Welcome to download the newest Pass4itsure C2020-011 VCE dumps: https://www.pass4itsure.com/c2020-011.html
The Cisco 642-524 Exam is an examination given by the Cisco. It is a kind of exam taken by IT professionals these days. This exam is suggested to have several years Information Technology experience. Along with this, it is vitally advisable that you research more about the exam before taking. If you got to have Cisco 642-524 resources, it is good to find Cisco 642-524 exam sample questions. FLYDUMPS Cisco 642-524 exam sample questions are always updated time after time. Companies offers money back assurance if you do not pass the CWNA Certification Cisco 642-524 exam. Majority of online Cisco 642-524 exam sample questions has questions with the whole info along with the verified answers to orient you. Cisco 642-524 exam sample questions helps a lot whenever you’re preparing for the examination.
QUESTION 81
What is the objective of the activation-key command in the Cisco ASA?
A. applies the activation key to the Cisco ASDM so the Cisco ASA can be managed using a web interface
B. automatically activates the Cisco ASA, allowing it to be configured right out of the box
C. activates the SSM module in the Cisco ASA, providing intrusion protection and content filtering
D. applies the activation key to the Cisco ASA operating system.so that the Cisco ASA is licensed and all features are available
Correct Answer: D Section: (none) Explanation
QUESTION 82
In an active/active failover configuration, which event triggers failover at the failover group level?
A. The no failover active command is entered in the system configuration.
B. The unit has a software failure.
C. Two monitored interfaces in the group fail.
D. The no failover active group group_jd command is entered in the system configuration.
Correct Answer: D Section: (none) Explanation
QUESTION 83
On the basis of following configuration commands displayed in the exhibit, what traffic would be logged to the AAA server?
aaa-server AUTHINBOUND protocol tacacs+ aaa-server MYGROUP protocol tacacs+ aaa-server MYGROUP (inside) host 192.168.30.1 MYSECRETKEY timeout 20 aaa authentication include any inside 0 0 0 0 MYGROUP aaa authorization include any inside 0 0 0 0 MYGROUP aaa accounting include any inside 0 0 0 0 MYGROUP
A. All connection information will be logged in the accounting database.
B. All outbound connection information will be logged in the accounting database.
C. Only the authenticated console connection information will be logged in the accounting database.
D. No information will be logged. This is not a valid configuration because TACACS+ connection information cannot be captured and logged
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which two statements correctly describe the local user database in the security appliance? (Choose two.)
A. You can create user accounts with or without passwords in the local database.
B. you cannot use the local database for network access authentication.
C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
D. The default privilege level for a new user is 15.
Correct Answer: AC Section: (none) Explanation
QUESTION 85
Examine the following items, can you tell me what does the csd enable command enable on the Cisco ASA?”
A. It enables the Cisco Secure Desktop on SSL VPN clients without a host-based firewall.
B. It enables the Cisco Secure Desktop on the host connecting to the Cisco ASDM.
C. It enables the Cisco Secure Desktop for SSL VPN clients when they connect.
D. It enables the Cisco Secure Desktop for IPsec VPN clients when they connect to the Cisco ASA.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 86
You are a network administrator for the company. Study the following exhibit carefully, you want to authenticate remote users who are accessing the WEB1 server from the Internet. The ASA1 security appliance would verify the credentials of a user with the TX_ACS AAA server via RADIUS when the remote user initiates a session to the WEB1 server. In order to achieve this purpose, you should load and configure Cisco Secure ACS software on the TX_ACS AAA server. During the process you must correctly configure the AAA client information in the Cisco Secure ACS network configuration window.
A. A-TX_ACS B-10.0.1.10
B. A-WEB1 6-172.16.1.2
C. A-ASA1 B-10.0.1.1
D. A-BOB B-192.168.2.10
Correct Answer: C Section: (none) Explanation Explanation/Reference:
ActualTests.com
QUESTION 87
What is the purpose of the nat 0 command when used in conjunction with IPSec?
A. It instructs the security appliance not to use Network Address Translation for any traffic deemed interesting traffic for IPSec.
B. It enables Network Address Translation Traversal for any traffic deemed interesting for IPSec.
C. It instructs the security appliance to use Network Address Translation for any traffic deemed interesting traffic for IPSec.
D. It disables Network Address Translation control on the security appliance.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 88
You are the network security administrator for Corporation. You are asked to configure active/standby failover using Cisco ASDM between two Cisco ASA adaptive security appliances at corporate headquarters. You deploy the Cisco ASDM High Availability and Scalability Wizard and feels confident that the configuration is correct on both security appliances. But, the showfailover command output indicates that one interface remains constantly in the waiting state and never normalizes. Which two troubleshooting steps should be taken? (Choose two.)
