您好,欢迎来到江浙沪招生考试网 !

设为首页|加入收藏|联系我们|网站地图|

江浙沪招生考试网

您现在的位置: test4exam >> 历年真题 >> it认证题库 >> 正文

思科认证Cisco 642-523 题库

日期:2015/8/31 13:36:43 来源:本站原创 访问量:

  1. Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an address

  pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?

  A. dhcpd address 10.0.1.100-10.0.1.108 DMZ

  dhcpd dns 192.168.1.2 dhcpd enable DMZ

  B. dhcpd range 10.0.1.100-10.0.1.108 DMZ

  dhcpd dns server 192.168.1.2 dhcpd DMZ

  C. dhcpd address range 10.0.1.100-10.0.1.108

  dhcpd dns 192.168.1.2 dhcpd enable

  D. dhcpd address range 10.0.1.100-10.0.1.108

  dhcpd dns server 192.168.1.2 dhcpd enable DMZ

  Answer: A

  2. Refer to the exhibit. Based on this output, which of the following statements is true?

  A. The ACLOUT access list has been designed to allow the IP address with the network address of 192.168.6.0 to

  have unrestricted access to the web server at IP address 192.168.1.11.

  B. The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.

  C. The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies

  D. The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a

  network address of 192.168.6.0.

  Answer: A

  3. Which mode of operation must you enter in order to recover the Cisco ASA password?

  TestInside 642-523

  A. unprivileged

  B. privileged

  C. configure

  D. monitor

  Answer: D

  4. Which command both verifies that NAT is working properly and displays active NAT translations?

  A. show running-configuration nat

  B. show nat translation

  C. show xlate

  D. show ip nat all

  Answer: C

  5. The Cisco VPN Client supports which three of these tunneling protocols and methods? (Choose three.)

  A. IPsec over TCP

  B. IPsec over UDP

  C. ESP

  D. AH

  E. SCEP

  F. LZS

  Answer: ABC

  6. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1

  server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance

  will verify the user's credentials with the TX_ACS AAA server via RADIUS. To accomplish this, the

  administrator must load and configure Cisco ACS software on the TX_ACS AAA server. During the process, the

  administrator must correctly configure the AAA client information in the Cisco ACS network configuration

  window.

  What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP address)?

  TestInside 642-523

  A. AX_ACS

  B?0.0.1.10

  B. AEB1

  B?72.16.1.2

  C. Aave

  B?92.168.2.10

  D. ASA1

  B?0.0.1.1

  Answer: D

  7. When configuring a crypto ipsec transform-set command, how many unique transforms can a single transform

  set contain?

  TestInside 642-523

  A. one

  B. two

  C. three

  D. four

  Answer: B

  8. Refer to the exhibit. An administrator is adding descriptions to class maps for each part of the modular policy

  framework. What text would the administrator add to the description command to describe the TO_SERVER class

  map?

  A. description "This class-map matches all HTTP traffic for the public web server."

  B. description "This class-map matches all HTTPS traffic for the public web server."

  C. description "This class-map matches all TCP traffic for the public web server."

  D. description "This class-map matches all IP traffic for the public web server."

  Answer: D

  9. Refer to the exhibit. The network administrator for this small site has chosen to authenticate HTTP cut-through

  TestInside 642-523

  proxy traffic via a local database on the Cisco ASA. Which set of command strings should the administrator enter

  to accomplish this?

  A. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6

  asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www

  asa1(config)# aaa authentication match 150 outside LOCAL

  B. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6

  asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www

  asa1(config)# aaa authentication match 150 outside asa1

  C. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6

  asa1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www

  asa1(config)# aaa authentication match 150 outside asa1

  D. asa1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6

  asa1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www

  asa1(config)# aaa authentication match 150 outside LOCAL

  Answer: D

  TestInside 642-523

  10. Which three of these are potential groups of users for WebVPN? (Choose three.)

  A. employees accessing specific internal applications from desktops and laptops not managed by IT

  B. administrators who need to manage servers and networking equipment

  C. employees that only need occasional corporate access to a few applications

  D. employees that need access to a wide range of corporate applications

  E. users of a customer service kiosk placed in a retail store

  F. remote employees that need daily access to the internal corporate network

  Answer: ACE

  11. Which of these commands will provide detailed information about the crypto map configurations of a Cisco

  ASA?

