Welcome to download the newest Pass4itsure c4040-226 VCE dumps: http://www.pass4itsure.com/c4040-226.html
FLYDUMPS also provide you with Cisco 642-522 exam sample questions, may expects the authentication of the problem about answer. Killtest also provides you with convenient Cisco 642-522 exam sample questions download. FLYDUMPS Cisco 642-522 exam sample questions testing engine format is a simulator of real exam. FLYDUMPS Cisco 642-522 exam sample questions will have experience with the Android family and hands on experience in helping you pass Cisco 642-522 exam easily. Cisco 642-522 exam sample questions provides the real Cisco 642-522 exam test. FLYDUMPS Cisco 642-522 exam sample questions provides the exam question with verified answers that reflect the actual exam. So candidates can pass the Cisco 642-522 exam for first try if they use Cisco 642-522 exam sample questions.
QUESTION 74
A Certkiller security appliance is being configured to support the use of AAA servers. How long does a pix firewall wait by default for a response from an AAA server before trying to contact the server again?
A. 2 seconds
B. 4 seconds
C. 5 seconds
D. 8 seconds
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
When a pix firewall queries an AAA server to authenticate a user, the firewall will by default wait 5 seconds
for a response. If one is not received within 5 seconds, it will then query the server again (up to 4 times).
Change this timer with the timeout keyword with the aaa-server command (aaa-server radius (dmz1) host
192.168.10.1 (key) timeout (seconds)).
QUESTION 75
What is displayed as a result of entering the command syntax “show aaa-server group1 host 192.168.30.166” in the security appliance?
A. aaa-server configuration for a particular host in server group group1
B. aaa-server statistics for a particular host in server group group1
C. aaa-server configuration for server group group1
D. aaa-server statistics for the host group1 at IP address 192.168.30.166
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: To display AAA server statistics for AAA servers, use the show aaa-server command in privileged EXEC mode: The optional “host hostname” keywords how statistics for a particular server in the group. show aaa-server [LOCAL | groupname [host hostname] | protocol protocol] Example: This example shows the use of the show aaa-server command to display statistics for a particular host in server group group1: hostname(config)# show aaa-server group1 host 192.68.125.60 Server Group: group1 Server Protocol: RADIUS Server Address: 192.68.125.60 Server port: 1645 Server status: ACTIVE/FAILED. Last transaction (success) at 11:10:08 UTC Fri Aug 22 Number of pending requests 20 Average round trip time4ms Number of authentication requests20 Reference: Cisco Security Appliance Command Reference For the Cisco ASA 5500 Series and Cisco PIX 500 Series Software Version 7.0.4 Page 1480.
QUESTION 76
DHCP needs to be set up on a new Certkiller location. Which of the following statements regarding PIX Firewall’s DHCP capabilities are valid? (Choose two)
A. You have to remove a configured domain name.
B. It can be both DHCP server and client simultaneously.
C. It cannot pass configuration parameters it receives from another DHCP server to its own DHCP clients.
D. It can be a DHCP server.
E. It cannot be a DHCP client.
F. The PIX Firewall’s DHCP server can be configured to distribute the IP addresses of up to four DNS servers to its clients.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: The PIX Firewall can be a DHCP server, a DHCP client, or a DHCP server and client simultaneously. DHCP server and client support enables you to automatically leverage the DNS, WINS, and domain name values obtained by the PIX Firewall DHCP client for use by the hosts served by the PIX Firewall’s DHCP server. Reference: CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.16-33
QUESTION 77
A new Certkiller firewall needs to act as a DHCP server for a small office. How do you enable this PIX to act as a DHCP server for clients in this network?
A. ip address inside dhcp
B. dhcpd enable inside
C. interface inside dhcpd enable
D. interface inside dhcp server
E. None of the above
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Enable the DHCP server function on the PIX inside interface with the “dhcpd enable inside” command. Only the inside interface can have the dhcp server enabled.
QUESTION 78
A new Certkiller PIX is installed on the network, and VLAN support needs to be configured on it. What is the minimum number of physical interfaces that is required for all security appliance platforms to support VLANs?
