Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
BlackBerry certification BlackBerry
Checkpoint certification Checkpoint
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
COGNOS certification COGNOS
CompTIA certification CompTIA
CWNP certification CWNP
ECCouncil certification ECCouncil
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
F5 Networks certification F5 Networks
HP certification HP
IBM certification IBM
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper
Lotus certification Lotus
LPI certification LPI
Microsoft certification Microsoft
Nortel certification Nortel
Oracle certification Oracle
PMI certification PMI
RedHat certification RedHat
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Tibco certification Tibco
VMware certification VMware
All Exams

Cisco 642-522 Exam - Testking

Free 642-522 Sample Questions:

1.Refer to the exhibit. An administrator has configured the first four data ports on a Cisco ASA 5540 Security Appliance. The technician attaches the next data cable to Port A. When configuring this interface, what physical type, slot, and port number should the administrator add to the configuration?

A.GigabitEthernet0/0
B.GigabitEthernet0/5
C.GigabitEthernet0/4
D.Management0/0
Answer: D

2.What is the effect of the per­user­override option when applied to the access­group command syntax?
A.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
B.The log option in the per­user access list overrides existing interface log options.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It allows for extended authentication on a per­user basis.
Answer: C

3.What are two instances when sparse­mode PIM is most useful? (Choose two.)
A.when there are few receivers in a group
B.when there are many receivers in a group
C.when the type of traffic is intermittent
D.when the type of traffic is constant
E.when the traffic is not ethertype
F.when the traffic is ethertype
Answer: A, C

4.Which command enables IKE on the outside interface?
A.ike enable outside
B.ipsec enable outside
C.isakmp enable outside
D.ike enable (outbound)
Answer: C

5.Refer to the exhibit. An administrator is configuring the failover link on the secondary unit, pix2
and needs to configure the IP addresses of the failover link. At pix2, which of these additional commands should be entered?

A.pix2(config)# failover lan ip 172.17.2.1 255.255.255.0 standby 172.17.2.7
B.pix2(config)# failover link 172.17.2.7 255.255.255.0 standby 172.17.2.1
C.pix2(config)# failover interface ip LANFAIL 172.17.2.1 255.255.255.0 standby 172.17.2.7
D.pix2(config)# interface ethernet3 pix2(config­if)# failover ip address 172.17.2.7 255.255.255.0 standby 172.17.2.1
Answer: C

6.What type of tunneling should be used on the VPN Client to allow IPSec traffic through a stateful firewall that may be performing NAT or PAT?
A.GRE/IPSec
B.IPSec over TCP
C.IPSec over UDP
D.split tunneling
E.L2TP
Answer: B

7.What is the result if the WebVPN url­entry parameter is disabled?
A.The end user is unable to access any CIFS shares or URLs.
B.The end user is able to access CIFS shares but not URLs.
C.The end user is unable to access pre­defined URLs.
D.The end user is able to access pre­defined URLs.
Answer: D

8.What are the two purposes of the same­security­traffic permit intra­interface command? (Choose two.)
A.It allows all of the VPN spokes in a hub­and­spoke configuration to be terminated on a single interface.
B.It allows communication between different interfaces that have the same security level
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It enables Dynamic Multipoint VPN.
Answer: A, C

9.When configuring a crypto map, which command correctly specifies the peer to which IPSec­protected traffic can be forwarded?
A.crypto map set peer 192.168.7.2
B.crypto map 20 set­peer insidehost
C.crypto­map policy 10 set 192.168.7.2
D.crypto map peer7 10 set peer 192.168.7.2
Answer: D

10.By default, the AIP­SSM IPS software is accessible from the management port at IP address 10.1.9.201/24. Which CLI command should an administrator use to change the default AIP­SSM management port IP address?
A.hw module 1 setup
B.interface
C.setup
D.hw module 1 recover
Answer: C

11.The inline IPS software feature set is available in which security appliances?
A.any Cisco PIX and ASA Security Appliance running v.7 software and an AIP­SSM module
B.only Cisco PIX 515, 525, and 535 Security Appliances with an AIP­SSM module
C.only Cisco ASA 5520 and 5540 Security Appliances with an AIP­SSM module
D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIP­SSM module
Answer: D

12.Which is a hybrid protocol that provides utility services for IPSec, including authentication of the IPSec peers, negotiation of IKE and IPSec SAs, and establishment of keys for encryption algorithms?
A.3DES
B.ESP
C.IKE
D.MD5
Answer: C

13.How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?
A.Use the shutdown command on the main interface
B.Omit the nameif command on the subinterface
C.Use the vlan command on the main interface.
D.Omit the nameif command on the main interface.
E.Use the shutdown and then use the nameif command on the main interface.
Answer: D

14.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces except the outside interface.
B.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to all interfaces be IPSec protected.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces, but it must be protected with SSH.
Answer: C

15.Why does the PIX security appliance record information about a packet in its stateful session flow table?
A.to build the reverse path forwarding (RFP) table to prevent spoofed source IP address
B.to establish a proxy session by relaying the application layer requests and responses between two endpoints
C.to compare against return packets for determining whether the packet should be allowed through the firewall
D.to track outbound UDP connections
Answer: C

16.In the Cisco ASA 5500 series, what is the flash keyword aliased to?
A.Disk0
B.Disk1
C.both Disk0 and Disk1
D.Flash0
E.Flash1
Answer: A

17.Refer to the exhibit. This security appliance is configured for what two types of failover? (Choose two.)

A.unit­based failover
B.LAN cable­based failover
C.stateful failover
D.Active/Standby failover
E.Active/Active failover
F.Context/Group failover
Answer: B, E

18.Refer to the exhibit. You are an administrator who is inundated with unwanted syslog messages. You want to stay at your current syslog message level but block selected unwanted syslog messages from filling your syslog. What command should you use to block specific unwanted message number 710005?

A.logging message deny 710005
B.no logging debug 710005
C.logging trap deny 710005
D.no logging message 710005
Answer: D

19.An administrator wants to protect a DMZ web server from SYN flood attacks. Which command does not allow the administrator to place limits on the number of embryonic connections?
A.nat
B.static
C.set connection
D.HTTP­map
Answer: D

20.What is the minimal number of physical interfaces required for all security appliance platforms to support VLANs?
A.one
B.two
C.three
D.four
Answer: B

21.Which of these identifies basic settings for the security appliance, including a list of contexts?
A.primary configuration
B.network configuration
C.system configuration
D.admin configuration
Answer: C