Important Info: These new valid Cisco 642-524 exam questions were updated in recent days by Flydumps,please visit our website to get the full version of new Cisco 642-524 exam dumps with free version of new VCE Player,you can pass the exam easily by training it!

QUESTION 51
You word as a network administrator. You are asked to examine the current firewall configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manage (ASDM) utility. You need to answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.

Which one of the following statements is correct according to the current configuration?
A. Hosts on the inside interface can make SMTP connections to the public email server on the dmz_email interface.
B. Hosts on the dmz_web interface can make HTTP connections to the inside host on the inside interface.
C. Hosts on the dmz_web interface can make HTTP connections to any host on the outside interface.
D. Hosts on the inside interface can make SMTP connections to hosts on the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You word as a network administrator . You are asked to examine the current firewall configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manage (ASDM) utility. You need to answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.

Which statements are true according to the current NAT configuration?(Choose two)
A. ifa host on the partnernet interface attempts to access a host on the outside interface while all addresses from the address pool 172.16.1.20-172.16.1.254 are in use.dynamic NAT translates the partnernet host address to an IP address from the address pool 192.168.7.20-192.168.7.254 or 192.168.1.20-192.168.1.254.
B. if a host on the outside interface attempts to access the public e-mail server using IP address 192.168.1.2.static NAT translates 192.168.1.2 to the real address of the public e-mail server.172.16.1.12.
C. ifa host on the inside interface attempts to access a host on the outside interface while all addresses from the address pool 192.168.1.20-192.168.1.254 are in use.Port Address Translation(PAT)translates the inside host address to 192.168.1.3.
D. If a host on the dmz_email interface attempts to access a host on the partnernet interface,PAT translates the dmz_email host address to 172.20.1.3.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference: QUESTION 53
You word as a network administrator. You are asked to examine the current firewall configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manage (ASDM) utility. You need to answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.

Which of the following statements are true?(Choose two)
A. A host on the inside network can ping a host on the outside network.
B. A host on the inside network can ping a host on the partnernet network.
C. a host on the outside network can ping a host on the inside network.
D. A host on the outside network can ping a host on the dmz_email network.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 54
You word as a network administrator. You are asked to examine the current firewall configurations on the LA-ASA Adaptive Security Appliances using the Cisco Adaptive Security Device Manage (ASDM) utility. You need to answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.

Assume that the security appliance receives on its inside interface an HTTP packet that is destined for an IP address of which the security appliance has no knowledge. What does the security appliance do?
A. Forwards the packet to IP address 10.0.1.2
B. Forwards the packet to IP address 192.168.1.2
C. Forwards the packet to IP address 192.168.1.1
D. Forwards the packet to IP address 10.0.2.1

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
What are two instances when sparse-mode PIM is most useful? (Choose two.)
A. when there are few receivers in a group
B. when the type of traffic is constant
C. when the type of traffic is intermittent
D. when there are many receivers in a group

Correct Answer: AC Section: (none) Explanation QUESTION 56
You work as a network engineer. Study the exhibit carefully, you are tasked with configuring the Cisco VPN client so that it can make remote access VPN connections to a Cisco ASA adaptive security appliance using a preshared key.

Which two options give the correct information for the fields that they reference? (Choose two.)
A. in the Connection Entry field,enter the name of the connection profile as it is specified on the security appliance.
B. In the Host field, enter the public interface IP address of the security appliance.
C. in the Name field,enter the name of a group policy that matches a group policy on the security appliance.
D. in the Password field, enter the preshared key that matches the preshared key configured on the security appliance.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Examine the following commands, which one configures the Cisco ASA console for SSH access by a local user?
A. aaa authentication ssh console LOCAL
B. aaa authentication ssh LOCAL
C. ssh console username sysadmin password cisco123
D. ssh username sysadmin password cisco123

Correct Answer: A Section: (none) Explanation
QUESTION 58
The security department would like to apply specific restrictions to one network user, Bob, because he works from home and accesses the corporate network from the outside interface of the security appliance. decides to control network access for this user by using the downloadable ACL feature of the security appliance. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks should be completed in order to achieve the goal of limiting network access for Bob via downloadable ACLs? (Choose three.)
A. Configure the security appliance to use downloadable ACLs.
B. Attach the downloadable ACL to the user profile for Bob on the Cisco Secure ACS.
C. Configure the Cisco Secure ACS to use downloadable ACLs.
D. Configure the downloadable ACLs on the Cisco Secure ACS.