A. One
B. Two
C. Three
D. Four
E. Five
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Only a single physical interface is needed to firewall logical VLAN interfaces as shown in the diagram
below:
Using a PIX Firewall to Interconnect VLANs In the diagram shown above, two VLANs are configured on two switches. Workstations are connected to the access layer switch, while servers are connected to the distribution layer switch. Links using the 802.1q protocol interconnect the two switches and the PIXFirewall. The 802.1q protocol allows trunking VLAN traffic between devices, which means that traffic to and from multiple VLANs can be transmitted over a single physical link. Each packet contains a VLAN tag that identifies the source and destination VLAN. The PIXFirewall supports 802.1q, allowing it to send and receive traffic for multiple VLANs on a single interface. In this example the PIXFirewall is configured with only one physical and one logical interface assigned to VLAN 2 and VLAN 3. The PIXFirewall interconnects the two VLANs, while providing firewall services, such as access lists, to improve network security. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/ products_configuration_guide_chapter09186a00801
QUESTION 79
A new Certkiller firewall was configured for subinterfaces on one of the links. How do you ensure that the main interface does not pass untagged traffic when using subinterfaces?
A. Use the shutdown command on the main interface.
B. Omit the nameif command on the subinterface.
C. Use the vlan command on the main interface.
D. Omit the nameif command on the main interface.
E. Use the shutdown and then use the nameif command on the main interface.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: You can only assign a single VLAN to a subinterface, and not to the physical interface. Each subinterface must have a VLAN ID before it can pass traffic. To change a VLAN ID, you do not need to remove the old VLAN ID with the no option; you can enter the vlan command with a different VLAN ID, and the security appliance changes the old ID. You need to enable the physical interface with the no shutdown command tolet subinterfaces be enabled. If you enable subinterfaces, you typically do not also want the physical interface to pass traffic, because the physical interface passes untagged packets. Therefore, you cannot prevent traffic from passing through the physical interface by bringing down the interface. Instead, ensure that the physical interface does not pass traffic by leaving out the nameif command. If you want to let the physical interface pass untagged packets, you can configure the nameif command as usual. Reference: http://www.cisco.com/en/US/products/ps6120/ products_command_reference_chapter09186a0080452780.html
QUESTION 80
Dynamic Routing is being configured on one of the Certkiller security appliances. What are the two purposes of the network area subcommand? (Choose two)
A. It defines the interfaces on which OSPF runs.
B. It defines the interfaces on which RIP runs.
C. It defines the OSPF area the interface belongs to.
D. It separates the public area from the private area.
E. It defines the OSPF area type.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: To define the IP addresses on which OSPF runs and to define the area ID for that interface, enter the following command: hostname(config-router)# network ip_address mask area area_id The following example shows how to enable OSPF: hostname(config)# router ospf 2 hostname(config-router)# network 10.0.0.0 255.0.0.0 area 0 In this example, all interfaces that are configured on the PIX with an IP address in the 10.X.X.X range will be configured to belong to OSPF area
0.
QUESTION 81
The Certkiller network is using PIM sparse mode in their IP multicast implementation. What are two instances when sparse-mode PIM is most useful? (Choose two)
A. When there are few receivers in a group.
B. When there are many receivers in a group.
C. When the type of traffic is intermittent.
D. When the type of traffic is constant.
E. When the traffic is not ethertype.
F. When the traffic is ethertype.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Sparse multicast is most useful when:
1.
There are few receivers in a group.
2.
Senders and receivers are separated by WAN links.
3.
