Flydumps.com guarantee your Cisco 642-524 exam success with our Exam Resources.Our Cisco 642-524 exam Flydumps.com are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers.All our Cisco 642-524 exam Flydumps.com including Cisco 642-524 exam questions which guarantee you can 100% success Cisco 642-524 exam in your first try exam.
QUESTION 107
You have configured the security appliance and an AAA server for authentication. Why does Telnet and FTP authentication work normally but HTTP authentication does not?
A. You must specify HTTPS authentication in your configuration.
B. The AAA server is not properly configured to accept HTTP authentication requests.
C. You have not enabled HTTP authorization, which is required for HTTP authentication.
D. HTTP reauthentication may be taking place with the web browser sending the cached username and password back to the security appliance.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Cisco ASDM helps you manage network and application security more effectively while improving operational efficiency. You work as a network administrator for ABC company. And you use the IPsec VPN Wizard to configure a site-to-site VPN in Cisco ASDM. Now you would like to modify the crypto ACL to specify different protected traffic. Where should you go in Cisco ASDM to accomplish this task?
A. Configuration > Site-to-Site VPN > Connection Profiles
B. Configuration > Site-to-Site VPN > Advanced > System Options
C. Configuration > Site-to-Site VPN > Group Policies
D. Configuration > Site-to-Site VPN > Advanced > IKE Policies
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 109
An administrator wants to protect a DMZ web server from SYN flood attacks. Which three of these commands, used individually, would allow the administrator to place limits on the number of embryonic connections? (Choose three.)
A. nat
B. access-list
C. static
D. set connection
Correct Answer: ACD Section: (none) Explanation
QUESTION 110
Which three items are standards to identify a set of Layer 3/4 through traffic? (Choose three.)
A. VPN tunnel group
B. mac addresses
C. default inspection traffic
D. access control list
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Which one of the following commands would offer interface IP information, the interface operational status, and the interface configuration method for an adaptive security appliance?
A. show interface detail
B. show interface ip brief
C. show ip interface
D. show interface stats
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 112
How to differ a transparent mode security appliance from a routed mode security appliance? (Choose two.)
A. it does not support security levels on the interfaces.
B. it is not seen as a router hop to connected devices.
C. it can pass traffic that cannot be passed by a security appliance in routed mode.
D. it is seen as a router hop to connected devices.
Correct Answer: BC Section: (none) Explanation
QUESTION 113
Why include a deny statement at the end of an ACL, even though the implicit deny at the end of the ACL will block traffic as needed?
A. You can view the hit counters with the show access-list command.
B. As a back-up, in case the implicit deny does not work.
C. There is no reason to include the deny statement.
D. You can enable the turbo ACL feature for individual ACLs.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 114
While creating an IPsec site-to-site VPN, which parameters must be defined in an IKE policy?
A. message encryption algorithm
B. message integrity (hash) algorithm
C. key exchange parameters (DH group ID)
D. peer authentication method
Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Cisco’s Adaptive Security Appliance (ASA) earns the silver in the network firewall category of our 2008 Product Leadership Awards. According to the exhibit. The ASA administrator is tasked to filter a single website on a host with the IP address 10.10.11.4, but allow access to all other websites. The administrator inputs the commands displayed and then executes them. Which two purposes are of the following commands? (Choose two.) asa1(config)# filter url http 0 0 0 0 asa1(config)# filter url except 10.10.11.4 255.255.255.255 0 0
A. allow access to all website except those hosted at IP address 10.10.11.4
B. filter the URLs found at the host with the IP address 10.10.11.4
C. filter all URL requests D. cause URL requests from the address 10.10.11.4 to be exempted from filtering
Correct Answer: CD Section: (none) Explanation
QUESTION 116
Which three statements best describe clientless SSL VPN? (Choose three.
A. Users are not required to use any particular PC or workstation.
B. It requires little or no desktop support by IT organizations.
C. Users have full, direct access to resources on the internal network.
D. it requires an SSL-enabled web browser.
Correct Answer: ABD Section: (none) Explanation
QUESTION 117
Which is a method of identifying the traffic requiring authorization on the security appliance?
A. independently interpreting authorization rules before authentication has occurred to decrease overall AAA processing time
B. specifying ACLs that authorization rules must match
C. checking the authentication rules for a match thus allowing the traffic to be authorized
D. implicitly enabling TACACS+ authorization rules in the response packet
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which three basic components are of the Cisco Modular Policy Framework? (Choose three.)