A. Verify that EtherChanneling is enabled on any switch port that connects to the security appliances.
B. Verify that the line and protocol of the interface are up on the primary and secondary security appliance interfaces.
C. Verify that PortFast is enabled on any switch port that connects to the security appliances.
D. Verify that the security appliances have the same feature licenses.
Correct Answer: BC Section: (none) Explanation
QUESTION 89
Which one of the following commands configures the adaptive security appliance interface as a DHCP client and sets the default route to be the default gateway parameter returned from the DHCP server?
A. ip address dhcp setroute
B. dhcp setroute ActualTests.com
C. ip address dhcp
D. ip address dhcp default route
Correct Answer: A Section: (none) Explanation
QUESTION 90
What does the redundant interface feature of the security appliance accomplish?
A. to allow a VPN client to send IPsec-protected traffic to another VPN user by allowing such traffic in and out of the same interface
B. to increase the number of interfaces available to your network without requiring you to add additional physical interfaces or security appliances ”
C. to increase the reliability of your security appliance
D. to facilitate out-of-band management
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 91
If the FTP protocol inspection is not enabled for a given port, which two statements are true? (Choose two.)
A. Outbound passive FTP will not work properly on that port.
B. Outbound standard FTP will work properly on that port.
C. Outbound standard FTP will not work properly on that port.
D. Outbound passive FTP will work properly on that port as long as outbound traffic is not explicitly disallowed.
Correct Answer: CD Section: (none) Explanation
QUESTION 92
Alex is a network administrator for XYZ company and he is responsible for the site presented in the following exhibit. He would like hosts on DMZ2 to be able to make HTTP connections to host 172.16.1.10. Now, hosts on DMZ2 can’t make these connections. Alex checks the security appliance and determines that there are no access lists configured on either the DMZ1 or DMZ2 interface.
Which task or set of tasks can enable all hosts on DMZ2to make HTTP connections to host 172.16.1.10?
A. Configure a dynamic NAT rule specifying DMZ1/172.16.1.0 as the original interface/address and DMZ2/172.25.3.0 as the translated interface/address.
B. Configure an access rule on the DMZ2 interface permitting HTTP from network 172.25.3.0/24 to IP address 172.16.1.10. Then enable HTTP inspection in the global policy.
C. Configure an access rule on the DMZ1 interface permitting HTTP from network 172.25.3.0/24 to IP address 172.16.1.10.
D. Configure a dynamic NAT rule specifying DMZ2/172.25.3.0 as the original interface/address and DMZ1/172.16.1.0 as the translated interface/address.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which command could cause the CSC SSM to load a new software image from a remote TFTP server via the CLI?
A. copy tftp:tftphost/image.bin hardware:module1/image.bin
B. module 1 recoverconfig
C. hw module 1 recover config
D. hw module recover config
Correct Answer: C Section: (none) Explanation
QUESTION 94
Which two statements correctly describe configuring active/active failover? (Choose two.)
A. You must configure two failover groups: group 1 and group 2.
B. you must use a crossover cable to connect the failover links on the two failover peers.
C. You must assign contexts to failover groups from the admin context.
D. Both units must be in multiplemode.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 95
During failover, which security appliance attribute does not change?
A. active and standby interfaces-IP address
B. active and standby interfaces-MAC address
C. failover unit type-primary and secondary
D. failover unit status-active and standby
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which three pieces of information can be learned from the panel displayed in the exhibit? (Choose three.)
A. There is currently one active remote access VPN session.
B. The user adminl configured the remote access VPN.
C. The user adminl established the remote access VPN session.
D. The private IP address assigned by the security appliance to the remote client for this session ActualTests.com is 10.0.21.1, and the public IP address of the remote client is 192.168.1.58.
Correct Answer: ACD Section: (none) Explanation
QUESTION 97
Now, only the default modular policy framework is configured on your Cisco ASA. You wish to prevent the dele and put FTP commands, but only on the outside interface. In order to achieve this goal, which three commands need to be used? (Choose three.)
A. policy-map type inspect ftp
B. service-policy
C. policy-map
D. access-list
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which two methods can be used to decrease the amount of time it takes for an active Cisco ASA adaptive security appliance to fail over to its standby failover peer in an active/active failover configuration? (Choose two.)
A. use the special serial failover cable to connect the security appliances
B. use single mode
C. decrease the unit failover poll time
D. decrease the interface failover poll time
Correct Answer: CD Section: (none) Explanation
QUESTION 99
What happens while adding the same-security-traffic permit inter-interface command to a Cisco ASA?
