Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Flydumps Cisco 642-521 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps assistance.

QUESTION 71
What command applies a blocking function to an interface receiving an attack?
A. conduit
B. ip deny
C. interface
D. shun

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
After configuring a PIX Firewall to run two OSPF processes, what is the default state for passing LSA 3 advertisements?
A. LSA 3 advertisements can pass between areas within a process, but not between processes.
B. LSA 3 advertisements can pass between processes, but not between areas within a process.
C. LSA 3 advertisements can not pass between processes or areas.
D. LSA 3 advertisements can pass between processes and areas.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Your primary PIX Firewall is currently the active unit in your failover topology. What will happen to the current IP addresses on the primary PIX Firewall if it fails?
A. They become those of the standby PIX Firewall.
B. The ones on the primary PIX Firewall remain the same, but the current IP addresses of the secondary become the virtual IP addresses you configured.
C. They are deleted.
D. The ones on both the primary and secondary PIX Firewalls are deleted and both assume the failover IP addresses you configured.

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 74
What is the maximum number of transforms in a transform set?
A. 3
B. 6
C. 9
D. 10

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which command enables intrusion detection in the PIX Firewall?
A. shun
B. enable ids
C. ip audit
D. ids enable

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 76
How does the PDM running on the FWSM differ from PDM running on the PIX Firewall?
A. When running on the FWSM, the PDM has a Startup Wizard.
B. When running on the FWSM, the PDM has a VPN Wizard.
C. When running on the FWSM, the PDM does not have a VPN tab.
D. When running on the FWSM, the PDM does not have a System Properties tab.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What is the purpose of the who command?
A. to enable you to view which IP addresses are currently accessing the PIX Firewall console via Telnet
B. to enable you to view which IP addresses are currently accessing the PIX Firewall console via SSH
C. to remove Telnet access from a previously authorized IP address
D. to enable you to view who is currently accessing the PIX Firewall Device Manager console from a browser
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 78
Which tasks enable DHCP server support on the PIX Firewall? Choose two.
A. Specify a range of addresses for the DHCP server to distribute by using the dhcp ippool command.
B. Specify a range of addresses for the DHCP server to distribute by using the dhcpd address command.
C. Use the iphelper command to enable the PIX Firewall to pass broadcast messages between its DHCP client and DHCP server.
D. Enable the DHCP daemon within the PIX Firewall to listen for DHCP client requests on the enabled interface by using the dhcpd enable command.
E. Enable the PIX Firewall to distribute IP addresses to its DHCP clients from a global pool by using the global command with the dhcp option. Specify the IP address of at least one DNS server.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which statements about the static command are true? Choose two.
A. It cannot be used alone for outbound connections.
B. Statics take precedence over nat and global command pairs.
C. The nat and global command pairs take precedence over statics.
D. If a global IP address will be used for PAT, you should not use the same global IP address for a static translation.
E. If a global IP address will be used for port address translation, you should use the same global IP address for a static translation.
F. If a global IP address will be used in a global pool for use with NAT, you should use the same global IP address for a static translation.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 80
How can downloadable ACLs increase your efficiency when you find yourself creating massive amounts of ACLs on several different PIX Firewalls?
A. They enable you to configure your PIX Firewall to download pre-written ACLs from Cisco Connection Online.
B. You can enter an ACL once, in Cisco Secure ACS, and then have it downloaded to any number of PIX Firewalls during user authentication.
C. You can create all ACLs on one PIX Firewall and distribute them to other PIX Firewalls by using the download command on the receiving PIX Firewall or the upload command on the sending PIX Firewall.
D. You can enter an ACL once in Cisco Secure ACS, and then have it downloaded to no more than 100 PIX Firewalls during authorization.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 81
When are duplicate objects allowed in object groups?
A. when they are due to the inclusion of group objects
B. when a group object is included, which causes the group hierarchy to become circular
C. never
D. always, because there are no conditions or restrictions

