New VCE and PDF– If you want to pass Cisco 642-521 exam successfully,do not miss to test Cisco latest Cisco 642-521 brain dumps.All Cisco 642-521 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.
QUESTION 51
The graphic shows a partial configuration. An account manager (AM) at a small site wants to access the boston_sales.cisco.com server. The account manager knows the name, but not the IP address of the server. The AM’s PC requests DNS resolution of the inside web server address from a DNS server on an outside network. To enable the PIX Firewall to perform a DNS A record translation correctly for the above mentioned application, the DNS key word should be added to which of the above mentioned commands?
A. Nat command
B. Global command
C. Access-list command
D. Static command
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You installed PDM on a PIX Firewall with an existing configuration. You notice that you have access only to the monitoring tab. What is the most likely cause of this problem?
A. You are running PDM on a software image earlier than 6.0.
B. You have a command in your configuration that PDM does not support.
C. You have not specified the host or network authorized to initiate an HTTP connection to the PIX Firewall.
D. You installed a corrupt pdmxx.bin file.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
How do you get to the multicast subcommand mode where you can enter the igmp commands for further multicast support?
A. Use the clear IGMP group command.
B. Enter the igmp interface command in privileged mode.
C. Enter the multicast mode command in configuration mode.
D. Enter the multicast interface command in configuration mode.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What protocol does the PIX MC use to communicate with the PIX Firewall?
A. HTTP
B. SSH
C. HTTPS
D. SNMP
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 55
Which is possible with the FWSM for the Catalyst 6500 switch?
A. Virtual Private Networks
B. 1000 firewall interfaces
C. IDS syslog messages
D. intra-chassis stateful failover
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
To enable multicast forwarding on the PIX outside interface, which of the following commands should the administrator enter?
A. pix1(config)# multicast on outside
B. pix1(config)# enable multicast outside
C. pix1(config)# multicast enable outside
D. pix1(config)# multicast interface outside
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which statements about the PIX Firewall’s multicasting capabilities are true? Choose three.
A. The PIX Firewall does not support multicasts.
B. The PIX Firewall supports Stub Multicast Routing.
C. The PIX Firewall can be configured to act as an IGMP proxy agent.
D. The only way you can currently enable the PIX Firewall to pass multicast traffic is by constructing GRE tunnels.
E. To enable the PIX Firewall for Stub Multicast Routing, you must configure GRE tunnels for passing multicast traffic.
F. When the PIX Firewall is configured for Stub Multicast Routing, it is not necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX Firewall.
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which statement about authentication and the PIX Firewall is true?
A. One network cannot authenticate with both TACACS+ and RADIUS.
B. One network can authenticate with both TACACS+ and RADIUS.
C. If any network connected to your PIX Firewall authenticates with RADIUS, all other networks must use RADIUS for authentication.
D. If any network connected to your PIX Firewall authenticates with TACACS+, any other networks that use authentication and connect to the PIX Firewall must also use TACAS+.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which statements about the PIX Firewall’s PAT feature are true? Choose three.
A. It maps TCP port numbers to a single IP address.
B. It cannot be used with NAT.
C. It provides security by hiding the outside source address, using a global IP address from the PIX Firewall.
D. A PAT address can be a virtual address, different from the outside address.
E. It provides security by hiding the inside source address, using a single IP address from the PIX Firewall.
F. The IP address of a PIX Firewall interface cannot be used as the PAT address.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which statement about the PIX Firewall and PPPoE is true?
A. The PIX Firewall PPPoE client cannot operate in environments where NAT is being performed on traffic moving through a VPN.
B. The PIX Firewall PPPoE server can operate in environments where URL and content filtering is being performed before transmission to or from the outside interface.
C. The PIX Firewall PPPoE client can operate in environments where NAT is being performed on traffic to or from the outside interface.
D. The PIX Firewall PPPoE server can operate in environments where application of firewall rules is being performed on traffic before transmission to or from the outside interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which statements about intrusion detection in the PIX Firewall are true? Choose two.
A. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored unless you disable them.
B. Only the signatures you enable will be monitored.
C. The PIX Firewall supports only inbound auditing.
D. IP audit policies must be applied to an interface with the ip audit interface command.
E. When a policy for a given signature class is created and applied to an interface, all supported signatures of that class are monitored and cannot be disabled until you remove the policy from the interface.
F. IP audit policies must be applied to an interface with the ip audit signature command.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Identify a problem with packet-filtering firewalls.
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. It is difficult to add new services to the firewall.
C. Packets cannot pass through the filter by being fragmented.
D. Packets can pass through the filter by being fragmented.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which two commands can be used to enable SYN Flood Guard? Choose two.
A. alias
B. nat
C. static
D. synflood
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 64
lab A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 65
lab A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 66
What is the function of the support tool in the PIX MC?
A. to allow technical support to remotely administer the PIX MC
B. to show available support options for the PIX MC
C. to create a file that captures information about the PIX MC
D. to place the PIX MC in safe mode so you can troubleshoot it
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which type of downloadable ACLs are best when there are frequent requests for downloading a large ACL?
A. named ACLs
B. unnamed ACLs
C. dynamic ACLs
D. static ACLs
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which statement about authorization and the PIX Firewall is true?
A. The PIX Firewall supports downloadable ACLs using RADIUS.
B. The PIX Firewall does not support per-user authorization.
C. The PIX Firewall does not support TACACS+ authorization.
D. The PIX Firewall supports downloadable ACLs using TACACS+.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
How do you configure the PIX Firewall to protect against SYN floods?
A. Use the emb_conns argument to limit the number of fully opened connections.
B. Set the max_conns option in the nat command to less than the server can handle.
C. Set the emb_limit option in the name command to less than the server can handle.
D. Set the emb_limit option in the static command to less than the server can handle.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
An IT professional at the DEF Corporation asked the corporation’s PIX Firewall administrator if a user on the inside network could access two sites on the Internet and present two different source IP addresses. When accessing an FTP server, the source IP address is translated to 192.168.0.9. When accessing a web server, the source address is translated to 192.168.0.21. The PIX Firewall administrator could accomplish this application by completing which of the following tasks?
A. Configure NAT and global commands.
B. Configure NAT 0 access-list and global commands.
C. Configure outside NAT and global commands.
D. Configure NAT access-list and global commands.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Both PDF and software format demos for Cisco 642-521 exam dumps are offered by Flydumps for free.You can try Cisco 351-080 free demo before you decide to buy the full version practice test.Cisco 642-521 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-521 dumps will not only help you pass in one attempt,but also save your valuable time.
The post Cisco 642-521 Practice, Download Latest Cisco 642-521 PDF Dumps On Our Store appeared first on IT Certification Success Guaranteed, The Easy Way!.