspection functions. Connections (XLATE and CONN tables)-Maintains state and other information about each established connection. This information is used by ASA and cut-through proxy to efficiently forward traffic within established sessions. 1.A TCP SYN packet arrives at the PIXFirewall to establish a new connection. 2.The PIXFirewall checks the access control list (ACL) database to determine if the connection is permitted. 3.The PIXFirewall creates a new entry in the connection database (XLATE and CONN tables). 4.The PIXFirewall checks the Inspections database to determine if the connection requires application-level inspection. 5.After the application inspection function completes any required operations for the packet, the PIXFirewall forwards the packet to the destination system. 6.The destination system responds to the initial request. 7.The PIXFirewall receives the reply packet, looks up the connection in the connection database, and forwards the packet because it belongs to an established session. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/ products_configuration_guide_chapter09186a00800 e

QUESTION 2
A new Certkiller ASA 5500 was installed in the Certkiller network. In the Cisco ASA 5500 series, what is the flash keyword aliased to?
A. Disk0
B. Disk1
C. Both Disk0 and Disk1
D. Flash0
E. Flash1

Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation:
See the following URL syntax:
disk0:/[path/]filename
For the ASA 5500 series adaptive security appliance, this URL indicates the internal Flash memory. You
can also use flash instead of disk0; they are aliased.
Reference:
http://www.cisco.com/en/US/products/ps6120/
products_configuration_guide_chapter09186a0080450b90.html
QUESTION 3
Cisco firewalls maintain state awareness of all traffic going through it. What is the core component of the PIX firewall that accommodates for this?
A. PFS
B. ASA
C. VAC
D. FWSM
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Adaptive Security Algorithm (ASA) is the brains of the pix, keeping track of stateful connection
information. This allows the firewall to maintain stateful packet awareness to allow for the return traffic to
traverse through the firewall.
QUESTION 4
A new Cisco PIX 535 is being installed in the Certkiller network. What is the maximum number of physical interfaces the PIX Firewall 535 supports with an unrestricted license?
A. 20
B. 10
C. 6
D. 5
E. 3

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are
configurable with the unrestricted license.

-The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.

-A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a total of 10 are
configurable with the unrestricted license.
PIX model license Comparison:
Reference: http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/ products_installation_guide_chapter09186a

QUESTION 5
On a new Certkiller PIX the “same-security-traffic permit intra-interface” configuration command was issued. What are two purposes of this command? (Choose two)
A. It allows all of the VPN spokes in a hub-and-spoke configuration to be terminated on a single interface.
B. It allows communication between different interfaces that have the same security level.
C. It permits communication in and out of the same interface when the traffic is IPSec protected.
D. It enabled Dynamic Multipoint VPN.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation: B is correct, however the other correct answer to this question is certainly not C because in order to make this happen with this command the syntax must be changed from intra-interface to inter-interface. It must be A because the purpose of allowing IPSec to go in and out of the same interface is for a hub and spoke VPN configuration or hairpinning. In other words two clients connected with IPSec to the same interface of a security appliance can send protected traffic between the two of them via the termination point.

QUESTION 6
A new Certkiller security appliance is being installed for the first time. By default, the AIP-SSM IPS software is accessible from the management port at IP address 10.1.9.201/24. Which CLI command should and administrator use to change the default AIP-SSM management port IP address?
A. hw module 1 setup
B. interface
C. setup
D. hw module 1 recover
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
After you have completed configuration of the ASA 5500 series adaptive security appliance to divert traffic
to the AIP SSM, session to the AIP SSM and run the setup utility for initial configuration.

To session to the AIP SSM from the adaptive security appliance, perform the following steps: Step 1 Enter the session 1 command to session from the ASA 5500 series adaptive security appliance to the AIP SSM. hostname# session 1 Step 2 Enter the username and password. The default username and password are both cisco. Note: The first time you log in to the AIP SSM you are prompted to change the default password. Step 3 Enter the setup command to run the setup utility for initial configuration of the AIP SSM. AIP SSM# setup You are now ready to configure the AIP SSM for intrusion prevention, including the ability to change the AIP-SSM management IP address.. Reference: Cisco Security Appliance Command Line Configuration Guide for the Cisco ASA 5500 Series and Cisco PIX 500 Series Software Version 7.0(4) page 19-3

QUESTION 7
A Certkiller ASA appliance is shown below:

Refer to the exhibit above. The Certkiller administrator has configured the first four ports on a Cisco ASA
5540 Security Appliance. The technician attached the next data cable to Port A.
When configuring this interface, what physical type, slot, and port number should the administrator add to
the configuration?

