Braindumps of 642-524
Securing Networks with ASA Foundation
Thanx to www.exams.ws for providing dumps.
QUESTION NO: 1
Tom works as a network administrator. The primary adaptive
security appliance in an active/standby failover configuration
failed, so the secondary adaptive security appliance
was automatically activated. Tom then fixed the problem.
Now he would like to restore the primary to active status.
Which one of the following commands can reactivate the
primary adaptive security appliance and restore it to
active status while issued on the primary adaptive security
A. failover reset
B. failover primary active
C. failover active
D. failover exec standby
QUESTION NO: 2
For the following commands, which one enables the DHCP
server on the DMZ interface of the Cisco ASA with an
address pool of 10.0.1.100-10.0.1.108 and a DNS server
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns
192.168.1.2 dhcpd enable DMZ
B. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns
server 192.168.1.2 dhcpd enable DMZ
C. dhcpd range 10.0.1.100-10.0.1.108 DMZ dhcpd dns server
192.168.1.2 dhcpd DMZ
D. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns
192.168.1.2 dhcpd enable
QUESTION NO: 3
Tom works as a network administrator. He receives a
new Cisco ASA. Which command, when entered from the
console, directs the Cisco ASA to provide interactive
prompts that aid in the building of a first-use, minimal
B. configure factory default
C. configure terminal
D. configure startup
QUESTION NO: 4
What is the effect of the per-user-override option when
applied to the access-group command syntax?
A. The log option in the per-user access list overrides
existing interface log options.
B. It allows for extended authentication on a per-user
C. Hallows downloadable user access lists to override
the access list applied to the interface.
D. It increases security by building upon the existing
access list applied to the interface. All subsequent
users are also subject to the additional access list
QUESTION NO: 5
For the following regular expressions, which one would
best match the website address "www.cisco.com/go/ccsp"?
QUESTION NO: 6
In order to recover the Cisco ASA password, which operation
mode should you enter?
QUESTION NO: 7
Which three statements correctly describe protocol inspection
on the Cisco ASA adaptive security appliance? (Choose
A. For the security appliance to inspect packets for
signs of malicious application misuse, you must enable
advanced (application layer) protocol inspection.
B. if you want to enable inspection globally for a protocol
that is not inspected by default or if you want to globally
disable inspection for a protocol, you can edit the
default global policy.
C. The protocol inspection feature of the security appliance
securely opens and closes negotiated ports and IP addresses
for legitimate client-server connections through the
D. if inspection for a protocol is not enabled, traffic
for that protocol may be blocked.
QUESTION NO: 8
Observe the following commands, which one verifies that
NAT is working normally and displays active NAT translations?
A. showip nat all
B. show running-configuration nat
D. show nat translation
QUESTION NO: 9
Multimedia applications transmit requests on TCP, get
responses on UDP or TCP, use dynamic ports, and use
the same port for source and destination, so they can
pose challenges to a firewall. Which three items are
true about how the Cisco ASA adaptive security appliance
handles multimedia applications? (Choose three.)
A. it dynamically opens and closes UDP ports for secure
multimedia connections, so you do not need to open a
large range of ports.
B. It supports SIP with NAT but not with PAT.
C. it supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
QUESTION NO: 10
What is the result if the WebVPN url-entry parameter
A. The end user is unable to access pre-defined URLs.
B. The end user is unable to access any CIFS shares
C. The end user is able to access CIFS shares but not
D. The end user is able to access pre-defined URLs.
QUESTION NO: 11
What is one purpose of a tunnel group?
A. to group similar IPSec protocols
B. to group similar IPSec users
C. to group similar IPSec networks
D. to identify AAA servers
QUESTION NO: 12
You work as a security appliance administrator. You
have defined a regular expression to match an unauthorized
website. Which pair of commands would be used to configure
a regular expression class map?
A. class-map regex match-any URL match UNAUTHORIZED_SITE
B. class-map type regex match-any URL match regex UNAUTHORIZED_SITE
C. class-map type regex match-any match regex UNAUTHORIZED_SITE
D. class-map match-any type regex match UNAUTHORIZED
QUESTION NO: 13
Which three tunneling protocols and methods are supported
by the Cisco VPN Client? (Choose three.)
A. Psec over TCP
B. Psec overUDP