Welcome to download the newest Pass4itsure 642-522 dumps:
QUESTION 97
Which of the following statements regarding SSH and the PIX Firewall are valid? (Choose three)
A. You must generate an RSA key-pair for the PIX Firewall before SSH clients can connect to the PIX Firewall console.
B. You can use either an SSH version 1 or 2 client because the two versions are essentially the same and are entirely compatible.
C. The PIX Firewall supports the SSH remote functionality as provided in SSH version.1.
D. You must upgrade you DES activation key to 3DES.
E. The PIX Firewall allows up to 5 SSH clients to simultaneously access its console.
F. The PIX Firewall does not support SSH remote functionality as provided in SSH version 1.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation: The PIX Firewall supports the SSH remote functionality, as provided in SSH version 1, which provides strong authentication and encryption capabilities. SSH, an application running on top of reliable transport layer such as TCP, supports logging onto another computer over a network, executing command remotely, and moving files from one host to another. Both ends of an SSH connection are authenticated, and passwords are protected by being encrypted. Since SSH uses RSA public key cryptography, an Internet encryption and authentication system, you must generate an RSA key pair for the PIX Firewall before clients can connect to the PIX Firewall console. The PIX Firewall allows up to five SSH clients to simultaneously access its console. Reference: SPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.17-7
QUESTION 98
You want to configure a Certkiller user with the highest privilege level available on a new Cisco PIX firewall. What privilege level is the highest on this security appliance?
A. 1
B. 5
C. 10
D. 15
E. 16
F. 20
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The privilege command sets user-defined privilege levels for PIXFirewall commands. This is especially
useful for setting different privilege levels for related configuration, show, and clear commands. However,
be sure to verify privilege level changes in your commands with your security policies before implementing
the new privilege levels. The privilege level can be a value from 0 to 15. (Lower numbers are lower
privilege levels while 15 is the highest.)
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/
products_command_reference_chapter09186a00804
QUESTION 99
You want to apply a set of commands to a specific privileged level on a Certkiller security appliance. What command reassigns a specific command to a different privilege level?
A. privilege
B. command auth
C. level-priv
D. ourpriv
E. None of the above
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The privilege command sets user-defined privilege levels for PIXFirewall commands. This is especially
useful for setting different privilege levels for related configuration, show, and clear commands. However,
be sure to verify privilege level changes in your commands with your security policies before implementing
the new privilege levels. When commands have privilege levels set, and users have privilege levels set,
then the two are compared to determine if a given user can execute a given command. If the user’s
privilege level is lower than the privilege level of the command, the user is prevented from executing the
command. This is modeled after Cisco IOS software.
QUESTION 100
You made use of the privilege command to set privilege levels for PIX Firewall commands. How can an administrator be prevented from gaining access to a particular privilege level?
A. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the user name for that level.
B. From the > prompt, enter the login command with a privilege-level designation, when prompted enter the password.
C. From the # prompt, enter the privilege command with a privilege-level designation; when prompted, enter the password for that level.
D. From the > prompt, enter the enable command with a privilege-level designation, when prompted, enter the password for that level.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The PIX Firewall has four administrative access modes:
Upon first accessing a PIX Firewall, the admin is presented with pix> prompt. This is the unprivileged
mode.
To gain access to particular privileged level, enter enable [priv_level]
Privileged mode – This mode displays the # prompt and enable the user to change the current settings.
QUESTION 101
The administrator at Certkiller Inc. needs to know the command to enable command authorization. What is this command?
A. aaa authorization command LOCAL
B. aaa authorization permit any LOCAL
C. level-priv
D. passwd
E. None of the above
Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation:
The “aaa authorization command local” enables command authorization (using it’s own local database).
Reference: Cisco Secure PIX Firewall Advanced 3.1 chap 15 page 24
QUESTION 102
The Certkiller PIX firewall administrator issued the “who” command. What is the purpose of this command?
