Welcome to download the newest Pass4itsure SY0-401 dumps:
Flydumps certification Cisco 642-521 exam is a very important Hitachi certification exam in the IT industry, would like the examination must be fully prepared for the Cisco 642-521 exam is necessary. If you choose to enroll in the Cisco 642-521 exam you should choose a good learning materials or to choose a good training methods to prepare for the Cisco 642-521 exam. The Select Flydumps 100% to help you pass the Cisco 642-521 exam, according to the Cisco 642-521 exam subjects Flydumps Cisco 642-521 test is constantly changing, constantly update will provide the latest content of the Cisco 642-521. Flydumps have real and original Cisco 642-521 exam sample questions for preparing. Flydumps Cisco 642-521 exam sample questions and a close resemblance to the real Cisco 642-521 exam practice questions and answers.
QUESTION 108
How does the DNS Guard feature help prevent UDP sesion hijacking and DoS attacks?
A. It prevents all DNS responses from passing through the PIX Firewall.
B. It prevents any DNS name resolution requests to DNS servers behind the PIX Firewall.
C. Only the first reply from any given DNS server is allowed through the PIX Firewall. The PIX discards all other replies from the same server.
D. If multiple DNS servers are queried, only the first answer from the first server to reply is allowed through the PIX Firewall. The PIX does not wait for the default UDP timer to close the sessions but tears down connections to all DNS servers after receiving the first reply.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 109
When configuring a crypto map, which command correctly specifies the peer to which IPSec-protected traffic can be forwarded?
A. crypto map set peer 192.168.7.2
B. crypto map 20 set-peer insidehost
C. crypto-map policy 10 set 192.168.7.2
D. crypto map peer7 10 set peer 192.168.7.2
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which command correctly specifies a transform set for a crypto map?
A. crypto transform-set name pix2
B. crypto map peer2 10 set transform-set pix2
C. transform-set pix2 set crypto map MYMAP
D. crypto-map policy 10 set 192.168.7.2
E. crypto map peer7 10 set peer 192.168.7.2
F. crypto transform peer2 10 set transform-set pix2
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
The LAN-based failover you configured does not work. Why? Choose two reasons.
A. You used a hub for failover operation.
B. You used a switch for failover operation.
C. You used a dedicated VLAN for failover operation.
D. You did not set a failover IP address.
E. You did not use a crossover Ethernet cable between the two PIX Firewalls.
F. You used a crossover Ethernet cable between the two PIX Firewalls.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 112
You have used the privilege command to set privilege levels for PIX Firewall commands. How can an administrator now gain access to a particular privilege level?
A. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the user name for that level.
B. From the > prompt, enter the login command with a privilege-level designation, when prompted enter the password.
C. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the password for that level.
D. From the > prompt, enter the enable command with a privilege-level designation, when prompted, enter the password for that level.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
What is the maximum number of PIX Firewalls the AUS will support?
A. 100
B. 500
C. 750
D. 1000
E. 2000
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 115
At a small site in the above network diagram, network administrator chose to authenticate WWW cut-through proxy traffic via a local database on the PIX Firewall. What commands should the administrator enter to accomplish this?
A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6 pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www pix1(config)# aaa authentication match 150 outside LOCAL
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which statements about creating VPNs in PDM are true? Choose two.
A. When the inactivity timeout for all IPSec SAs have expired for a given VPN Client, the tunnel is established.
B. PDM supports tunnel policies that are not bound to an interface.
C. To create a crypto map, select crypto maps from the IPSec branch of the categories tree.
D. PDM hides the concept of crypto map.
E. After you create a tunnel policy in the VPN tab’s tunnel policy window, you must bind it to an interface from the Access Rules tab.
F. PDM does not support tunnel policies that are not bound to an interface. You must select an interface for a tunnel policy when you create it.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 117
lab A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 118
Which protocols does the PIX Firewall use to enable call handling sessions, particularly two-party audio conferences or calls?
A. Remote Function Call
B. Session Initiation Protocol
C. Real-Time Transport Protocol
D. Point-to-Point Protocol over Ethernet
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 119
What command reassigns a specific command to a different privilege level?