  A. show run ipsec sa

  B. show ipsec sa

  C. show crypto map

  D. show run crypto map

  Answer: D

  12. Which of these commands would block all SIP INVITE packets, such as calling-party and request-method,

  from specific SIP endpoints?

  A. Group the match commands in a SIP inspection policy map.

  B. Group the match commands in a SIP inspection class map.

  C. Use the match calling-party command in a class map. Apply the class map to a policy map that contains the

  match request-methods command.

  D. Use the match request-methods command in an inspection class map. Apply the inspection class map to an

  inspection policy map that contains the match calling-party command.

  E. Group the match commands in the global_policy policy map.

  Answer: B

  13. Refer to the exhibit. This adaptive security appliance is configured for which two types of failover? (Choose

  two.)

  TestInside 642-523

  A. cable-based failover

  B. LAN-based failover

  C. stateful failover

  D. Active/Standby failover

  E. Active/Active failover

  F. Context/Group failover

  Answer: BE

  14. LAB

  TestInside 642-523

  The answer for the question is not available now, we are appreciate if you can provide the answer to us!

  15. The primary adaptive security appliance failed, so the secondary adaptive security appliance was

  automatically activated. The network administrator then fixed the problem. Now the administrator wants to return

  the primary to "active" status.

  Which of these commands, when issued on the primary adaptive security appliance, will reactivate the primary

  adaptive security appliance and restore it to "active" status?

  A. failover primary active

  B. failover secondary group 1

  C. failover active group 1

  D. failover secondary standby group 1

  Answer: C

  16. You are configuring a crypto map. Which of these commands would you use to specify the peer to which

  IPsec-protected traffic can be forwarded?

  A. crypto map set peer 192.168.7.2

  B. crypto map 20 set-peer insidehost

  C. crypto-map policy 10 set 192.168.7.2

  TestInside 642-523

  D. crypto map peer7 10 set peer 192.168.7.2

  Answer: D

  17. Which three types of information can be found in the syslog output for an adaptive security appliance?

  (Choose three.)

  A. time stamp and date

  B. logging level

  C. default router

  D. interface packet received

  E. hostname of the packet sender

  F. message text

  Answer: ABF

  18. With adaptive security appliance code of version 7.0 or later, which three hardware and software requirements

  must be met before failover can be configured? (Choose three.)

  A. The adaptive security appliances must be the same type of platform.

  B. RAM, flash, modules, and interfaces must be identical on each unit.

  C. The failover pair must meet hardware and software requirements, but can be a PIX and a Cisco ASA.

  D. Only RAM and interfaces must be identical on each unit.

  E. Major and minor software releases must match, but software versions do not need to be identical.

  F. Software versions must have the same major release version, but minor release versions do not need to match.

  Answer: ABE

  19. Refer to the exhibit. What is the purpose of this command?

  A. to filter ActiveX traffic from the default route

  B. to filter ActiveX traffic on HTTP from any host and to any host

  C. to filter Java traffic on HTTP from any host and to any host

  D. to filter ActiveX traffic once it has been applied to an interface

  TestInside 642-523

  Answer: B

  20. Which three of these are encryption algorithms used by Cisco ASA security appliances? (Choose three.)

  A. DES

  B. Blowfish

  C. RC4

  D. 3DES

  E. AES

  F. Diffie-Hellman Group 5

  Answer: ADE

  21. Which command configures the Cisco ASA console for SSH access by a local user?

  A. aaa authentication ssh console LOCAL

  B. ssh console username sysadmin password cisco123

  C. ssh username sysadmin password cisco123

  D. aaa authentication ssh LOCAL

  Answer: A

  22. By default, adaptive security appliances configured for LAN-based failover will fail over after approximately

  15 seconds. Which two commands should an administrator configure on the security appliance to detect a failure

  faster? (Choose two.)