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Why is the group tag in the aaa-server command important?
A. The aaa command references the group tag to know where to direct authentication, authorization, or accounting traffic.
B. The group tag identifies which users require authorization to use certain services.
C. The group tag identifies which user groups must authenticate.
D. The group tag enables or disables user authentication services.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What is the purpose of the command ip local pool MYPOOL 10.0.0.20-10.0.0.29?
A. to designate a pool of IP addresses for NAT
B. to designate a pool of IP addresses that will dynamically be assigned to PPPoE clients
C. to designate a pool of IP addresses that will be dynamically assigned to DHCP clients
D. to designate a pool of IP addresses that will be dynamically assigned to VPN clients via IKE mode configuration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which statements about ACLs are true? Choose two.
A. By default, all access in an ACL is permitted.
B. Using the access-group command creates ACL entries.
C. For traffic moving from a lower security level interface to a higher security level interface, the
destination host must have a statically mapped address.
D. For traffic moving from a higher security level interface to a lower security level interface, the source address argument of the ACL command is the translated address of the host or network.
E. For traffic moving from a lower security level interface to a higher security level interface, the source address argument of the ACL command is the global IP address assigned in the static command.
F. For traffic moving from a lower security level interface to a higher security level interface, the destination address argument of the ACL command is the global IP address assigned in the static command.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which commands configure the PIX Firewall’s PPPoE client?
A. only vpdn group, vpdn username, and ip address pppoe
B. only vpngroup and vpnusername
C. only vpdn group and interface pppoe
D. only vpngroup and ip address pppoe

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which transform sets are pre-defined by PDM? Choose two.
A. AH-SHA-HMAC
B. ESP-DES-MD5
C. ESP-3DES-SHA
D. AH-MD5_HMAC
E. AH-DES-MD5
F. nat 0 match acl

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which statement about AH and ESP security protocols is true?
A. Each can be used alone or in conjunction with the other.
B. You must choose one or the other. They cannot be used together.
C. They must be used together.
D. If you need data encryption, data authentication, and replay-detection, you must use both.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 88
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
The XYZ Corporation security manager wants the easy VPN remote office PIX Firewall, PIX1, to authenticate itself with ACS server, ACS1, at the central site before a VPN tunnel is established. As the network administrator, at which location and what command should be enter to enable remote PIX device authentication? (Choose two.)

A. vpnclient oxford unit-authentication
B. vpngroup oxford secure-unit-authentication
C. vpngroup oxford network-extension-mode ACS1
D. configure at PIX1
E. configure at PIX2

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which object group types can be created in the PIX Firewall? Choose three.
A. icmp-type
B. service
C. server host
D. ACL out
E. DHCP
F. protocol

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
After reviewing the above network diagram, which command should an administrator use to map the www server on the DMZ to a static address on the outside network, 192.168.6.9?

A. pix1 (config)# static (dmz,outside) 172.26.26.50 192.168.6.9
B. pix1 (config)# static (outside,dmz) 192.168.6.9 172.26.26.50
C. pix1 (config)# static (dmz,outside) 192.168.6.9 172.26.26.50
D. pix1 (config)# static (outside,dmz) 172.26.26.50 192.168.6.9

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which must you do to enable hosts behind the PIX Firewall to receive multicast transmissions? Choose two.
A. Use the igmp join-group command to configure the PIX Firewall to join a multicast group.
B. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast safe mode.
C. Use the multicast interface command to enable multicast forwarding on each interface and place the interfaces in multicast promiscuous mode.
D. Use the igmp forward command to enable IGMP forwarding on each PIX Firewall interface connected to hosts that will receive multicast transmissions.
E. Use the permit option of the access-list command to configure an ACL that allows traffic to permissible Class D destination addresses.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 94
For added security, the network manager wants PCs on the inside network at the remote office to authenticate with an ACS server, ACS1, at the central site before allowing these individuals PCs to access a VPN tunnel. As the network administrator, at which location and what commands should they enter to force remote PC users to authenticate before allowing them access to a VPN tunnel? (Choose two.)