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Cisco’s Adaptive Security Appliance (ASA) earns the silver in the network firewall category of our 2008 Product Leadership Awards. By default, ASAs configured for LAN-based failover would fail over after about 15 seconds. Which two commands should be configured on ASA to detect a failure faster? (Choose two.)
A. failover polltime unit
B. failover Ian link polltime
C. failover interface-policy polltime
D. failover polltime interface

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.)
A. The security appliance scanning threat detection feature is based on traffic signatures.
B. Because of their impact on performance, both basic threat detection and scanning threat detection are disabled by default.
C. The threat detection feature can help you determine the level of severity for packets that are detected and dropped by the security appliance inspection engines.
D. Scanning threat detection detects network sweeps and scans and optionally takes appropriate preventative action.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 61
When an outside FTP client accesses a corporation’s dmz FTP server through a security appliance, the administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp request-cmd deny appe dele rmd
B. policy-map inbound class inbound_ftp_traffic inspect ftp strict appe dele rmd
C. ftp-map inbound_ftp request-cmd permit get put cdup
D. policy-map inbound class inbound_ftp_traffic inspect ftp strict get put cdup

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62

Which two descriptions are correct according to the exhibit? (Choose two.)
A. Any host can ping the bastionhost.
B. Any host on the 192.163.6.0 network can initiate connections to host 192.168.1.9 via HTTP. C. Host 192.168.6.10 can initiate connections to host 192.168.1.11 via HTTP.
C. Host 192.168.1.11 can initiate connections to host 192.168.6.10 via FTP.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 63
How is NAT configured in transparent firewall mode?
A. NAT must be configured on all inbound traffic flows.
B. NAT must be configured on all interfaces.
C. NAT must be configured on all outbound traffic flows.
D. NAT is not configured in transparent firewall mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 64

Which two statements are true about the impact of the configuration displayed in the exhibit? (Choose two.)
A. Users will be prompted for a usemame and password when they start HTTP connections to host
192.168.1.11 from the outside.
B. The security appliance will first contact host 10.0.1.2 on the inside interface for verification of credentials; if host 10.0.1.2 is unavailable, the security appliance will attempt to authenticate the user via the local user database. ActualTests.com
C. Users will be prompted for a usemame and password when they start HTTP connections from the inside to host 192.168.1.11 on the outside interface.
D. The security appliance will contacta AAA server in the AUTHIN server group for verification of credentials.

Correct Answer: AD Section: (none) Explanation QUESTION 65
Can you tell me which command enables IKE on the outside interface?
A. int g0/0ike enable (outbound)
B. ike enable outside
C. isakmp enable outside
D. nameif outside isakmp enable

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 66
You have just cleared the configuration on your Cisco ASA adaptive security appliance, which contains in its flash memory one ASA image file (asa802-k8.bin), one ASDM image file (asdm- 602.bin), and no configuration files. You would like to reconfigure the Cisco ASA adaptive security appliance by use of Cisco ASDM, but you realize that you can’t access Cisco ASDM. Which set of commands offers the minimal configuration required to access Cisco ASDM?
A. interface, nameif, setup (followed by the setup command interactive prompts)
B. setup (followed by the setup command interactive prompts)
C. interface, nameif, ip address, no shutdown, hostname, domain-name, clock set, http server enable
D. interface, nameif, ip address, hostname, domain-name, clock set, http server enable, asdm image

Correct Answer: A Section: (none) Explanation
QUESTION 67
Which description related to the configuration of WebVPN on the Cisco ASA is correct for Cisco ASA version 7.2?
A. WebVPN and Cisco ASDM can both be enabled on the same interface, butmustrun on different TCP ports.
B. WebVPN and Cisco ASDM cannot run on the same interface.
C. WebVPN and Cisco ASDM cannot be enabled at the same time on the Cisco ASA.
D. WebVPN and Cisco ASDM can only be enabled at the same time using the command line interface.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which description related to the configuration of WebVPN on the Cisco ASA is correct for Cisco ASA version 7.2?
A. WebVPN and Cisco ASDM can both be enabled on the same interface, butmustrun on different TCP ports.
B. WebVPN and Cisco ASDM cannot run on the same interface.
C. WebVPN and Cisco ASDM cannot be enabled at the same time on the Cisco ASA.
D. WebVPN and Cisco ASDM can only be enabled at the same time using the command line interface.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which commands should the administrator use?
A. class-map http_traffic match set 192.168.1.11
B. class-map http_traffic match port tcp eq www
C. class-map http_traffic match flow ip destination address 192.168.1.11
D. access-list 150permit tcp any host 192.168.1.11 eqwww class-map http_traffic match access- list 150

Correct Answer: D Section: (none) Explanation
QUESTION 70
For the following items, which three types of information could be found in the syslog output for an adaptive security appliance? (Choose three.
A. time stamp and date
B. logging level
C. hostname of the packet sender
D. message text

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 71
For the following commands, which one would set the default route for an adaptive security appliance to the IP address 10.10.10.1?
A. route 0 0 10.10.10.1 1
B. route add default 0 10.10.10.1
C. route management 10.10.10.0 0.0.0.255 10.10.10.1 1
D. route outside 0 0 10.10.10.1 1

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
During a stateful active/standby failover, which two events will happen? (Choose two.)
A. The user authentication (uauth) table is passed to the standby unit.
B. SIP signaling sessions are lost.
C. The standby unit becomes the active unit.
D. The secondary unit inherits the IP addresses of the primary unit.