The type of traffic is intermittent. Sparse-mode PIM is optimized for environments where there are many multipoint data streams. Each data stream goes to a relatively small number of the LANs in the internetwork. For these types of groups, Reverse Path Forwarding techniques waste bandwidth. Sparse-mode PIM works by defining a Rendezvous Point. When a sender wants to send data, it first sends to the Rendezvous Point. When a receiver wants to receive data, it registers with the Rendezvous Point. Once the data stream begins to flow from sender to Rendezvous Point to receiver, the routers in the path will optimize the path automatically to remove any unnecessary hops. Sparse-mode PIM assumes that no hosts want the multicast traffic unless they specifically ask for it. Reference: http://www.cisco.com/warp/public/614/17.html
QUESTION 82
IP multicast needs to be configured on a new Certkiller PIX firewall. Which statements about the security appliance’s multicasting capabilities are true? (Choose two)
A. When the PIX security appliance is configured for Stub Multicast Routing, it is necessary to construct GRE tunnels to allow multicast traffic to bypass the PIX security appliance.
B. The security appliance supports Stub Multicast Routing.
C. The PIX supports PIM and DVRMP and MOSPF.
D. The PIX security appliance can be configured to act as an IGMP proxy agent.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: The security appliance supports both stub multicast routing and PIM multicast routing. However, you cannot configure both concurrently on a single security appliance. Stub multicast routing provides dynamic host registration and facilitates multicast routing. When configured for stub multicast routing, the security appliance acts as an IGMP proxy agent. Instead of fully participating in multicast routing, the security appliance forwards IGMP messages to an upstream multicast router, which sets up delivery of the multicast data. When configured for stub multicast routing, the security appliance cannot be configured for PIM. The security appliance supports both PIM-SM and bi-directional PIM. PIM-SM is a multicast routing protocol that uses the underlying unicast routing information base or a separate multicast-capable routing information base. It builds unidirectional shared trees rooted at a single Rendezvous Point per multicast group and optionally creates shortest-path trees per multicast source. Reference: Cisco Security Appliance Command Line Configuration Guide 7.0, p. 8-17
QUESTION 83
To enable multicast forwarding on a PIX outside interface, which of the following commands should the Certkiller security administrator enter?
A. Certkiller 1(config)# multicast on outside
B. Certkiller 1(config)# enable multicast outside
C. Certkiller 1(config)# multicast enable outside
D. Certkiller 1(config)# multicast interface outside
E. None of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: IP multicasting is actually the transmission of an IP datagram to a host group, which is a set of hosts identified by a single IP destination address. When hosts that need to receive a multicast transmission are separated from the multicast router by a PIX Security Appliance, configure the PIX Security Appliance to forward IGMP reports from the downstream hosts and to forward multicast transmissions from the upstream router. To allow hosts to receive multicast transmissions through the PIX Security Appliance, Use the multicast interface command to enable multicast forwarding on each interface
QUESTION 84
The security administrator at Certkiller is configuring the PIX Firewall to forward multicast transmissions from an inside source. Which of these steps are necessary? (Choose two)
A. It is necessary to use the igmp join-group command to enable the PIX Firewall to forward IGMP reports.
B. It is necessary to use the multicast interface command to enable multicast forwarding on each PIX Firewall interface.
C. It is necessary to use the igmp forward command to enable multicast forwarding on each PIX Firewall interface.
D. It is necessary to use the mroute command to create a static route from the transmission source to the next-hop router interface.
E. It is necessary to use the route command to create a static route from the transmission source to the next-hop router interface.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the Mroute command to create a static route from the transmission source to the next-hop router
interface.
Inside Multicast transmission source example:
Pixfirewall (config)# multicast interface outside Pixfirewall (config-multicast)# exit
Pixfirewall (config))# multicast interface inside Pixfirewall (config-multicast)# mroute 10.0.0.11
255.255.255.255 inside 230.1.1.2 255.255.255.255 outside In the example, multicast traffic is enabled on the inside and outside interface. A static multicast route is configured to enable inside host 10.0.0.11 to transmit multicasts to members of group 230.1.1.2 on the outside interface Reference: Cisco Secure PIX Firewall Advanced 3.1, Chapter 9, pages 13-14.
QUESTION 85
The security administrator at Certkiller wants to enable the PIX Firewall to permit hosts on different interfaces to ping each other. What command should be used to accomplish this?
