642-522 Exam

Note: After purchase, we will send questions within 24 hours.

Free 642-522 Demo Download

Examsoon offers free demo for CCSP 642-522 exam (Securing Networks with PIX and ASA Exam(SNPA)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Download 642-522 PDF Demo

Download 642-522 ExamTesting Engine

Exam 642-522 Preparation from Examsoon include:

After you purchase our product, we will offer free update in time for 90 days.
100% Pass Guaranteed at First Attempt Or Free Update
Immediate Download After Purchase
Comprehensive questions with complete details
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Examsoon
Questions updated on regular basis
our product is in multiple-choice questions (MCQs)

Passing the Cisco 642-522 Exam:Passing the 642-522 exam has never been faster or easier, now with the questions and answers, without the messy 642-522 exam that are frequently incorrect. Examsoon Unlimited Access Exams are not only the cheaper way to pass without resorting to 642-522 tests, but at only $ 50.00 you get access to the exam from every certification vendor.

Our 642-522 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT.

Cisco 642-522 Search Help Feel free to use search terms below while searching the Net for 642-522 exam:

642-522 brain dump simulations
642-522 Test question
642-522 braindump work
642-522 master exams
642-522 braindump model
642-522 latest test

Commitment to Your Success:

At Examsoon we are committed to you ongoing success. Our exams are constantly being updated and compared to industry standards.

You are not about to purchase a disposable product. 642-522 exam updates are supplied free of charge. Regardless of how soon you decide to take the 642-522 examination certification, you will be able to walk into the testing room as confident as the Certification Administrator.

Skip all the worthless 642-522 tutorials and download 642-522 exam materials with questions and answers and a price too unbelievable to pass up. Act now and download it today!

http://www.Examsoon.com The safer.easier way to get CCSP Certification.
　
　
Exam : Cisco 642-522
Title : Securing Networks with PIX and ASA Exam(SNPA)


1. Refer to the exhibit.
An administrator wants to permanently map host addresses on the DMZ subnet to the same host addresses, but a different subnet, on the outside interface. Which command should the administrator use to accomplish this?
A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0
B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0
Nat (outside) 10 access-list server_map
Global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. NAT (dmz) 1 172.16.1.0 netmask 255.255.255.0
　Global (outside) 1 192.168.10.9-10 netmask 255.255.255.0
Answer: C

2. An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which commands should the administrator use?
A. class-map http_traffic
　match port tcp eq www
B. class-map http_traffic
　match flow ip destination address 192.168.1.11
C. class-map http_traffic
　match set 192.168.1.11
D. access-list 150 permit tcp any host 192.168.1.11 eq www
class-map http_traffic
match access-list 150
Answer: D

3. Refer to the exhibit.
The network administrator for this small site has chosen to authenticate HTTP cut-through proxy traffic via a local database on the Cisco PIX Security Appliance. Which command strings should the administrator enter to accomplish this?
A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
Answer: D

4. Refer to the exhibit.
An administrator wants a user on the inside network to access two sites on the Internet and present two different source IP addresses. When the user is accessing Company A web servers, the source IP address is translated to 192.168.0.9. When the user is accessing Company B web servers, the source address is translated to 192.168.0.21.
Which of these can the security appliance administrator configure to accomplish this application?
A. inside NAT
B. identity NAT
C. static
D. policy NAT
Answer: D

5. When an outside FTP client accesses a corporation's dmz FTP server through a security appliance, the administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp
　request-cmd deny appe dele rmd
B. ftp-map inbound_ftp
　request-cmd permit get put cdup
C. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict get put cdup
D. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict appe dele rmd
Answer: A