Cisco 642-523 Exam - Certifyme.com

Free 642-523 Sample Questions:

1.For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100*10.0.1.108 and a DNS server of 192.168.1.2?
A.dhcpd address 10.0.1.100*10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
B.dhcpd address range 10.0.1.100*10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ
C.dhcpd range 10.0.1.100*10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
D.dhcpd address range 10.0.1.100*10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer: A

2.Which description is correct about the output provided in the exhibit?

A.The ACLOUT access list has been designed to allow the IP address with the network address of
192.168.6.0 to have unrestricted access to the web server at IP address 192.168.1.11.
B.The ACLOUT access list has been designed to deny the IP address 192.168.1.11 web access to the host with a network address of 192.168.6.0.
C.The ACLIN access list permits web access from host 192.168.6.10 to all hosts behind the Cisco ASA.
D.The ICMPDMZ access list denies all ICMP traffic bound for the bastion host except echo replies
Answer: A

3.What is the effect of the per*user*override option when applied to the access*group command syntax?
A.The log option in the per*user access list overrides existing interface log options.
B.It allows for extended authentication on a per*user basis.
C.It allows downloadable user access lists to override the access list applied to the interface.
D.It increases security by building upon the existing access list applied to the interface. All subsequent users are also subject to the additional access list entries.
Answer: C

4.In order to recover the Cisco ASA password, which operation mode should you enter?
A.configure
B.unprivileged
C.privileged
D.monitor
Answer: D

5.Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?
A.show ip nat all
B.show running*configuration nat
C.show xlate
D.show nat translation
Answer: C

6.What is the result if the WebVPN url*entry parameter is disabled?
A.The end user is unable to access pre*defined URLs.
B.The end user is unable to access any CIFS shares or URLs.
C.The end user is able to access CIFS shares but not URLs.
D.The end user is able to access pre*defined URLs.
Answer: D

7.Which three tunneling protocols and methods are supported by the Cisco VPN Client? (Choose three.)
A.IPsec over TCP
B.IPsec over UDP
C.ESP
D.AH
Answer: A, B, C

8.Tom is a network administrator, study the exhibit carefully. He wants to authenticate remote users who are accessing the P4S*WEB server from the Internet. When a remote user initiates a session to the P4S*WEB server, the ASA1 security appliance will verify the user's credentials with the TX_ACS AAA server via RADIUS. In order to achieve this goal, Tom needs to load and configure Cisco ACS software on the TX_ACS AAA server. During the process, he should appropriately configure the AAA client information in the Cisco ACS network configuration window. What should Tom place in field A (AAA Client Hostname) and field B (AAA Client IP address)?

A.A * P4S*PC B * 192.168.2.10
B.A * TX_ACS B * 10.0.1.10
C.A * P4S*WEB B * 172.16.1.2
D.A * ASA1 B * 10.0.1.1
Answer: D

9.What are the two purposes of the same*security*traffic permit intra*interface command? (Choose two.)
A.It allows all of the VPN spokes in a hub*and*spoke configuration to be terminated on a single interface.
B.It enables Dynamic Multipoint VPN.
C.It permits communication in and out of the same interface when the traffic is IPSec protected.
D.It allows communication between different interfaces that have the same security level
Answer: A, C

10.How many unique transforms will included in a single transform set while configuring a crypto ipsec transform*set command?
A.three
B.two
C.four
D.one
Answer: B

PDF VERSION OF THE EXAM
http://www.certifyme.com/demos/642-523.zip

Official Page for the Exam
642-523 Braindumps 100% Pass Guaranteed at First Attempt - CertifyMe