  A. failover polltime unit

  B. failover interface-policy polltime

  C. failover lan link polltime

  D. failover lan unit polltime

  E. failover unit-policy polltime

  F. failover polltime interface

  Answer: AF

  23. LAB

  TestInside 642-523

  The answer for the question is not available now, we are appreciate if you can provide the answer to us!

  24. Which of the following statements about adaptive security appliance failover is true?

  A. The Cisco ASA and PIX security appliances support LAN-based and cable-based failover.

  B. The Cisco ASA security appliance only supports cable-based failover.

  C. The PIX adaptive security appliance only supports LAN-based failover.

  D. The PIX adaptive security appliance supports LAN-based and cable-based failover.

  Answer: D

  25. Which of these commands enables IKE on the outside interface?

  A. ike enable outside

  B. nameif outside isakmp enable

  C. isakmp enable outside

  D. int g0/0 ike enable (outbound)

  Answer: C

  26. Which of the following statements about the configuration of WebVPN on the Cisco ASA is true for Cisco

  ASA version 7.2?

  TestInside 642-523

  A. WebVPN and Cisco ASDM can both be enabled on the same interface, but must run on different TCP ports.

  B. WebVPN and Cisco ASDM cannot be enabled at the same time on the Cisco ASA.

  C. WebVPN and Cisco ASDM can only be enabled at the same time using the command line interface.

  D. WebVPN and Cisco ASDM cannot run on the same interface.

  Answer: A

  27. Which command will set the default route for an adaptive security appliance to the IP address 10.10.10.1?

  A. route add default 0 10.10.10.1

  B. route management 10.10.10.0 0.0.0.255 10.10.10.1 1

  C. route 0 0 10.10.10.1 1

  D. route outside 0 0 10.10.10.1 1

  Answer: D

  28. An administrator is configuring a Cisco ASA for site-to-site VPN using pre-shared keys. Which two

  configuration modes and commands would the administrator configure when using a pre-shared key of 1234?

  (Choose two.)

  A. asa(config-isakmp-policy)# authentication pre-share

  B. asa(config-isakmp-policy)# authentication pre-shared-key 1234

  C. asa(config-tunnel-ipsec)# pre-shared-key 1234

  D. asa(config-tunnel-general)# authentication pre-share

  E. asa(config)# tunnel-group name general-attributes authentication pre-share

  F. asa(config)# tunnel-group name ipsec-attributes pre-shared-key 1234

  Answer: AC

  29. Refer to the exhibit. An administrator wants to permanently map host addresses on the DMZ subnet to the

  same host addresses, but a different subnet, on the outside interface. Which command or commands should the

  administrator use to accomplish this?

  TestInside 642-523

  A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0

  B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0

  nat (outside) 10 access-list server_map

  global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0

  C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0

  D. nat (dmz) 1 172.16.1.0 netmask 255.255.255.0

  global (outside) 1 192.168.10.9-10 netmask 255.255.255.0

  Answer: C

  30. Which three of these commands will show you the contents of flash memory on the Cisco ASA? (Choose

  three.)

  A. show disk

  B. flash

  C. dir

  D. show flash:

  E. directory

  F. info flash

  Answer: ACD

  31. On a Cisco ASA adaptive security appliance, the administrator enters the boot config disk0:/startup.txt

  command. What will this command do when the system is reloaded?

  A. It will configure the ASA to skip the hardware diagnostics and perform a warm boot of the startup.txt config

  file.

  TestInside 642-523

  B. It will copy the current config file to the startup.txt file on disk 0.

  C. It will do nothing until the file extension is changed to .cfg, at which time it will boot the startup.cfg config file.