A. To enable you to view which IP addresses are currently accessing the security appliance console via Telnet.
B. To enable you to view which IP addresses are currently accessing the security appliance console via SSH.
C. To enable you to view the hostname of devices accessing the security appliance.
D. To enable you to view who is currently accessing the security appliance Device Manager console from a browser.
E. None of the above.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The “who” command shows the PIXFirewall TTY_ID and IP address of each Telnet client currently logged
into the PIXFirewall. This command is the same as the “show who” command.
The following example shows how to display the current Telnet sessions:
pixCKfirewall# who
0: From 192.168.1.3
1: From 192.168.2.2
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/
products_command_reference_chapter09186a00804
QUESTION 103
ASDM is being used in the Certkiller network for managing the security appliances. The ASDM client is supported on which PC operating systems (Choose the best answer)
A. Windows, Macintosh, and Linux
B. Windows, and Sun Solaris
C. Windows, Linux, and Sun Solaris
D. Windows and Linux
E. Windows only
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Adaptive Security Device Manager (ASDM) can be accessed directly with a Web browser from any
Java plug-in enabled computer on the network, providing security administrators with rapid, secure access
to their Cisco ASA 5500 Series Adaptive Security Appliances or Cisco PIX Security Appliances. The table
below lists the operating systems and Web browsers supported by Cisco ASDM Version 5.0.
Supported Operating Systems and Web Browsers:
Operating Systems Browsers (JavaScript- and
Java-Enabled)
Windows 2000 with Service Pack 4 Microsoft Internet Explorer 6.0 with (English/Japanese) Java Plug-In
v1.4.2 or 1.5.0
Windows XP (English/Japanese) Netscape Communicator 7.2 with Java Plug-In v1.4.2 or 1.5.0
Sun Solaris 2.8 or Higher Running Mozilla 1.7.3 with Java Plug-In v1.4.2 CDE or 1.5.0
Red Hat Linux 9.0 Running GNOME Mozilla 1.7.3 with Java Plug-In v1.4.2 or KDE Red Hat Enterprise Linux WS Version Note: Cisco ASDM Version 5.0 does not support Windows 95, Windows 98, Windows ME, Windows NT, or Sun Solaris OpenWindows. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008014871d.html
QUESTION 104
A Certkiller firewall is configured for address translation as shown in the figure below:
Refer to the exhibit above. The Certkiller administrator is troubleshooting a security appliance connectivity issue using ASDM. The problem is that a new partner is trying to access the order entry server on dmz1_host from a PC on the outside network. The administrator is able to access the host successfully from the outside. After successfully troubleshooting the problem, the administrator determines that the partner is trying to access the server on the wrong IP address. From the information present on the ASDM screen, what address should the partner use to connect to dmz1_host?
A. 172.16.1.17
B. 172.16.1.10
C. 192.168.1.9
D. 192.168.1.4
E. 10.0.1.0
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: When users from the outside connect to a server on the DMZ, they will need to use the translated IP address of the server, not the real IP address. According to the firewall ASDM information shown above, the DMZ server’s real IP address is 172.16.1.10, and the translated IP address is 192.168.1.4. To users on the outside, the server appears as if it is using the 192.168.1.4 IP address.
QUESTION 105
The following was seen by the Certkiller security administrator:
Refer to the exhibit shown above. When accessing the IPS icon in ASDM, the administrator is presented
with a “Connecting to IPS” popup window. In the window, the management IP address A.B.C.D is
displayed where A.B.C.D is an actual IP address.
What is IPS management ‘connecting to” which has an IP address of A.B.C.D?
A. The AIP-SSM IPS control channel IP address.
B. The AIP-SSM IPS data channel IP address.
C. The AIP-SSM external interface IP address.
D. The AIP-SSM HTTP server virtual address.
E. None of the above
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The AIP-SSM is configured with an IP address on it’s interface, allowing for management of the AIP-SSM on a security appliance, such as the ASA 5500. When the AIP-SSM module is installed, the status of it can be seen as shown in the example below: Certkiller 1# show module 1 details Getting details from the Service Module, please wait… ASA 5500 Series Security Services Module-20 Model: ASA-SSM-20 Hardware version: 0.2 Serial Number: P2B000005D0 Firmware version: 1.0(10)0 Software version: 5.0(0.27)S129.0 Status: Up Mgmt IP addr: 10.8.147.210 Mgmt web ports: 881 Mgmt TLS enabled: false Certkiller 1# In this example, the outside interface/management IP address is 10.8.147.210.
