Free P4S Cisco CCSP Exam 642-522 v2.93 Download

Securing Networks with PIX and ASA Exam(SNPA) : 642-522 Exam The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.

Exam Number/Code: 642-522
Exam Name: Securing Networks with PIX and ASA Exam(SNPA)
VUE Code: 642-522
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

Exam Description Introduction
The Securing Networks with PIX and ASA exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNPA v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco PIX and ASA security appliance products.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Install and configure a security appliance for basic network connectivity
Describe the Security Appliance hardware and software architecture
Determine the Security Appliance hardware and software configuration and verify if it is correct
Use setup or the CLI to configure basic network settings, including interface configurations
Use appropriate show commands to verify initial configurations
Configure NAT and global addressing to meet user requirements
Configure DHCP client option
Set default route
Configure logging options
Describe the firewall technology
Explain the information contained in syslog files
Configure static address translations
Configure Network Address Translations: PAT
Configure static port redirection
Configure a net static
Set embryonic and connection limits on the security appliance
Verify network address translation operation

Configure a security appliance to restrict inbound traffic from untrusted sources
Configure access-lists to filter traffic based on address, time, and protocols
Configure object-groups to optimize access-list processing
Configure Network Address Translations: Nat0
Configure Network Address Translations: Policy NAT
Configure java/activeX filtering
Configure URL filtering
Verify inbound traffic restrictions

Configure a security appliance to provide secure connectivity using site-to-site VPNs
Explain certificates, certificate authorities and how they are used
Explain the basic functionality of IPSec
Configure IKE with preshared keys
Configure IKE to use certificates
Differentiate between the types of encryption
Configure IPSec parameters
Configure crypto-maps and ACLs

Configure a security appliance to provide secure connectivity using remote access VPNs
Explain the functions of EasyVPN
Configure IPSec using EasyVPN Server/Client
Configure the Cisco Secure VPN client
Explain the purpose of WebVPN
Configure WebVPN services: Server/Client
Verify VPN operations

Configure transparent firewall, virtual firewall, and high availability firewall features on a security appliance
Explain differences between L2 and L3 operating modes
Configure security appliance for transparent mode (L2)
Explain purpose of virtual firewalls
Configure security appliance to support virtual firewall
Monitor and maintain virtual firewall
Explain the types, purpose and operation of fail-over
Install appropriate topology to support cable-based or LAN-based fail-over
Explain the hardware, software and licensing requirements for high-availability
Configure the SA for active/standby fail-over
Configure the SA for stateful fail-over
Configure the SA for active-active fail-over
Verify fail-over operation
Recover from a fail-over

Configure AAA services for access through a security appliance
Configure ACS for security appliance support
Configure security appliance to use AAA feature
Configure authentication using both local and external databases
Configure authorization using an external database
Configure the ACS server for downloadable ACLs
Configure accounting of connection start/stop
Verify AAA operation

Configure routing and switching on a security appliance
Enable DHCP server and relay functionality
Configure VLANs on a security appliance interface
Configure routing functionality of security appliance including OSPF, RIP
Configure security appliance to pass multi-cast traffic
Configure ICMP on the security appliance

Configure a modular policy on a security appliance
Configure a class-map
Configure a policy-map
Configure a service-policy
Configure a ftp-map
Configure a http-map
Configure an inspection protocol
Explain the function of protocol inspection
Explain DNS guard feature
Describe the AIP-SSM HW and SW
Load IPS SW on the AIP-SSM
Verify AIP-SSM
Configure an IPS modular policy

Monitor and manage an installed security appliance
Obtain and apply OS updates
Backup and restore configurations and software
Explain the security appliance file management system
Perform password/lockout recovery procedures
Obtain and upgrade license keys
Configure passwords for various access methods: Telnet, serial, enable, SSH
Configure various access methods: Telnet, SSH, PDM
Configure command authorization and privilege levels
Configure local username database
Verify access control methods
Enable ASDM functionality
Verify a security appliance configuration via ASDM
Verify the licensing available on a security appliance

“Securing Networks with PIX and ASA Exam(SNPA)”, also known as 642-522 exam, is a Cisco certification.
Preparing for the 642-522 exam Searching 642-522 Test Questions, 642-522 Exam, 642-522 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 63 Q&A we offer correct answers for simulate questions. to your 642-522 Exam preparation. In the 642-522 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