  D. It will configure the Cisco ASA to boot using the startup.txt config file stored in flash memory.

  Answer: D

  32. What does the activation-key command in the Cisco ASA do?

  A. automatically activates the Cisco ASA, allowing it to be configured right out of the box

  B. activates the SSM module in the Cisco ASA, providing intrusion protection and content filtering

  C. applies the activation key to the Cisco ASDM so the Cisco ASA can be managed using a web interface

  D. applies the activation key to the Cisco ASA operating system, so that the Cisco ASA is licensed and all features

  are available

  Answer: D

  33. Refer to the exhibit. Given the configuration commands shown, what traffic will be logged to the AAA server?

  A. All connection information will be logged in the accounting database.

  B. All outbound connection information will be logged in the accounting database.

  C. Only the authenticated console connection information will be logged in the accounting database.

  D. No information will be logged. This is not a valid configuration because TACACS+ connection information

  cannot be captured and logged.

  Answer: B

  34. What does the csd enable command enable on the Cisco ASA?"

  A. It enables the Cisco Secure Desktop on the host connecting to the Cisco ASDM.

  B. It enables the Cisco Secure Desktop for IPsec VPN clients when they connect to the Cisco ASA.

  C. It enables the Cisco Secure Desktop for SSL VPN clients when they connect.

  TestInside 642-523

  D. It enables the Cisco Secure Desktop on SSL VPN clients without a host-based firewall.

  Answer: C

  35. Which command configures the adaptive security appliance interface as a DHCP client and sets the default

  route to be the default gateway parameter returned from the DHCP server?

  A. ip address dhcp setroute

  B. ip address dhcp

  C. ip address dhcp default route

  D. dhcp setroute

  Answer: A

  36. Which three of these are Cisco ASA syslog message fields? (Choose three.)

  A. logging level

  B. logging device IP

  C. message text

  D. triggering packet copy

  E. syslog community string

  F. default ASA gateway

  Answer: ABC

  37. Which username and password can you use to establish an SSH connection to your adaptive security appliance

  when no local or remote user database has been configured?

  A. the username "pix" and the password "cisco123"

  B. the username "pix" and the password "cisco"

  C. the username "ssh" and the password "pix"

  D. the username "ssh" and the password "cisco123"

  Answer: B

  38. Which of these commands causes the CSC SSM to load a new software image from a remote TFTP server via

  the CLI?

  A. module 1 recover config

  TestInside 642-523

  B. hw module recover config

  C. hw module 1 recover config

  D. copy tftp:tftphost/image.bin hardware:module1/image.bin

  Answer: C

  39. Only the default modular policy framework is currently configured on your Cisco ASA. You want to block the

  dele and put FTP commands, but only on the outside interface. Which three of these commands must be entered to

  accomplish this goal? (Choose three.)

  A. policy-map type inspect ftp

  B. service-policy

  C. regex

  D. access-list

  E. class-map type inspect ftp

  F. policy-map

  Answer: ABF

  40. When an administrator adds the same-security-traffic permit inter-interface command to a Cisco ASA, what

  will happen?

  A. A Dynamic Multipoint VPN connected to all endpoints will be enabled.

  B. Communication will be allowed between different interfaces with the same security level.

  C. Communication will be allowed between VPN clients terminated on different Cisco ASA interfaces.

  D. Communication will be allowed between multiple Cisco ASA security appliances deployed as hubs in

  enterprise-wide deployments of Cisco Easy VPN servers.

  Answer: B

  41. Which of these commands will configure the adaptive security appliance to use an ACS server for console

  access authentication?

  A. aaa authentication serial console LOCAL

  B. aaa authentication console LOCAL

  C. aaa authentication serial console SRVGRP1 LOCAL

  D. aaa authentication console SRVGRP1

  TestInside 642-523

  Answer: C

  42. Refer to the exhibit. If the show failover command has returned this output, what is the problem with the

  failover configuration?