A. The icmp command
B. The conduit command
C. The ping command
D. The ip audit command
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: By default, the PIX Firewall denies all inbound traffic through the outside interface. Based on your network security policy, you should consider configuring the PIX Firewall to deny all ICMP traffic at the outside interface, or any other interface you deem necessary, by using the icmp command The “icmp deny” command disables pinging to an interface, and the “icmp permit” command enables pinging to an interface. With pinging disabled, the PIXFirewall cannot be detected on the network. This is also referred to as configurable proxy pinging. For traffic that is routed through the PIX Firewall only, you
can use the access-list or access-group commands to control the ICMP traffic routed through the PIX
Firewall.
Reference:
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/
products_command_reference_chapter09186 a
QUESTION 86
An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which command should the administrator use?
A. class-map http_traffic match port tcp eq www
B. class-map http_traffic match flow ip destination address 192.168.1.11
C. class-map http_traffic match set 192.168.1.11
D. access-list 150 permit tcp any host 192.168.1.11 eq www class-map http_traffic match access-list 150
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. For example, you can use Modular Policy Framework to create a timeout configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP applications. The following is an example for the class-map command: CK1 (config)# access-list 101 permit tcp any any eq www CK1 (config)# class-map all_www CK1 (config-cmap)# match access-list 101 CK1 (config-cmap)# exit Reference: Cisco Security Appliance Command Line Configuration Guide 7.0, p. 18-4
QUESTION 87
After a new Cisco PIX was installed, some Certkiller users are experiencing problems using FTP. If the FTP protocol inspection is not enabled for a given port, which two statements are true? (Choose two)
A. Outbound standard FTP will work properly on that port.
B. Outbound passive FTP will not work properly on that port.
C. Outbound standard FTP will not work properly on that port.
D. Inbound standard FTP will not work properly on that port even if the traffic to the inside server is permitted by an access element.
E. Outbound passive FTP will work properly on that port as long as outbound traffic is not explicitly disallowed.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: The FTP application inspection inspects FTP sessions and performs four tasks: Prepares a dynamic secondary data connection Tracks the ftp command-response sequence Generates an audit trail NATs the embedded IP address FTP application inspection prepares secondary channels for FTP data transfer. The channels are allocated in response to a file upload, a file download, or a directory listing event, and they must be prenegotiated. The port is negotiated through the PORT or PASV (227) commands.
You can use the fixup command to change the default port assignment for FTP. The command syntax is as follows: [no] fixup protocol ftp [strict] [port] The port option lets you configure the port at which the PIX listens for FTP traffic. The strict option prevents web browsers from sending embedded commands in FTP requests. Each ftp command must be acknowledged before a new command is allowed. Connections sending embedded commands are dropped. The strict option only lets the server generate the PASV reply command (227) and only lets the client generate the PORT command. The PASV reply and PORT commands are checked to ensure that they do not appear in an error string. If you disable FTP fixups with the no fixup protocol ftp command, outbound users can start connections only in passive mode, and all inbound FTP is disabled. Note: The Cisco PIX protocol inspection configuration is new to PIX 7.0, and replaces the “fixup” protocol configuration statements. An FTP map will be used instead. Reference: CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Cisco Press, page 123.
QUESTION 88
When an outside FTP client accesses a corporation’s dmz FTP server through a security appliance, the Certkiller administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp request-command deny appe dele rm
B. ftp-map inbound_ftp request-command permit get put cdup
C. policy-map inbound class inbound_ftp_traffic inspect ftp strict get put cdup
D. policy-map inbound class inbound_ftp_traffic inspect ftp strict appe dele rmd
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Configuring FTP Inspection:
FTP application inspection is enabled default, so you only need to perform the procedures in this section if
you want to change the default FTP configuration, in any of the following ways:
Enable the strict option.
Identify specific FTP commands that are not permitted to pass through the security appliance.
Change the default port number.