A. global policies
B. policy maps
C. class maps
D. service policies
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 119
What is the objective of these commands based on the exhibit presented? asa1 (config)# class MEDIUM-RESOURCE-SET asa1(config-class)# limit-resource ASDM 5 asa1(config-class)# limit-resource conns 20%
A. they limit the MEDIUM-RESOURCE-SET class to five Cisco ASDM sessions and 20% of the system connection limit
B. they guarantee five Cisco ASDM sessions and a system connection of 20% for resources belonging to the MEDIUM-RESOURCE-SET class
C. they limit the MEDIUM-RESOURCE-SET class to five failed Cisco ASDM connection attempts and 20% of system resources
D. they increase the default Cisco ASDM session limit by five for the MEDIUM-RESOURCE-SET class and increase the system connection limit by 20%
Correct Answer: A Section: (none) Explanation
QUESTION 120
Select two places in which you can view a list of hosts identified by the security appliance as targets of attack. (Choose two.)
A. In the Monitoring > Interfaces area of Cisco ASDM
B. in the output of the show threat-detection shun command
C. in the output of the show threat-detection scanning-threat command
D. in the output of the show threat-detection scanning-threat target command
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 121
In order to block a new IM application. Which three items are necessary for achieving this goal with your Cisco ASA? (Choose three.)
A. a regex class map
B. a Layer 3/4 policy map
C. an HTTP inspection policy map
D. a regular expression
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
What happens while disabling ESMTP inspection?
A. All SMTP commands are prevented from traversing the security appliance.
B. Only the data, helo, mail, noop, quit, rcpt, and rset SMTP commands are allowed through the security appliance.
C. All SMTP commands are allowed through the security appliance, and potential mail server vulnerabilities are exposed.
D. Only the auth, ehlo, etrn, help, saml, send, soml, and vrfy extended SMTP commands are allowed through the security appliance.
Correct Answer: C Section: (none) Explanation QUESTION 123
If you want IP addresses of hosts on your DMZ and inside network translated when they make connections to hosts on the outside interface of the security appliance, what is the minimum NAT configuration you can enter?
A. 1 NAT statement and 2 global statements
B. 2 NAT statements and 2 global statements
C. 2 NAT statements and 1 global statement
D. 1 NAT statement and 1 global statement
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Which three items are correct according to the exhibit below? (Choose three.)
A. HMAC-SHA1 makes data that is transmitted over the VPN unreadable if it is intercepted.
B. The IP address of the security appliance to which the VPN client is connected is 192.163.1.2.
C. The VPN client is encrypting packets.
D. The VPN client rejected 539 packets because they did not come from the VPN headend security appliance.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference: QUESTION 125
Which command will you use while configuring advanced FTP inspection, such as FTP banner masking or the blocking of specific usernames?
A. tcp-map
B. ftp-map
C. class-map type regex
D. policy-map type inspect ftp
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Which three actions should be taken to deal with a Layer 3/4 modular policy? (Choose three.)
A. drop sessions with packets that are out of order
B. perform a specified protocol inspection or inspections
C. direct a traffic flow to the low latency queue
D. set connection parameters on a traffic flow
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Which command will show you the status of the CSC SSM on the Cisco ASA?
A. show module 1 details
B. showhwl details
C. show interface GigabitEthernet 1/0
D. show module 1 CSC details
Correct Answer: A Section: (none) Explanation
QUESTION 128
Which four steps are true about configuring a reciunciant interface and using it as a failover link?
A. Configure the redundant interface as part of the basic configuration on both security appliances.
B. Assign a redundant interface ID to the redundant interface.
C. Configure a name for the redundant interface.
D. Configure a security level and IP address for the redundant interface.
Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference: QUESTION 129
What is the purpose of the same-security-traffic permit inter-interface command?
A. it permits communication in and out of the same interface when the traffic is IPSec protected.
B. It allows communication between different interfaces that have the same security level.
C. It enables Dynamic Multipoint VPN.
D. It allows all of the VPN spokes in a hub-and-spoke configuration to be terminated on a single interface.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 130
You are a network administrator for a company. Observe the exhibit below carefully. Configure two adaptive security appliances for active/active failover. On the primary security appliance, context admin is active and CTX2 is on standby. You want to activate CTX2.
Which command should be performed on the primary unit?
A. activate group 2
B. failover active group 2
C. failover reset
D. activate CTX2
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 131
The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. An internet customer is sending HTTP traffic to a DMZ server with the external address of 192.168.1.4. Which command would redirect HTTP traffic bound for the DMZ web server to its real IP address of 10.10.11.4?
A. static (dmz.inside) udp 192.168.1.4 www 10.10.11.4 www
B. static (outside,dmz) tcp 192.168.1.4 www 10.10.11.4 www
C. static (dmz.outside) tcp 192.168 1.4 www 10.10 11.4 www
D. static (dmz.outside) tcp 10.10.11.4 www 192.168.1.4 www
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Passing Cisco 642-524 exam questions is guaranteed with Flydumps.com. Flydumps.com provides a great deal of Cisco 642-524 preparation resources mend to step up your career with the endorsement of technical proficiency. The earlier you use Flydumps.com products, the quicker you pass you Cisco 642-524 exam.
Cisco 642-524 PDF, Sale Latest Release Cisco 642-524 Practice Exam With 100% Pass Rate