A. Communication will be allowed between VPN clients terminated on different Cisco ASA interfaces.
B. Communication will be allowed between different interfaces with the same security level.
C. Communication will be allowed between multiple Cisco ASA security appliances deployed as hubs in enterprise-wide deployments of Cisco Easy VPN servers.
D. A Dynamic Multipoint VPN connected to all endpoints will be enabled.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
In the default global policy, which three traffic types are inspected by default? (Choose three.)
A. FTP
B. icmp
C. TFTP
D. ESMTP
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 101
When are duplicate objects allowed in object groups?
A. when a group object is included,which causes the group hierarchy to become circular
B. never
C. always, because there are no conditions or restrictions
D. when they are due to the inclusion of group objects
Correct Answer: D Section: (none) Explanation
QUESTION 102
You are the network security administrator for the company. You create an FTP inspection policy including the strict option, and it is applied to the outside interface of the corporate adaptive security appliance. How to handle FTP on the security appliance after this policy is applied? (Choose three.;)
A. FTP inspection is applied to traffic entering the inside interface.
B. FTP inspection is applied to traffic exiting the inside interface.
C. strict FTP inspection is applied to traffic exiting the outside interface.
D. strict FTP inspection is applied to traffic entering the outside interface.
Correct Answer: ACD Section: (none) Explanation
QUESTION 103
For the following commands, which one would configure the adaptive security appliance to use an ACS server for console access authentication?
A. aaa authentication console SRVGRP1
B. aaa authentication serial console LOCAL
C. aaa authentication serial console SRVGRP1 LOCAL
D. aaa authentication console LOCAL
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 104
At the headquarter of the company, the adaptive security appliance has recently been logging more threats and anomalies than usual. Its network security department is unsure of the severity of these potential threats and anomalies. This department would like to gather information on threat-related protocols and ports to get a broader view of the overall situation and determine what action to take. For instance, the administrator of this company would like to know about bursts on a particular port or protocol or on a set of ports and protocols. Which set of steps should be taken to obtain this information?
A. Use the Threat Detection panel in Cisco ASDM to enable scanning threat detection. Then use the Cisco ASDM Firewall Dashboard to view the port and protocol statistics.
B. Use the Threat Detection panel in Cisco ASDM to enable port and protocol statistics. Then use the show threat-detection statistics port and the show threat-detect!on statistics protocol commands to view the statistics.
C. Use the Service Policy Rules panel in Cisco ASDM to configure a global inspection policy. Then use the Cisco ASDM Device Dashboard to view the port and protocol statistics.
D. Use the Service Policy Rules panel in Cisco ASDM to configure a global inspection policy. Then use the show threat-detection rate command to view the statistics.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Study the exhibit carefully. When the show failover command has returned this output, what is the problem with the failover configuration?
fw2# show failover Failover ON Cable status: Other side not connected Failover unit Primary ActualTests.com Failover LAN Interface: N/A-Serial-based failover enabled Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 3 of 250 maximum Last Failover at: 13:21:38 UTC Dec 10 2004 This host: Primary-Active Active time: 200(sec) Interface outside (192.168.2.2): Normal (Waiting) Interface inside (10.0.2.1): Normal (Waiting) Interface dmz (172.16.2.1): Normal (Waiting) Other host: Secondary-Not detected Active time: O(sec) Interface outside (192.168.2.7): Unknown (Waiting) Interface inside (10.0.2.7): Unknown (Waiting) Interface dmz (172.16.2.7): Unknown (Waiting) Stateful Failover Logical Update Statistics Link: Unconfigured
A. The poll frequency is set too high to detect the secondary failover security appliance.
B. The failover cable is not connected to the secondary failover security appliance
C. There is no problem; the timer that detects the secondary failover security appliance has not expired.
D. The LAN-based failover interface has been shut down on the security appliance.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 106
While setting up a remote access VPN, which three items does the Cisco ASDM IPsec VPN Wizard require you to configure? (Choose three.)
A. tunnel group name
B. a pool of addresses to be assigned to remote users
C. peer IP address
D. IPsec encryption and authentication parameters
Correct Answer: ABD Section: (none) Explanation
The Cisco 642-524 certification can make you a competent person.It may enable a technician to know about the Cisco 642-524 configurations,get information about the Cisco 642-524 data center products and hardware and knowledge about Cisco 642-524 united computing systems.
Pass4itsure C2020-011 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/c2020-011.html
Cisco 642-524 Demo Download, Most Popular Cisco 642-524 Study Guide Book For Download