QUESTION 106
An activation license key is being applied to a new Certkiller firewall. Which of the following statements regarding license keys for PIX Firewalls is valid?
A. License keys exist for the PIX Firewall 515E software version only.
B. License keys are not specific to a particular PIX Firewall software version.
C. License keys are specific to the PIX Firewall software versions.
D. License keys are not required for any of the PIX Firewall software versions.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
An activation key is “tied” to a specific PIX Firewall, such as PIX Firewall-serial number 12345678. An
activation key is not specific to a particular PIX Firewall software version. Reference: CSPFA Student
Guide v3.2 – Cisco Secure PIX Advanced Guide, page 4-30.
QUESTION 107
A new Cisco PIX 515 is being installed in a Certkiller location. How many interfaces can be configured on a Cisco PIX 515 with a restricted license?
A. 2
B. 3
C. 4
D. 6
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The pix 515 restricted license supports up to 3 interfaces. If you need to enable more you must upgrade to
the unrestricted license.
QUESTION 108
DRAG DROP
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
QUESTION 109
SIMULATION
Part of the Certkiller network is shown in the following diagram:
Certkiller .com has installed a PIX security appliance and wants basic outbound access configured on the outside interface for all hosts on the inside network of 10.0.3.0/255.255.255.0. The real IP addresses of the inside hosts should be hidden from the outside network. Certkiller .com policy requires that packets traversing from a higher security interface to a lower security interface for all other inside networks must match a NAT rule, or else processing for the packet must stop. use the topology provided and the parameters below to complete this configuration. When you complete the exercise you should be able to open a Web session from the Corporate PC at 10.0.3.11 to the Web server located at 172.26.26.50. You should not be able to open a Web Session from the Corporate PC at 10.0.4.11 to the Web server located at 172.26.26.50. Ethernet1 Name inside Ethernet2 Name outside Nat ID 1 Global IP Addresses 192.168.1.20-192.168.1.254 Global Network 255.255.255.0 Inside Network A 10.0.1.0/255.255.255.0 Inside Network B 10.0.3.0/255.255.255.0 Inside Network C 10.0.4.0/255.255.255.0 DMZ Network 172.168.1.1 Hostname pix1 Hostname 172.16.1.2 bastionhost Hostname 10.0.3.11 Insidehost Enable Password blank Start the simulation by clicking on the host icon connected to the PIX Firewall
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Certkiller # conf t Certkiller (conf)# nat (inside) 1 10.0.4.0 255.255.255.0 Certkiller (conf)# nat (inside) 1 10.0.3.0
255.255.255.0 Certkiller (conf)# nat (dmz) 1 172.16.1.0 255.255.255.0 //We allow NAT’ting for all of the networks except 10.0.3.0 Certkiller (conf)# global (outside) 1 192.168.1.20-192.168.1.254 netmask 255.255.255.0 Certkiller (conf)# nat-control //Have NAT control over all internal hosts. Certkiller (conf)#end Certkiller # copy run start //Note: We could have used nat (inside) 1 0.0.0.0 0.0.0.0 unless the question doesnt specify the requirement for host 10.0.4.11 to be denied access.