A. GigabitEthernet0/0
B. GigabitEthernet0/5
C. GigabitEthernet0/4
D. Management0/0

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: If you want to use ASDM to configure the security appliance instead of the command-line interface, you can connect to the default management address of 192.168.1.1 (if your security appliance includes a factory default configuration). On the ASA 5500 series adaptive security appliance, the interface to which you connect with ASDM is Management 0/0. For the PIX 500 series security appliance, the interface to which you connect with ASDM is Ethernet 1. If you do not have a factory default configuration, follow the steps in this section to access the command-line interface. You can then configure the minimum parameters to access ASDM by entering the setup command. Reference: Cisco Security Appliance Command Line Configuration Guide for the Cisco ASA 5500 Series and Cisco PIX 500 Series, page 2-84

QUESTION 8
The files on a Certkiller security appliance need to be verified. How can you view the files listed in a PIX flash memory?
A. show pix flash
B. show flash memory
C. show flashfs
D. show flash mfs
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: You can view the size of your configuration from the PIX Firewall console. Either connect a computer to the PIX Firewall unit or use Telnet to access the console. After entering the enable mode password, use the show flashfs command to view the configuration size, as shown in the following example: CK1 #show flashfs flash file system: version:2 magic:0x12345679 file 0: origin: 0 length:2502712 file 1: origin: 2621440 length:2324 file 2: origin: 0 length:0 file 3: origin: 2752512 length:2608708 file 4: origin: 8257536 length:280 The “file 1” line lists the number of characters in your configuration after the “length” parameter. In this example, the configuration consists of 2,324 characters. Divide this number by 1,024 to view the number of kilobytes. The configuration in this example is slightly more than 2 KB. The optimal configuration file size to use with PDM is less than 100KB, which is approximately 1500 lines. PIXFirewall configuration files over 100KB may interfere with the performance of PDM on your workstation. Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/ products_installation_guide_chapter09186a008007 d
QUESTION 9
The Certkiller network is displayed in the following diagram:

Refer to the exhibit above. Users on the DMZ are complaining that they cannot gain access to the inside
host via HTTP. What did the network administrator determine after reviewing the network diagram and partial configuration?
A. The static (inside,dmz) command is not configured correctly.
B. The global (dmz) command is not configured correctly.
C. The nat (dmz) command is missing.
D. The dmzin access list is not configured correctly.
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Based on the configuration above, the real IP address of the WWW server (insidehost) is 10.0.1.11, but there is a static NAT entry that translates this address to 192.168.1.18. Users from the outside will attempt to connect to the server “insidehost” using the 192.168.1.18 IP address. The access list must therefore permit WWW traffic to this host, not the 10.0.1.11 host. The DMZ access list should read “access-list dmzin permit tcp any host 192.168.1.18 eq www”

QUESTION 10
The security team at Certkiller is working on dynamic NAT. How can dynamic outside NAT simplify router configuration on your internal or perimeter networks?
A. It can simplify because you can configure your routing within the nat command.
B. It can simplify because you can configure your routing within the global command.
C. It can simplify by controlling the addresses that appear on these networks.
D. It can simplify because statics take precedence over nat and global command pairs.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Dynamic outside NAT -Translates host addresses on less secure interfaces to a range or pool of IP address on a more secure interface. This is most useful for controlling the address on a more secure interface. This is most useful for controlling the address that appear on inside of the pix firewall and for connecting networks with overlapping addresses. Reference: Cisco Secure PIX Firewall Advanced 3.1 6-11 Inside dynamic NAT: Translates between host addresses on more secure interfaces and a range or pool of IP addresses on a less secure interface. This provides a one-to-one mapping between internal and external addresses that allows internal users to share registered IP addresses and hides internal addresses from view on the public Internet. Reference: Establishing Connectivity www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm
This volume is part of the Exam Certification Guide Series from Cisco 642-522.Cisco 642-522 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-522 Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as Cisco 642-522 exam day nears.