Correct Answer: CD Section: (none) Explanation
QUESTION 73
You work as an administrator . You use pre-shared keys to configure a Cisco ASA for site-to-site VPN. Which two configuration modes and commands would be configured by use of a pre-shared key of 1234? (Choose two.)
A. asa(config-isakmp-policy)# authentication pre-share
B. asa(config-isakmp-policy)# authentication pre-shared-key 1234
C. asa(config-tunnel-ipsec)# pre-shared-key 1234
D. asa(config-tunnel-general)# authentication pre-share

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 74
The security department of the company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)
A. specify a AAA server group.
B. Designate an authentication server.
C. Configure per-user override.
D. Configure a rule that specifies which traffic flow to authenticate.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 75
On which device can Dead Peer Detection be configured when it is used for IPSec remote access?
A. the headend device
B. Dead Peer Detection should not be used in IPSec remote access applications
C. both the headend and remote devices
D. the remote device

Correct Answer: C Section: (none) Explanation
QUESTION 76
You are a network administrator for the company.

Observe the following exhibit carefully. You are responsible for this site and you want to enable hosts on DMZ1 to make HTTP connections to host 172.25.3.8. Which task or set of tasks can achieve this purpose?
A. Configure a dynamic NAT rule specifying DMZ1/172.16.1.0 as the original interface/address and DMZ2/172.25.3.0 as the translated interface/address.
B. Configure a dynamic NAT rule specifying DMZ2/172.25.3.0 as the original interface/address and DMZ1/172.16.1.0 as the translated interface/address. Then enable HTTP inspection in the global policy.
C. Configure an access rule on the DMZ2 interface permitting HTTP from network 172.16.1.0/24 to IP address 172.25.3.8.
D. Configure a static NAT rule specifying DMZ2/172.25.3.8 as the original interface/address and DMZ1/172.16.1.8 as the translated interface/address. Then configure an access rule on the DMZ1 interface permitting HTTP from network 172.16.1.0/24 to IP address 172.16.1.8.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What are the two purposes of the network area subcommand? (Choose two.)
A. It ciefines the interfaces on which OSPF runs.
B. it separates the public area from the private area.
C. it ciefines the OSPF area the interface belongs to.
D. it ciefines the interfaces on which RIP runs.

Correct Answer: AC Section: (none) Explanation
QUESTION 78
For the following sets of commands, which one will bootstrap the transparent firewall and prepare it for configuration via Cisco ASDM?
A. firewall transparent interface gO/1 no shut ip address 10.0.1.1 255.255.255.0 http 10.0.1.10 255.255.255.255 inside
B. firewall transparent ip address 10.0.1.1 255.255.255.0 http server enable http 10.0.1.10 255.255.255.255 inside
C. firewall transparent interface g0/1 no shut nameif inside interface g0/0 no shut nameif outside ActualTests.com ip address 10.0.1.1 255.255.255.0 http server enable http 10.0.1.10 255.255.255.255 inside
D. firewall transparent interface g0/1 nameif inside interface g0/0 nameif outside ip address 10.0.1.1
255.255.255.0

Correct Answer: C Section: (none) Explanation
QUESTION 79
You are a network administrator. You enter the boot config disk0:/startup.txt command on a Cisco ASA adaptive security appliance. What is the purpose of this command when the system is reloaded?
A. It will do nothing until the file extension is changed to .cfg, at which time it will boot the startup.cfg config file.
B. It will configure the ASA to skip the hardware diagnostics and perform a warm boot of the startup.txt config file.
C. It will copy the current config file to the startup.txt file on disk0.
D. It will configure the Cisco ASA to boot using the startup.txt config file stored in flash memory.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 80
What is the purpose of this configuration according to the following exhibit?

A. limits the MEDIUM-RESOURCE-SET class to four Cisco ASDM sessions and 20 percent of the system connection limit
B. guarantees five SSH sessions and a system connection of 20 percent for resources belonging to the MEDIUM-RESOURCE-SET class
C. limits the MEDIUM-RESOURCE-SET class to four failed Cisco ASDM connection attempts and 20 percent of the system resources
D. increases the default Telnet session limit by five for the MEDIUM-RESOURCE-SET class and increases the system connection limit by 20 percent ”

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

Ensure that you are provided with only the best and most updated Cisco 642-524 Certification training materials, we also want you to be able to access Cisco 642-524 easily, whenever you want.We provide all our Cisco 642-524 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest Cisco 642-524 content and to print and share content.

Previous post Cisco 642-524 Exam Guide, Provide Discount Cisco 642-524 Real Testing 100% Pass With A High Score
Next post Cisco 642-524 Certification, Useful Cisco 642-524 Real Questions Answers With The Knowledge And Skills