A. vpngroup oxford user-authentication vpngroup oxford authentication-server ACS1
B. Configured at PIX1
C. Configured at PIX2
D. vpngroup oxford individual-user-authentication ACS1
E. vpngroup oxford mode network-extension-mode vpngroup oxford authentication-server ACS1

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which is likely to cause standard failover via the special serial cable not to work? Choose two.
A. The two PIX Firewalls are running different versions of software.
B. The hardware models are the same.
C. The secondary PIX Firewall has not been properly configured as a secondary PIX Firewall.
D. The secondary PIX Firewall has a 3DES license.
E. The hardware models are different.
F. The standby PIX Firewall has not yet replicated its configuration to the primary PIX Firewall.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 96
To configure the PIX Firewall to forward multicast transmissions from an inside source, which steps are necessary? Choose two.
A. Use the igmp join-group command to enable the PIX Firewall to forward IGMP reports.
B. Use the igmp forward command to enable multicast forwarding on each PIX Firewall interface.
C. Use the multicast interface command to enable multicast forwarding on each PIX Firewall interface.
D. Use the route command to create a static route from the transmission source to the next-hop router interface.
E. Use the mroute command to create a static route from the transmission source to the next-hop router interface.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
drag drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 98
What PIX Firewall feature simplifies the integration of two existing networks that use overlapping IP address spaces?
A. NAT 0
B. inside NAT
C. outside NAT
D. expanded NAT

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 99
The PIX Firewall logs information about packets, such as source and destination IP addresses, in the stateful session flow table. When does this happen?
A. each time it is reloaded
B. each time a TCP or UDP outbound connection attempt is made
C. only when a TCP inbound or outbound connection attempt is made
D. each time a TCP or UDP inbound or outbound connection attempt is made

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Which statement about license keys for PIX Firewalls is true?
A. License keys are specific to the PIX Firewall software versions.
B. License keys exist for the PIX Firewall 515E software version only.
C. License keys are not specific to a particular PIX Firewall software version.
D. License keys are not required for any of the PIX Firewall software versions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which component of the PIX MC selects devices or groups for configuration through the configuration tab?
A. devices tab
B. object bar
C. activity bar
D. object selector

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
An administrator wants to add a comment about access-list aclin line 2. What command should they enter to accomplish this addition?

A. pix1(config)# access-list aclin line 1 remark partner server http access
B. pix1(config)# access-list aclin line 2 remark partner server http access
C. pix1(config)# access-list aclin line 1 comment partner server http access
D. pix1(config)# access-list aclin line 2 comment partner server http access

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 103
A user on the dmz is complaining that they can not gain access to the inside host via HTTP. After reviewing the network diagram and partial configuration, the network administrator determined the following:

A. The static (inside, dmz) command is not configured correctly.
B. The PIX is configured correctly; the issue is with the user’s PC.
C. The nat (dmz) command is missing.
D. The global (dmz) command is not configured correctly.
E. The dmzin access list is not configured correctly.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 104
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 105
You are creating a site-to-site VPN using IPSec between two PIX Firewalls. Which step is optional when configuring the crypto maps on the Firewalls?
A. Create a crypto map entry identifying the crypto map with a unique crypto map name and sequence number.
B. Specify which transform sets are allowed for this crypto map entry.
C. Specify a dynamic crypto map to act as a policy template where the missing parameters are later dynamically configured to match a peer’s requirements.
D. Assign an ACL to the crypto map entry.
E. Specify the peer to which IPSec-protected traffic can be forwarded.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
Type the command that reboots the PIX Firewall
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 107
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

Flydumps Cisco 642-521 practice test is the best training materials. If you are an IT staff, it will be your indispensable training materials. Do not take your future betting on tomorrow. Flydumps Cisco 642-521 practice test are absolutely trustworthy. We are dedicated to provide the materials to the world of the candidates who want to participate in IT exam. To get the Cisco 642-521 exam certification is the goal of many IT people & Network professionals. The pass rate of Flydumps is incredibly high. We are committed to your success.

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Cisco 642-521 Practice Exam, Sale Cisco 642-521 Exam Collection Is What You Need To Take