642-522 Exam

- Covers the entire recommended syllabus
- Comprehensive questions and answers about 642-522 exam
- Verified Answers Researched by Industry Experts and almost 100% correct
- 642-522 exam questions updated on regular basis
- Same type as the certification exams, 642-522 exam preparation is in multiple-choice questions (MCQs)
- Tested by multiple times before publishing
- Try free 642-522 exam demo before you decide to buy it in Hiexam
- Technical support through Live Chat or Email

　
　
Exam : Cisco 642-522
Title : Securing Networks with PIX and ASA Exam(SNPA)


1. Refer to the exhibit.
An administrator wants to permanently map host addresses on the DMZ subnet to the same host addresses, but a different subnet, on the outside interface. Which command should the administrator use to accomplish this?
A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0
B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0
Nat (outside) 10 access-list server_map
Global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. NAT (dmz) 1 172.16.1.0 netmask 255.255.255.0
　Global (outside) 1 192.168.10.9-10 netmask 255.255.255.0
Answer: C

2. An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which commands should the administrator use?
A. class-map http_traffic
　match port tcp eq www
B. class-map http_traffic
　match flow ip destination address 192.168.1.11
C. class-map http_traffic
　match set 192.168.1.11
D. access-list 150 permit tcp any host 192.168.1.11 eq www
class-map http_traffic
match access-list 150
Answer: D

3. Refer to the exhibit.
The network administrator for this small site has chosen to authenticate HTTP cut-through proxy traffic via a local database on the Cisco PIX Security Appliance. Which command strings should the administrator enter to accomplish this?
A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
Answer: D

4. Refer to the exhibit.
An administrator wants a user on the inside network to access two sites on the Internet and present two different source IP addresses. When the user is accessing Company A web servers, the source IP address is translated to 192.168.0.9. When the user is accessing Company B web servers, the source address is translated to 192.168.0.21.
Which of these can the security appliance administrator configure to accomplish this application?
A. inside NAT
B. identity NAT
C. static
D. policy NAT
Answer: D

5. When an outside FTP client accesses a corporation's dmz FTP server through a security appliance, the administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp
　request-cmd deny appe dele rmd
B. ftp-map inbound_ftp
　request-cmd permit get put cdup
C. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict get put cdup
D. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict appe dele rmd
Answer: A

http://www.Hiexam.com The safer.easier way to get CCSP Certification.