QUESTION 16
The following was displayed in a PassGuide syslog server:
Refer to the exhibit shown above. You are the PassGuide administrator who is
inundated with unwanted syslog messages. You want to stay at your current syslog
message level but block selected unwanted syslog messages from filling your syslog.
What command should you use to block specific unwanted message number
710005?
A. logging message deny 710005
B. no logging debug 710005
C. logging trap deny 71005
D. no logging message 710005
Answer: D
Explanation:
The following table displays the relevant Cisco PIX syslog configuration commands:
Command Description Introduction
logging on Enables transmission of syslog
messages to all output locations. You
can disable sending syslog messages
with the no logging on command.
no logging message message_number Allows you to disable specific syslog
messages. Use the logging message
message_number command to resume
logging of specific disabled messages.
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008

0
QUESTION 17
The PassGuide WAN is displayed in the following diagram:
642-522
www.actualtest.org – The Power of Knowing
Refer to the exhibit shown above. The PassGuide administrator wants to
permanently map host addresses on the DMZ subnet to the same host addresses, but
using a different subnet on the outside interface. Which command (or set of
commands) should the administrator use to accomplish this?
A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0
B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0
Nat (outside) 10 access-list server_map
Global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. NAT (dmz) 1 172.16.1.0 netmask 255.255.255.0
Global (outside) 1 192.168.10.9-10 netmask 255.255.255.0
Answer: C
Explanation:
To configure regular static NAT, use the “static” command. This command is normally
done to create static 1-1 mappings, but can be done to create static mappings for an entire
subnet as required in this example.
For example, the following command maps the outside address (209.165.201.15) to an
inside address (10.1.1.6):
hostname(config)# static (outside,inside) 10.1.1.6 209.165.201.15 netmask
255.255.255.255
The following command statically maps an entire subnet:
hostname(config)# static (inside,dmz) 10.1.1.0 10.1.2.0 netmask 255.255.255.0
Note: If you specify a network for translation (for example, 10.1.1.0 255.255.255.0), then
the security appliance translates the .0 and .255 addresses.
Reference: Cisco Security Appliance Command Line Configuration Guide For the Cisco
ASA 5500 Series and Cisco PIX 500 Series, page 14-45.
QUESTION 18
If you want IP addresses of hosts on the PassGuide DMZ and inside network
translated when they make connections to hosts on the outside interface of the
security appliance, what is the minimum NAT configuration you can enter?
A. 1 NAT statement and 1 global statement
B. 1 NAT statement and 2 global statements
642-522
www.actualtest.org – The Power of Knowing
C. 2 NAT statements and 1 global statement
D. 2 NAT statements and 2 global statements
E. None of the above.
Answer: C
Explanation:
A single global NAT statement can be used to translate both the inside hosts and the
DMZ hosts to the same external IP address. Typically, the IP address of the outside
interface is used. In addition to this, two NAT statements will be required so the firewall
knows which IP subnets are to be translated. In this case, one that specifies the hosts on
the inside network, and one to specify the hosts on the DMZ; giving us a total of 2 NAT
statements and 1 global statement.
Example:
Pix# nat (inside) 1 10.0.0.0 255.255.255.0
Pix# nat (dmz) 1 172.16.1.0 255.255.255.0
Pix# golbal (outside) 1 192.168.0.1 netmask 255.255.255.255
First nat command statement permits all host on the inside network 10.0.0.0 to start
outbound connections using the IP address from Global ID 1.
Second nat command statement permits all host on the DMZ network 172.16.1.0 to start
outbound connections using the IP address from Global ID 1.
QUESTION 19
Which of the following commands allows the PassGuide security administrator to
disable IP address translation through a PIX firewall?
A. NAT 0
B. Global disable
C. access list
D. static
E. None of the above
Answer: A
Explanation:
If you want to disable the ip address translation of a host as it goes through a pix,
reference that host in an NAT 0 IOS command. All hosts reference in “nat 0″ will not
have their IP addresses translated and the destination host will see its real IP address.
QUESTION 20
The PassGuide administrator wants to protect the DMZ web server from SYN flood
attacks. Which command does NOT allow this administrator to place limits on the
number of embryonic connections?
A. nat
B. static
642-522
www.actualtest.org – The Power of Knowing
C. set connection
D. HTTP-map
E. All of the above
Answer: D