To change the default configuration for FTP inspection, perform the following steps:
Step1
Name the traffic class by entering the following command in global configuration mode:
hostname(config)# class-map class_map_name
Replace class_map_name with the name of the traffic class, as in the following example:
hostname(config)# class-map ftp_port
When you enter the class-map command, the CLI enters the class map configuration mode, and the
prompt changes, as in the following example:
hostname(config-cmap)#
Step2
In the class map configuration mode, define the match command, as in the following example:
hostname(config-cmap)# match port tcp eq 23
hostname(config-cmap)# exit
hostname(config)#
To assign a range of continuous ports, enter the range keyword, as in the following example:
hostname(config-cmap)# match port tcp range 1023-1025 To assign more than one non-contiguous port
for FTP inspection, enter the access-list command and define an access control entry to match each port.
Then enter the match command to associate the access lists with the FTP traffic class.
Step3
Create an FTP map by entering the following command:
hostname(config)# ftp-map ftp_map_name
Replace ftp_map_name with the name of the FTP map, for example:
hostname(config)# ftp-map inbound_ftp
The system enters FTP map configuration mode and the CLI prompt changes as in the following example:
hostname(config-ftp-map)#
Step4
Define the configuration of the FTP map by entering the following command:
hostname(config-ftp-map)# request-command deny ftp_command hostname(config-ftp-map)# exit
hostname(config)#
Replace ftp_command with one or more FTP commands that you want to restrict. See the table below for a
list of the FTP commands that you can restrict. For example, the following command prevents storing or
appending files:
hostname(config-inbound_ftp)# request-command deny put stou appe
Table of FTP Map request-command deny Options
request-command deny Option Purpose
appe Disallows the command that appends
to a file.
cdup Disallows the command that changes
to the parent directory of the current
working directory.
dele Disallows the command that deletes a
file on the server.
get Disallows the client command for
retrieving a file from the server.
help Disallows the command that provides
help information.
mkd Disallows the command that makes a
directory on the server.
put Disallows the client command for
sending a file to the server.
rmd Disallows the command that deletes a
directory on the server.
rnfr Disallows the command that specifies
rename-from filename.
rnto Disallows the command that specifies
rename-to filename.
site Disallows the command that are
specific to the server system. Usually
used for remote administration.
stou Disallows the command that stores a
file using a unique file name.
Reference:
http://www.cisco.com/en/US/products/ps6120/
products_configuration_guide_chapter09186a0080450d38.html# w
QUESTION 89
The Certkiller administrator wants to protect against spoofing attacks on the LAN. Which feature prevents ARP spoofing?
A. ARP fixup
B. ARP inspection
C. MAC fixup
D. MAC inspection
E. All of the above
Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: By default, all ARP packets are allowed through the security appliance. You can control the flow of ARP packets by enabling ARP inspection. When you enable ARP inspection, the security appliance compares the MAC address, IP address, and source interface in all ARP packets to static entries in the ARP table, and takes the following actions: If the IP address, MAC address, and source interface match an ARP entry, the packet is passed through. If there is a mismatch between the MAC address, the IP address, or the interface, then the security appliance drops the packet. If the ARP packet does not match any entries in the static ARP table, then you can set the security appliance to either forward the packet out all interfaces (flood), or to drop the packet. ARP inspection prevents malicious users from impersonating other hosts or routers (known as ARP spoofing). ARP spoofing can enable a “man-in-the-middle” attack. For example, a host sends an ARP request to the gateway router; the gateway router responds with the gateway router MAC address. The attacker, however, sends another ARP response to the host with the attacker MAC address instead of the router MAC address. The attacker can now intercept all the host traffic before forwarding it on to the router. ARP inspection ensures that an attacker cannot send an ARP response with the attacker MAC address, so long as the correct MAC address and the associated IP address are in the static ARP table. Reference: Cisco Security Appliance Command Line Configuration Guide for the Cisco ASA 5500 Series and Cisco PIX 500 Series, chapter 22.
QUESTION 90
In which way does the DNS Guard feature help in the prevention of UDP session hijacking and DoS attacks?
