Free pass4sure ccsp 642-522 v2.95 Download

Securing Networks with PIX and ASA Exam(SNPA) : 642-522 Exam

Exam Number/Code: 642-522
Exam Name: Securing Networks with PIX and ASA Exam(SNPA)
VUE Code: 642-522
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

“Securing Networks with PIX and ASA Exam(SNPA)”, also known as 642-522 exam, is a Cisco certification.
Preparing for the 642-522 exam Searching 642-522 Test Questions, 642-522 Exam, 642-522 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 63 Q&A we offer correct answers for simulate questions. to your 642-522 Exam preparation. In the 642-522 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

QUESTION 21
You want to verify the NAT/PAT configuration on a new PassGuide security
appliance. Which of the following commands shows the translation table entries?
A. show conn
B. show trans
C. show xlate
D. show tslot
E. show nat
Answer: C
Explanation:
Use the show xlate command to see all ip address translations currently on the pix.
Example:
The following is sample output from the show xlate command with three active Port
Address Translations (PATs):
CKPIX1(config)# show xlate
3 in use, 3 most used
PAT Global 192.150.49.1(0) Local 10.1.1.15 ICMP id 340
PAT Global 192.150.49.1(1024) Local 10.1.1.15(1028)
PAT Global 192.150.49.1(1024) Local 10.1.1.15(516)
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801

c
QUESTION 22
Observe the following diagram regarding a PassGuide PIX access list.
The PassGuide administrator wants to add a comment about access-list aclin before
line 2 as shown above. What command should the administrator enter to accomplish
this addition?
A. pix1(config)# access-list aclin line 1 remark partner server http access
B. pix1(config)# access-list aclin line 2 remark partner server http access
C. pix1(config)# access-list aclin line 1 comment partner server http access
D. pix1(config)# access-list aclin line 2 comment partner server http access
E. None of the above
Answer: B
642-522
www.actualtest.org – The Power of Knowing
Explanation:
You can include remarks about entries in any access list, including extended, EtherType,
and standard access lists. The remarks make the access list easier to understand.
To add a remark after the last access-list command you entered, enter the following
command:
hostname(config)# access-list access_list_name remark text
If you enter the remark before any access-list command, then the remark is the first line
in the access list.
If you delete an access list using the no access-list access_list_name command, then all
the remarks are also removed.
The text can be up to 100 characters in length. You can enter leading spaces at the
beginning of the text. Trailing spaces are ignored.
For example, you can add remarks before each ACE, and the remark appears in the
access list in this location. Entering a dash (-) at the beginning of the remark helps set it
apart from ACEs.
hostname(config)# access-list OUT remark – this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark – this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any
If you wish to add the remark to an already existing access list, use the “line” keyword to
specify which line to add the remark to, as specified in answer choice B. In this case,
because we want to insert the remark before line 2, we need to specify line 2, not line 1.
Reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf0.html#

w
QUESTION 23
At the end of an access list configured on a PassGuide router, an explicit deny
statement was configured. Why include a deny statement at the end of an ACL, even
though the implicit deny at the end of the ACL will block traffic as needed?
A. You can view the hit counters with the show access-list command.
B. There is no reason to include the deny statement.
C. You can enable the turbo ACL feature for individual ACLs.
D. As back-up, in case the implicit deny does not work.
E. All of the above
Answer: A
Explanation:
You can use the show access-list command to monitor specific deny entries that can be
monitored for hit count. This provides information about prohibited network access
attempts without having to enable logging on ACL entries. The last line of the ACL
should be a
deny ip any any. Once again, the hit count against this last entry can provide information
about prohibited access attempts and this can only be seen with explicit access list
642-522
www.actualtest.org – The Power of Knowing
entries.
Reference:
http://www.cisco.com/en/US/tech/ CK6 48/ CK3 61/technologies_white_paper09186a00801afc76.shtml
QUESTION 24
The following output was seen on a PassGuide PIX firewall:
Refer to the show run output in the exhibit shown above. Which access-list
configuration using the object-groups shown will only permit HTTP and HTTPS
traffic from any host on 10.1.1.0/24 to any host on 192.168.1.0/24?
A. access-list aclin extended permit tcp object-group test2 object-group test1
object-group test3
B. access-list aclin extended permit tcp object-group test1 object-group test2
object-group test3
C. access-list aclin extended permit tcp object-group test1 object-group test3
object-group test2
D. access-list aclin extended permit ip object-group test1 object-group test2
Answer: B
Explanation:
To use object groups in an access list, replace the normal protocol (protocol), network
(source_addressmask, etc.), service (operator port), or ICMP type (icmp_type) parameter
with object-group grp_id parameter.
For example, to use object groups for all available parameters in theaccess-list {tcp |
udp} command, enter the following command:
hostname(config)# access-list access_list_name [line line_number] [extended]{deny|
permit} {tcp | udp} object-group nw_grp_id [object-group svc_grp_id] object-group
nw_grp_id [object-group svc_grp_id] [log[[level] [interval secs] | disable | default]]
[inactive | time-range time_range_name]
Fundamentally, the same access rules apply whether of not object groups are used. First,
the source network or networks is looked at, then the destination network, and finally the
protocols used. Therefore, choice B is correct.
Reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450bf0.html#

w
QUESTION 25
A new PassGuide security appliance is being configured for object groups. Which two
642-522
www.actualtest.org – The Power of Knowing
of these are valid types of object groups? (Choose two)
A. Ping
B. Service
C. Protocol
D. Port
E. TCP
F. UDP
Answer: B, CQuestions and Answers : 63 Q&A we offer correct answer
Updated: October 3rd , 2008
Price: $129.99 $89.99

Free download:pass4sure 642-522
Free download:PassGuide 642-522

password:www.ciscoexams.org

pass4sure 642-522