Securing Networks with PIX and ASA Exam(SNPA) : 642-522 Exam
Exam Number/Code: 642-522
Exam Name: Securing Networks with PIX and ASA Exam(SNPA)
VUE Code: 642-522
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English
“Securing Networks with PIX and ASA Exam(SNPA)”, also known as 642-522 exam, is a Cisco certification.
Preparing for the 642-522 exam Searching 642-522 Test Questions, 642-522 Exam, 642-522 Dumps
With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 63 Q&A we offer correct answers for simulate questions. to your 642-522 Exam preparation. In the 642-522 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.
QUESTION 26
Object groups are being configured on a PassGuide security appliance. When are
duplicate objects allowed in object groups?
A. Never
B. Always, because there are no conditions or restrictions.
C. When a group object is included and causes the group hierarchy to become circular.
D. When they are due to the inclusion of group objects.
Answer: D
Explanation:
The following example shows how to use the group-object mode to create a new object
group that consists of previously defined objects:
hostname(config)# object-group network host_grp_1
hostname(config-network)# network-object host 192.168.1.1
hostname(config-network)# network-object host 192.168.1.2
hostname(config-network)# exit
642-522
www.actualtest.org – The Power of Knowing
hostname(config)# object-group network host_grp_2
hostname(config-network)# network-object host 172.23.56.1
hostname(config-network)# network-object host 172.23.56.2
hostname(config-network)# exit
hostname(config)# object-group network all_hosts
hostname(config-network)# group-object host_grp_1
hostname(config-network)# group-object host_grp_2
hostname(config-network)# exit
hostname(config)# access-list grp_1 permit tcp object-group host_grp_1 any eq ftp
hostname(config)#access-list grp_2 permit tcp object-group host_grp_2 any eq smtp
hostname(config)#access-list all permit tcp object-group all_hosts any eq www
Without the group-object command, you need to define the all_hosts group to include all
the IP addresses that have already been defined in host_grp_1 and host_grp_2. With the
group-object command, the duplicated definitions of the hosts are eliminated.
Reference: Cisco Security Appliance Command Reference for the Cisco ASA 5500
Series and Cisco PIX 500 Series, page 6-116.
QUESTION 27
The PassGuide network has a complex security policy configured on their firewalls.
Which PIX Firewall feature should you configure to minimize the number of ACLs
needed to implement your policy?
A. You should configure the ASA
B. You should configure the packet capture
C. You should configure the object grouping
D. You should configure the turbo ACLs
E. You should configure the IP helper
Answer: C
Explanation:
To simplify the task of creating and applying ACLs, you can group network objects such
as hosts and services such as FTP and HTTP. This reduces the number of ACLs required
to implement complex security policies.
Reference: Cisco Secure PIX Firewall Advanced 3.1, Chapter 8, Page 3.
QUESTION 28
A PassGuide PIX used for a VPN has been configured with the “nat 0″ command.
What is the purpose of the “nat 0″ command when used in conjunction with IPSec?
A. It instructs the security appliance not to use Network Address Translation for any
traffic deemed interesting traffic for IPSec.
B. It instructs the security appliance to use Network Address Translation for any traffic
deemed interesting traffic for IPSec.
C. It disables Network Address Translation control on the security appliance.
D. It enables Network Address Translation Traversal for any traffic deemed interesting
642-522
www.actualtest.org – The Power of Knowing
for IPSec.
E. None of the above
Answer: A
Explanation:
The nat 0 command bypasses NAT for the packets destined over the IPsec tunnel in a
PIX firewall. In the following example, access list 140 is used to specify the networks
that are not to be translated over the IPSec tunnel.
Example:
CKPIX# Nat (inside) 0 access-list 140
QUESTION 29
The PassGuide network is shown in the following diagram:
Refer to the exhibit above. The PassGuide administrator wants a user on the inside
network to access two sites on the Internet and present two different source IP
addresses. When the user is accessing Company A’s web servers, the source IP
address is translated to 192.168.0.9. When the user is accessing Company B’s web
servers, the source address is translated to 192.168.0.21.
Which of these can the security appliance administrator configure to accomplish
this application?
A. Inside NAT
B. Identity NAT
C. Static
D. Policy NAT
E. None of the above
Answer: D
Explanation:
Policy NAT lets you identify local traffic for address translation by specifying the source
and destination addresses (or ports) in an access list. Regular NAT uses source
addresses/ports only, whereas policy NAT uses both source and destination
addresses/ports.
With policy NAT, you can create multiple NAT or static statements that identify the
same local address as long as the source/port and destination/port combination is unique
for each statement. You can then match different global addresses to each source/port and
642-522
www.actualtest.org- The Power of Knowing
destination/port pair.
The example below shows a host on the 10.1.2.0/24 network accessing two different
servers. When the host accesses the server at 209.165.201.11, the local address is
translated to 209.165.202.129. When the host accesses the server at 209.165.200.225, the
local address is translated to 209.165.202.130.
Policy NAT with Different Destination Addresses Example:
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00801
7
QUESTION 30
URL filtering is being implemented in the PassGuide network. How many different
URL filtering servers can a pix support?
A. 8
B. 12
C. 16
D. 20
E. 1
Answer: C
pass4sure 642-522 Questions and Answers : 63 Q&A we offer correct answer
Updated: October 3rd , 2008
Price: $129.99 $89.99
Free download:pass4sure 642-522
Free download:PassGuide 642-522
password:www.ciscoexams.org
Download Latest Passforsure P4S Rapidshare links
- Free pass4sure ccsp 642-532 v2.93 Download
- Free pass4sure ccsp 642-503 v2.93 Download
- Free offer new latest pass4sure cisco ccsp dumps Download
- Free 5 CCNA Certification Exam Dumps Download
- Free P4S Cisco CCSP Exam 642-551 v2.93 Download
- Free CCNA Lab 3 CDP Command Operations Download
- Free pass4sure ccsp 642-502 v2.93 Download
- Free Pass4sure cisco ccsp mars 642-545 2.95 Download
- Free pass4sure ccsp 642-503 v2.83 Download
- Free pass4sure ccsp 642-591 v2.93 Download
- Free pass4sure ccsp 642-523 v2.95 Download
- Free pass4sure CCSP 642-524 v2.83 Download
- Free P4S Cisco CCSP Exam 642-522 v2.93 Download
- Free Cisco CCSP 642-524 SNAF Securing Networks with ASA Foundation Download
- Free pass4sure ccsp 642-522 v2.95 Download
[...] Pass4sure Cisco 642-502 Securing Networks with Cisco Routers and Switches Exam(SNRS) Pass4sure Cisco 642-522 Securing Networks with PIX and ASA Exam(SNPA) Pass4sure Cisco 642-532 Securing Networks Using [...]