A. It prevents all DNS responses from passing through the PIX Firewall.
B. It prevents any DNS name resolution requests to DNS servers behind the PIX Firewall.
C. If multiple DNS servers are queried, only the first answer from the first server to reply is allowed through the PIX Firewall. The PIX does not wait for the default UDP timer to close the sessions but tears down connections to all DNS servers after receiving the first reply.
D. Only the first reply from any given DNS server is allowed through the PIX Firewall. The PIX discards all other replies from the same server.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Generic UDP handling of DNS queries leaves connection opens longer than prudent. Instead, when using the DNS guard feature, the PIX Firewall identifies each outbound DNS resolve request and then tears down the connection as soon at the reply is received. Reference: PIX Firewall Advanced, Cisco Press, p. 365-366
QUESTION 91
The Certkiller network is installing an IPS device to mitigate the threat of outside attacks. The inline IPS software feature set is available in which security appliances?
A. Any Cisco PIX and ASA Security Appliance running v.7 software and an AIP-SSM module.
B. Only Cisco PIX 515, 525, and 535 Security Appliances with an AIP-SSM module.
C. Only Cisco ASA 5520 and 5540 Security Appliances with an AIP-SSM module.
D. Any Cisco ASA 5510, 5520, or 5540 Security Appliances with an AIP-SSM module.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco IPS Sensor software Version 5 delivers inline IPS capabilities to Cisco IPS 4200 Series sensors;
Cisco Catalyst(r) 6500 Series IPSM-2 modulesand the AIP SSM Module for the Cisco Adaptive Security
Appliance, which offers full IPS features within a converged appliance, allallowing effective worm and virus
mitigation at strategic points across the network.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801e6a45.html
QUESTION 92
The Certkiller network administrator needs to upgrade the IOS on a security appliance. Which of the following choices can be used to upgrade the image?
A. copy ftp tftp flash
B. tftp flash copy
C. copy flash tftp
D. copy tftp flash
E. get tftp flash
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Upgrade your PIX operating system image file from a local TFTP server with the copy tftp flash command.
This will allow the PIX to download an image from a TFTP server and save it to flash memory.
QUESTION 93
A Certkiller PIX needs to have its license upgraded. What does the PIX Firewall license determine? (Select three)
A. Its ability to provide cut-through proxy services
B. Whether it can be managed by PDM
C. Number of interfaces supported by the platform
D. Amount of RAM supported by the platform
E. The software image that can be installed
F. Failover support
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
Explanation The PIX Firewall license determines the level of service it provides, its functions in a network, the maximum number of interfaces, and memory it can support. The following three basic license types are available:
1.
Unrestricted-PIX Security Appliance platforms in an Unrestricted (UR) license mode allow installation and use of the maximum number of interfaces and RAM supported by the platform. The UR license supports failover.
2.
Restricted-PIX Security Appliance platforms in a Restricted (R) license mode limit the number of interfaces supported and the amount of RAM available within the system. A Restricted licensed firewall does not support a redundant system for failover configurations.
3.
Failover- The failover (FO) software license places the PIX Security Appliance in a failover mode for use alongside another PIX Security Appliance with an unrestricted license.
QUESTION 94
You need to access a Certkiller PIX remotely via SSH. What username and password will establish an SSH connection to your PIX security appliance?
A. Username pixfirewall, password aaapass
B. Username pix, current enable password
C. Username pixfirewall, password attack D. Username pix, current Telnet password
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
To gain access to the security appliance console using SSH, at the SSH client enter the username pix and
enter the login password set by the password command. The login password is used for Telnet and SSH
connections. By default, the login password is “cisco.”
Incorrect Answers:
A, C: The username used is “pix” by default, not “pixfirewall.
B: The login (telnet) password is used initially to access the PIX firewall via SSH, not the enable password.
Reference:
Cisco Security Appliance Command Line Configuration Guide For the Cisco ASA 5500 Series and Cisco
PIX 500 Series version 7.0, Page 31-3
Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, Cisco 642-522 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-522 exam the first time.
Pass4itsure c4040-226 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/c4040-226.html
Cisco 642-522 Certification, 100% Pass Cisco 642-522 Certification Braindumps With Low Price