  A. The LAN-based failover interface has been shut down on the security appliance.

  B. The failover cable is not connected to the secondary failover security appliance.

  C. The poll frequency is set too high to detect the secondary failover security appliance.

  D. There is no problem; the timer that detects the secondary failover security appliance has not expired.

  Answer: B

  43. An administrator wants to protect a DMZ web server from SYN flood attacks. Which three of these commands,

  used individually, would allow the administrator to place limits on the number of embryonic connections?

  (Choose three.)

  A. nat

  B. access-list

  C. static

  D. set connection

  E. http-proxy

  F. http redirect

  TestInside 642-523

  Answer: ACD

  44. Which command will provide interface IP information, the interface operational status, and the interface

  configuration method for an adaptive security appliance?

  A. show ip interface

  B. show interface ip brief

  C. show interface stats

  D. show interface detail

  Answer: B

  45. Refer to the exhibit. The adaptive security appliance administrator needs to filter a single website on a host

  with the IP address 10.10.11.4, but allow access to all other websites. The administrator enters the commands

  shown and then executes them.

  Which two tasks do these commands accomplish? (Choose two.)

  A. filter the URLs found at the host with the IP address 10.10.11.4

  B. allow access to all website except those hosted at IP address 10.10.11.4

  C. filter all URL requests

  D. only allow access to the websites hosted at the IP address 10.10.11.4

  E. cause URL requests from the address 10.10.11.4 to be exempted from filtering

  F. cause URL requests to be filtered by the filtering host at the IP address 10.10.11.4

  Answer: CE

  46. Which of these statements regarding Active/Active failover configurations is correct?

  A. Use the failover active command to enable Active/Active failover on the Cisco ASA Security Appliance.

  B. Allocate interfaces to a failover group using the failover group sub-command mode.

  C. Configure two failover groups: group 1 and group 2.

  D. Configure failover interface parameters in the "ADMIN" context.

  TestInside 642-523

  Answer: C

  47. Refer to the exhibit. What do these commands accomplish?

  A. they limit the MEDIUM-RESOURCE-SET class to five Cisco ASDM sessions and 20% of the system

  connection limit

  B. they limit the MEDIUM-RESOURCE-SET class to five failed Cisco ASDM connection attempts and 20% of

  system resources

  C. they increase the default Cisco ASDM session limit by five for the MEDIUM-RESOURCE-SET class and

  increase the system connection limit by 20%

  D. they guarantee five Cisco ASDM sessions and a system connection of 20% for resources belonging to the

  MEDIUM-RESOURCE-SET class

  Answer: A

  48. You want to block a new instant messaging application. Which three of the these are mandatory for

  accomplishing this goal with your Cisco ASA? (Choose three.)

  A. a regex class map

  B. a Layer 3/4 policy map

  C. an HTTP inspection policy map

  D. an HTTP inspection class map

  E. a regular expression

  F. an IM inspection policy map

  Answer: BCE

  49. Which of these commands must be used when configuring advanced FTP inspection, such as FTP banner

  masking or the blocking of specific usernames?

  A. ftp-map

  B. class-map type regex

  TestInside 642-523

  C. tcp-map

  D. policy-map type inspect ftp

  E. class-map type inspect ftp

  Answer: D

  50. Which of these commands displays the status of the CSC SSM on the Cisco ASA?

  A. show module 1 details

  B. show module 1 CSC details

  C. show hw 1 details

  D. show interface GigabitEthernet 1/0

  Answer: A

相关阅读
·推荐文章

Copyright ©2013-2015 江浙沪招生考试网 All Rights Reserved.
地址: 苏州市姑苏区阊胥路483号(工投创业园)  电话:0512-85551931 邮编: 214000
邮箱: [email protected] 版权所有:苏州迈峰教育科技有限公司 苏ICP备15050684号-2