642-521 Exam

Quality and Value for the 642-521 Exam

Test4pass Practice Exams for Cisco 642-521 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 642-521 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCSP 642-521 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

Cisco 642-521 Downloadable, Printable Exams (in PDF format)

Our Exam 642-521 Preparation Material provides you everything you will need to take your 642-521 Exam. The 642-521 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

642-521 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-521 Exam will provide you with free 642-521 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-521 Exam:100% Guarantee to Pass Your CCSP exam and get your CCSP Certification.

Hot KeyWords On 642-521 test

We collect some hot keywords about this exam:
Test4pass , Pass 4 Sure , Test in Side ,Pass Guide ,Test King 642-521 exam | 642-521 pdf exam | 642-521 braindumps | 642-521 study guides | 642-521 trainning materials | 642-521 simulations | 642-521 testing engine | 642-521 vce | 642-521 torrent | 642-521 dumps | free download 642-521 | 642-521 practice exam | 642-521 preparation files | 642-521 questions | 642-521 answers.

How to pass your 642-521 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 642-521 test,The safer.easier way to get CCSP Certification .

��
��
Exam : Cisco 642-521
Title : Cisco Secure PIX Firewall Advanced


1. What does the PIX Firewall license determine? Choose three.
A. its ability to provide cut-through proxy services
B. whether it can be managed by PDM
C. number of interfaces supported by the platform
D. amount fo RAM supported by the platform
E. the software image that can be installed
F. failover support
Answer: CDF

2. A company just completed the rollout of IP/TV. The first inside network MC client to use the new feature claims they can not access the service. After viewing the above PIX Firewall configuration and network diagram again, the administrator was able to determine the following:
A. The PIX multicast configuration is correct, the configuration problem exists in the MC client's PC.
B. The igmp forward command was not correct, it should be changed to the following: pix1(config-multicast)# igmp forward interface inside
C. The igmp access-group command was not correct, it should be changed to the following: pix1(config-multicast)# igmp object-group 120.
D. The access-list command was not correct, it should be changed to the following: pix1(config)# access-list 120 permit udp any host 224.0.1.50
Answer: D

3. Which command enables IKE on the outside interface?
A. ike enable outside
B. ipsec enable outside
C. isakmp enable outside
D. ike enable (outbound)
Answer: C

4. If you configure a VPN between a Cisco VPN Client and the PIX Firewall using pre-shared keys for authentication, which should you do? Choose two.
A. Use pre-shared keys for authentication.
B. Use digital certificates for authentication instead of pre-shared keys.
C. Do not use digital certificates for authentication.
D. Ensure that the password on the VPN client matches the vpngroup password on the PIX Firewall.
E. Ensure that the group name differs from the VPN group name on the PIX Firewall.
F. Ensure that the group name on the VPN Client matches the vpngroup name on the PIX Firewall.
Answer: DF

5. While entering a list of host addresses to an ACL, the administrator left out an ACE for host 192.168.0.9. The administrator wants to add an access control entry for 192.168.0.9 between line 3 and line 4 of the existing access-list. What command should be entered to accomplish this addition?
A. pix1(config)# access-list aclin line 4
permit tcp any host 192.168.0.9 eq www
B. pix1(config)# access-list aclin line 3
permit tcp any host 192.168.0.9 eq www
C. pix1(config)# access-list aclin add-line 4
permit tcp any host 192.168.0.9 eq www
D. pix1(config)# access-list aclin add-line 3
permit tcp any host 192.168.0.9 eq www
Answer: A

6. You already created an ACL named ACLIN to permit traffic from certain Internet hosts to the web server on your DMZ. How do you make the ACL work? Choose two.
A. bind the ACL to the DMZ interface
B. bind the ACL to the inside interface
C. bind the ACL to the outside interface
D. create a static mapping for the DMZ interface
E. create a static mapping for the web server
F. create a conduit mapping for the web server
Answer: CE

7. You have installed a FWSM in your Catalyst 6500 switch, initialized it in the switch, configured switch VLANs, and configured the module interfaces; however, you are unable to establish outbound connections. You check your configuration and find that you have correctly configured the six basic commands (nameif, interface, ip address, nat, global, and route). What could be the cause of the problem?
A. You have not configured a switch VLAN for the inside interface.
B. You need an ACL for the outside interface.
C. The MSFC is configured as a connected router only on the outside interface.
D. You need an ACL for the inside interface.
Answer: D

8. For added security, the network manager wants PCs on the inside network at the remote office to authenticate with an ACS server, ACS1, at the central site before allowing these individuals PCs to access a VPN tunnel. As the network administrator, at which location and what commands should they enter to force remote PC users to authenticate before allowing them access to a VPN tunnel? (Choose two.)
A. vpngroup oxford user-authenticationvpngroup oxford authentication-server ACS1
B. Configured at PIX1
C. Configured at PIX2
D. vpngroup oxford individual-user-authentication ACS1
E. vpngroup oxford mode network-extension-modevpngroup oxford authentication-server ACS1
Answer: AC

9. Your primary PIX Firewall is currently the active unit in your failover topology. What will happen to the current IP addresses on the primary PIX Firewall if it fails?
A. They become those of the standby PIX Firewall.
B. The ones on the primary PIX Firewall remain the same, but the current IP addresses of the secondary become the virtual IP addresses you configured.
C. They are deleted.
D. The ones on both the primary and secondary PIX Firewalls are deleted and both assume the failover IP addresses you configured.
Answer: A

10. Which statements about the PIX Firewall's DHCP capabilities are true? Choose two.
A. It can be a DHCP server.
B. It cannot be a DHCP client.
C. You must remove a configured domain name.
D. It can be a DHCP server and client simultaneously.
E. It cannot pass configuration parameters it receives from another DHCP server to its own DHCP clients.
F. The PIX Firewall's DHCP server can be configured to distribute the IP addresses of up to four DNS servers to its clients.
Answer: AD

11. What is the default port number that the PIX Firewall uses to contact the AUS?
A. 25
B. 110
C. 443
D. 444
Answer: C

12. Which statement about the PIX Firewall and virtual HTTP is true?
A. The PIX Firewall enables web browsers to work correctly with its HTTP authentication. The PIX Firewall redirects the web browser's initial connection to an IP address which resides within the PIX Firewall, authenticates the user, and then redirects the browser back to the URL the user originally requested.
B. The PIX Firewall supports virtual Telnet, but not virtual HTTP.
C. The PIX Firewall enables RADIUS authorization by redirecting the web browser's initial connection to an IP address which resides on a web server you specify, authorizing the user, and then redirecting the browser back to the URL the user originally requested.
D. The PIX Firewall enables you to access URLs from its console.
Answer: A

13. What is the function of the support tool in the PIX MC?
A. to allow technical support to remotely administer the PIX MC
B. to show available support options for the PIX MC
C. to create a file that captures information about the PIX MC
D. to place the PIX MC in safe mode so you can troubleshoot it
Answer: C

14. If the FTP protocol fixup is not enabled for a given port, which statements are true? Choose two.
A. Outbound standard FTP will work properly on that port.
B. Outbound passive FTP will not work properly on that port.
C. Outbound standard FTP will not work properly on that port.
D. Outbound standard FTP will work properly on that port if outbound traffic is not explicitly disallowed.
E. Inbound standard FTP will not work properly on that port even if a conduit to the inside server exists.
F. Outbound passive FTP will work properly on that port as long as outbound traffic is not explicitly disallowed.
Answer: CF