A. privilege
B. command auth
C. level-priv D. curpriv
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Why use the shun command?
A. PIX Firewall does not support shunning
B. to enable the PIX Firewall to detect and block intrusion attempts
C. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its source address
D. you know the IP address of an attacking host and want the PIX Firewall to drop packets containing its destination address
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
What is the default port number that the PIX Firewall uses to contact the AUS?
A. 25
B. 110
C. 443
D. 444
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You are attempting to create a protocol object group to contain a group of protocols frequently used by users on your network. You enter the command object-group protocol PROTO. What happens?
A. You get an error message
B. You get the proper syntax for the object-group command
C. You get a sub-command prompt: pixfirewall (config-protocol)#
D. You get the prompt pixfirewall(config)# access-list so that you can quickly insert the object group into an ACL
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have 100 users on your internal network; you want only six of these users to perform FTP, Telnet, or HTTP outside the network. Which PIX Firewall feature do you enable?
A. access lists
B. AAA
C. object grouping
D. VAC+
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 125
The administrator would like to create an inactivity timeout value of 10 minutes on all console cable sessions. To do so, the administrator would enter which command?
A. Pix1 (config) # enable timeout 10
B. Pix1 (config) # console timeout 10
C. Pix1 (config) # authentication console timeout 10
D. Pix1 (config) # console-idle-timeout timeout10
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
If you configure a VPN between a Cisco VPN Client and the PIX Firewall using pre-shared keys for authentication, which should you do? Choose two.
A. Use pre-shared keys for authentication.
B. Use digital certificates for authentication instead of pre-shared keys.
C. Do not use digital certificates for authentication.
D. Ensure that the password on the VPN client matches the vpngroup password on the PIX Firewall.
E. Ensure that the group name differs from the VPN group name on the PIX Firewall.
F. Ensure that the group name on the VPN Client matches the vpngroup name on the PIX Firewall.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 127
The PDM runs on which operating systems? Choose the best answer.
A. Windows, Macintosh, and Linux
B. Windows and Sun Solaris
C. Windows, Linux, and Sun Solaris
D. Windows and Linux
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which command enables IKE on the outside interface?
A. ike enable outside
B. ipsec enable outside
C. isakmp enable outside
D. ike enable (outbound)
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Your new network administrator has recently modified your PIX Firewall’s configuration. You are suddenly experiencing security breaches involving Internet mail. What change did the administrator make?
A. He disabled the PIX Firewall’s mailport fixup.
B. He disabled the PIX Firewall’s smtp fixup.
C. He enabled the PIX Firewall’s ils fixup on port 25.
D. He defined the ports on which to activate Mail Guard.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Cisco IP phones download their configurations from a TFTP server. How do you enable the PIX Firewall to provide information about a TFTP server to the IP phones?
A. using the tftp server command
B. enable the PIX Firewall’s TFTP fixup
C. configure the PIX Firewall’s DHCP server and enable DHCP option 150 or DHCP option 66
D. configure the PIX Firewall’s TFTP server and enable TFTP option 150 or DHCP option 66
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
When deciding to choose Flydumps Cisco 642-521 exam sample questions, you will choose the success in Cisco 642-521 exam. You aren’t planning to purchase a non reusable solution. Cisco 642-521 exam sample questions changes are supplied no cost. It doesn’t matter how shortly you choose grab the specific Cisco 642-521 exam sample questions accreditation, take the real Cisco 642-521 questions qualification, it will be easy just to walk in the screening space as assured as the Certification Administrator. Several Cisco 642-521 study books contain questions at the end of each chapter. Candidates should be able to practice Cisco 642-521 exam sample questions. If you plan for your free using your Flydumps assessment serps, most people ensure making money online within the initial endeavor.
Welcome to download the newest Pass4itsure SY0-401 dumps: http://www.pass4itsure.com/SY0-401.html
ISEB BH0-005 Exam Collection, First-hand ISEB BH0-005 New Questions On Sale
The post Cisco 642-521 PDF Download, 50% Discount Cisco 642-521 Certification Exam On Our Store appeared first on IT Certification Success Guaranteed, The Easy Way!.