Certkiller .com, Scenario
The Certkiller network is depicted in the following diagram:
Note: Scenario is incomplete. Certkiller .com (7 Questions)
QUESTION 110
SIMULATION
The Certkiller network is depicted in the following diagram:
Certkiller .com installed a brand new PIX security appliance. The PIX configuration is currently at factory-default, single mode. From Host Certkiller 1, your task is to add two security contexts, allocate the appropriate interfaces to each context, and identify the location from which the system download the context configuration. The security appliance contexts are named dminand tx2. The dmincontext will support interaces ethernet0 and ethernet1. The dmincontext configuration should be stored in the PIX flash file admin.cfg. The tx2context will support interfaces ethernet2 and ethernet3. The tx2context configuration should be stored in the PIX flash file ctx2.cfg. You are finished with the task after the contexts are created, interfaces allocated and context configuration file locations are configured in the PIX system context. Enable secret password is: Certkiller Click on Host Certkiller 1 to start the simulation.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: pix> enable password: pix pix# configure terminal pix(config)# mode multiple Hit enter Hit enter pix# configure terminal pix(config)# context ctx2 pix(config-ctx)# config-url flash:/ctx2.cfg pix(config-ctx)# allocate-interface e2 pix(config-ctx)# allocate-interface e3 pix(config-ctx)# end pix# configure terminal pix(config)# context admin pix(config-ctx)# config-url flash:/admin.cfg pix(config-ctx)# allocate-interface e0 pix(config-ctx)# allocate-interface e1 pix(config-ctx)# end pix# copy running-config startup-config pix# show running-config Note: the “changeto” command is not allowed in this scenario, and had to be removed Note: the “disk0” was not allowed in the this scenario, but flash is a synonym for disk0, so this was OK
QUESTION 111
Note: Please refer to the Certkiller .com scenario. Which of the following traffic is permitted based on the current access-list configuration? (Choose two)
A. FTP traffic from outside the host to the 172.16.1.2 host on the dmz1.
B. HTTP and HTTPS traffic from the 172.16.10.2 dmz2 host to any host on the outside.
C. Any IP traffic from any outside host to the 172.16.10.2 host on the dmz2.
D. Any IP traffic from any outside host to the 172.16.1.2 host on the dmze1.
E. Any IP traffic from any host on the dmz1 to any host on the inside.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Note: Please refer to the Certkiller .com scenario. What is the current address translation configuration on the security appliance? (Choose two)
A. Using Dynamic NAT to translate any host on the inside to a mapped address from the address pool of
192.168.1.20 to 192.158.1.254.
B. Using Port Address Translation (PAT) to translate any host on the inside to the 192.168.1.10 global address.
C. Using Static NAT to translate the 172.16.10.2 DMZ host to a global address of 192.168.1.12.
D. Using Dynamic NAT to translate any host on dmz1 and dmz2 to a mapped address from the address pool of 192.168.1.20 to 192.168.1.254.
E. Using Static NAT to translate the 172.16.1.2 DMZ host to a global address of 192.168.1.10.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Note: Please refer to the Certkiller .com scenario. What is the current configured default gateway IP address on the security appliance?
A. 172.16.10.1
B. 172.16.1.1
C. 192.168.1.1
D. 10.0.1.1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Note: Please refer to the Certkiller .com scenario. Which hosts are allowed to manage this security appliance using ASDM or HTTPS?
A. The 10.0.1.11 host only.
B. The 172.16.1.2 host only.
C. The 172.16.10.2 host only.
D. Any host on the 10.0.1.0/24 subnet.
E. Any host on the 172.16.1.0/24 subnet.
F. Any host on the 172.16.10.0/24 subnet.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Note: Please refer to the Certkiller .com scenario. Which interface on this security appliance is enabled for DHCP server functionality?
A. None
B. Ethernet2
C. Ethernet1
D. Ethernet0
E. The inside and DMZ interfaces.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Note: Please refer to the Certkiller .com scenario. What is the maximum number of VLANs and physical interfaces supported based on the current security appliance software license?
A. 25 VLANs and 6 interfaces
B. 10 VLANs and 3 interfaces
C. 50 VLANs and 8 interfaces
D. 150 VLANs and 14 interfaces
E. 100 VLANs and 10 interfaces
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
It is not easy to achieve success in the field of information technology. This is because Cisco 642-522 competition is very rampant in the industry. In order for you to acquire a successful career in this industry, acquiring the best Cisco 642-522 certification is the best thing to do. When selecting an information technology Cisco 642-522 certification, it is very significant to look for the right Apple 9L0-506 that can help you succeed. Make sure that it relates to your career. Do not just select Cisco 642-522 certification without reviewing the Cisco 642-522 certification if it can help you or not.
Welcome to download the newest Pass4itsure 642-522 dumps: https://www.pass4itsure.com/642-522.html
http://www.ducktown.org/comptia-220-602-exam-tests-the-most-recommended-comptia-220-602-study-material-latest-version-pdfvce/