Do not worry about your Cisco 642-521 exam, Lead2pass now has published the new veriosn Cisco 642-521 exam dumps with more new added questions and answers, also you can free download Cisco 642-521 vce test software and pdf dumps on Flydumps.com.
Exam A
QUESTION 1
Which of the following is a problem with packet-filtering firewalls?
A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented.
C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 18
Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-5
QUESTION 2
At which of the following stages will the PIX Firewall log information about packets, such as source and destination IP addresses, in the stateful session table?
A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made.
D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology maintains complete
session state. Each time a Transimission Control Protocol (TCP) or User Datagram Protocol (UDP)
connection is established for inbound or outbound connections, the information is logged in a stateful
session flow table.
Reference:
CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-7 PIX FW Advanced, Cisco Press, p. 19
QUESTION 3
John the security administrator at Certkiller Inc. is working on configuring the PIX Firewall. John must choose two features on the PIX Firewall? (Choose two)
A. One feature is it uses Cisco Finesse operating system.
B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication connections.
Correct Answer: AF Section: (none) Explanation Explanation/Reference:
Explanation:
The PIX Firewall features the following technologies and benefits Non-Unix, secure, real-time, embedded
system ASA Cut-through proxy – A user-based authentication method of both inbound and outbound
connections, providing improved performance in comparison to that of a proxy server.
Statefull packet filtering Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-
like operating system. Use of Finesse eliminates the risks associated with general-purpose operating
system.
Reference:
Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9
QUESTION 4
What is the operating system that a pix runs?
A. unix
B. solaris
C. windows
D. none of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened firewall, limiting its
vulnerabilities.
QUESTION 5
What encryption protocols does the pix firewall support for vpn’s? Choose all that apply.
A. MD5
B. 3DES
C. AES
D. DES
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES encryption protocols for
IPSEC VPN’s.
QUESTION 6
What is the maximum number of interfaces the PIX Firewall 535 supports with an unrestricted license?
A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
A total of eight interface circuit boards are configurable with the restricted license and a total of ten are
configurable with the unrestricted license.
Reference:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/
products_installation_guide_chapter09186a 00801a9
QUESTION 7
As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported on a PIX Firewall. Which of the following statements regarding the capabilities of AES on the PIX Firewall is valid?
A. Supported in software only on all models.
B. Supported on software on all models and in hardware in a VAC card.
C. Not supported by the PIX 501 and 506.
D. Supported in software on all models and in hardware on a VAC+ card.
E. Supported in software on all models and in hardware on an AIM II card.
F. None of the above.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
PIX FW Advanced, Cisco Press, p. 29
QUESTION 8
Which of the following are valid pix models? Choose all that apply.
A. 505
B. 515
C. 530
D. 535
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix firewall comes in 6 different models. 501, 506, 515, 520, 525, 535. There is also the FWSM blade.
QUESTION 9
How much flash memory does a pix firewall need to run OS version 6.1?
A. 2mb
B. 4mb
C. 8mb
D. 16mb
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
You need at least 8mb of flash memory to run pix OS version 5.2 and later.
QUESTION 10
What is the maximum number of interfaces the pix 535 can support?
A. 6
B. 8
C. 9
D. 10
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The 535 can support up to 10 different interfaces. The 525 can support 8 and the 515 and 520 can support
up to 6.
QUESTION 11
Which of the following pix models are unable to provide failover? Choose all that apply.
A. 501
B. 506
C. 515
D. 520
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
All pix models including the FWSM can provide failover, except for the 501 and 506.
QUESTION 12
Which of the following is a hardware card that can be installed on a pix to increase vpn throughput?
A. pfs
B. ike
C. stp
D. vac
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Pix firewall models 515, 525, and 535 support VPN Accelerator Cards (VAC’s) that process encryption and
decryption in hardware, relieving the pix cpu.
QUESTION 13
How many available PCI slots does a pix 515 have?
A. 0
B. 1
C. 2
D. 3
E. 4
F. 6
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix 515 has two available pci slots for additional ethernet interfaces to be installed.
CCNA Cisco 642-521 Exam Certification Guide is part of a recommended study program from Cisco 642-521 that includes simulation and hands-on training from authorized Cisco 642-521 Learning Partners and self-study products from Cisco 642-521.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-521 Learning Partners worldwide
The post New Updated Cisco 642-521 Exam Of Flydumps For Free Download appeared first on IT Certification Success Guaranteed, The Easy Way!.