Exam4actual the latest Cisco 642-522

1.
Refer to the show run output in the exhibit. Which accesslist
configuration using the
objectgroups
shown will only permit HTTP and HTTPS traffic from any host on 10.1.1.0/24 to any
host on 192.168.1.0/24?

A.accesslist
aclin extended permit tcp objectgroup
test2 objectgroup
test1 objectgroup
test3
B.accesslist
aclin extended permit tcp objectgroup
test1 objectgroup
test2 objectgroup
test3
C.accesslist
aclin extended permit tcp objectgroup
test1 objectgroup
test3 objectgroup
test2
D.accesslist
aclin extended permit ip objectgroup
test1 objectgroup
test2
Correct:B
2.What is the effect of the peruseroverride
option when applied to the accessgroup
command
syntax?
A.It increases security by building upon the existing access list applied to the interface. All subsequent
users are also subject to the additional access list entries.
B.The log option in the peruser
access list overrides existing interface log options.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It allows for extended authentication on a peruser
basis.
Correct:C
3.Drag Drop question

 

Correct:

4.
Which command enables IKE on the outside interface?
A.ike enable outside
B.ipsec enable outside
C.isakmp enable outside
D.ike enable (outbound)
Correct:C
5.Refer to the exhibit. An administrator is configuring the failover link on the secondary unit, pix2
and needs to configure the IP addresses of the failover link. At pix2, which of these additional
commands should be entered?

A.pix2(config)# failover lan ip 172.17.2.1 255.255.255.0 standby 172.17.2.7
B.pix2(config)# failover link 172.17.2.7 255.255.255.0 standby 172.17.2.1
C.pix2(config)# failover interface ip LANFAIL 172.17.2.1 255.255.255.0 standby 172.17.2.7
D.pix2(config)# interface ethernet3 pix2(configif)#
failover ip address 172.17.2.7 255.255.255.0 standby
172.17.2.1
Correct:C
6.What type of tunneling should be used on the VPN Client to allow IPSec traffic through a stateful
firewall that may be performing NAT or PAT?
A.GRE/IPSec
B.IPSec over TCP
C.IPSec over UDP
D.split tunneling
E.L2TP
Correct:B
7.What is the result if the WebVPN urlentry
parameter is disabled?

A.
The end user is unable to access any CIFS shares or URLs.
B.The end user is able to access CIFS shares but not URLs.
C.The end user is unable to access predefined
URLs.
D.The end user is able to access predefined
URLs.
Correct:D
8.What are the two purposes of the samesecuritytraffic
permit intrainterface
command?
(Choose two.)
A.It allows all of the VPN spokes in a hubandspoke
configuration to be terminated on a single interface.
B.It allows communication between different interfaces that have the same security level
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It enables Dynamic Multipoint VPN.
Correct:A C
9.When configuring a crypto map, which command correctly specifies the peer to which
IPSecprotected
traffic can be forwarded?
A.crypto map set peer 192.168.7.2
B.crypto map 20 setpeer
insidehost
C.cryptomap
policy 10 set 192.168.7.2
D.crypto map peer7 10 set peer 192.168.7.2
Correct:D
10.By default, the AIPSSM
IPS software is accessible from the management port at IP address
10.1.9.201/24. Which CLI command should an administrator use to change the default AIPSSM
management port IP address?
A.hw module 1 setup
B.interface
C.setup
D.hw module 1 recover
Correct:C
11.The inline IPS software feature set is available in which security appliances?
A.any Cisco PIX and ASA Security Appliance running v.7 software and an AIPSSM
module
B.only Cisco PIX 515, 525, and 535 Security Appliances with an AIPSSM
module
C.only Cisco ASA 5520 and 5540 Security Appliances with an AIPSSM
module
D.any Cisco ASA 5510, 5520, or 5540 Security Appliance with an AIPSSM
module
Correct:D
12.Which is a hybrid protocol that provides utility services for IPSec, including authentication of
the IPSec peers, negotiation of IKE and IPSec SAs, and establishment of keys for encryption
algorithms?
A.3DES
B.ESP
C.IKE
D.MD5
Correct:C
13.How do you ensure that the main interface does not pass untagged traffic when using
subinterfaces?

A.
Use the shutdown command on the main interface
B.Omit the nameif command on the subinterface
C.Use the vlan command on the main interface.
D.Omit the nameif command on the main interface.
E.Use the shutdown and then use the nameif command on the main interface.
Correct:D
14.Which statement about Telnet and the security appliance is true?
A.You can enable Telnet on all interfaces except the outside interface.
B.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to
all interfaces be IPSec protected.
C.You can enable Telnet on all interfaces, but the PIX security appliance requires that all Telnet traffic to
the outside interface be IPSec protected.
D.You can enable Telnet on all interfaces, but it must be protected with SSH.
Correct:C
15.Why does the PIX security appliance record information about a packet in its stateful session
flow table?
A.to build the reverse path forwarding (RFP) table to prevent spoofed source IP address
B.to establish a proxy session by relaying the application layer requests and responses between two
endpoints
C.to compare against return packets for determining whether the packet should be allowed through the
firewall
D.to track outbound UDP connections
Correct:C
16.In the Cisco ASA 5500 series, what is the flash keyword aliased to?
A.Disk0
B.Disk1
C.both Disk0 and Disk1
D.Flash0
E.Flash1
Correct:A
17.Refer to the exhibit. This security appliance is configured for what two types of failover?
(Choose two.)

A.
unitbased
failover
B.LAN cablebased
failover
C.stateful failover
D.Active/Standby failover
E.Active/Active failover
F.Context/Group failover
Correct:B E

exam4actual.com will help you to pass IT exams.

http://www.exam4actual.com