642-523 - SNPA - Securing Networks with PIX and ASA Exam
Go back to Cisco
What does the activation-key command in the Cisco ASA do?
applies the activation key to the Cisco ASA operating system, so that the Cisco ASA is licensed and all features are available
When an administrator adds the same-security-traffic permit inter-interface command to a Cisco ASA, what will happen?
Communication will be allowed between different interfaces with the same security level.
Which of the following statements about adaptive security appliance failover is true?
The PIX adaptive security appliance supports LAN-based and cable-based failover.
Which of these commands enables IKE on the outside interface?
isakmp enable outside
Which of these commands would block all SIP INVITE packets, such as calling-party and request-method, from specific SIP endpoints?
Group the match commands in a SIP inspection class map.
You are configuring a crypto map. Which of these commands would you use to specify the peer to which IPsec-protected traffic can be forwarded?
crypto map peer7 10 set peer 192.168.7.2
An internet user is sending HTTP traffic to a DMZ server with the external address of 192.168.1.4. Which command will redirect HTTP traffic bound for the DMZ web server to its real IP address of 10.10.11.4?
static (dmz,outside) tcp 192.168.1.4 www 10.10.11.4 www
Which mode of operation must you enter in order to recover the Cisco ASA password?
What does the csd enable command enable on the Cisco ASA?"
It enables the Cisco Secure Desktop for SSL VPN clients when they connect.
Which command configures the Cisco ASA console for SSH access by a local user?
aaa authentication ssh console LOCAL
A security appliance administrator has defined a regular expression to match an unauthorized website. Which pair of commands would the administrator need to enter to configure a regular expression class map?
class-map type regex match-any URL match regex UNAUTHORIZED_SITE
Which of the following statements about the configuration of WebVPN on the Cisco ASA is true for Cisco ASA version 7.2?
WebVPN and Cisco ASDM can both be enabled on the same interface, but must run on different TCP ports.
Which of these commands will configure the adaptive security appliance to use an ACS server for console access authentication?
aaa authentication serial console SRVGRP1 LOCAL
Which command both verifies that NAT is working properly and displays active NAT translations?
Which of these commands must be used when configuring advanced FTP inspection, such as FTP banner masking or the blocking of specific usernames?
policy-map type inspect ftp
On a Cisco ASA adaptive security appliance, the administrator enters the boot config disk0:/startup.txt command. What will this command do when the system is reloaded?
It will configure the Cisco ASA to boot using the startup.txt config file stored in flash memory.
Which command configures the adaptive security appliance interface as a DHCP client and sets the default route to be the default gateway parameter returned from the DHCP server?
ip address dhcp setroute
Which command will provide interface IP information, the interface operational status, and the interface configuration method for an adaptive security appliance?
show interface ip brief
What does the nat 0 command do?
The nat 0 command, followed by an access list, specifies the addresses that are not to be translated.
When configuring a crypto ipsec transform-set command, how many unique transforms can a single transform set contain?
Which of these commands enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?
dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
Which of these regular expressions would best match the website address "www.cisco.com/go/ccsp"?
The primary adaptive security appliance failed, so the secondary adaptive security appliance was automatically activated. The network administrator then fixed the problem. Now the administrator wants to return the primary to "active" status. Which of these commands, when issued on the primary adaptive security appliance, will reactivate the primary adaptive security appliance and restore it to "active" status?
failover active group 1
An administrator receives a new Cisco ASA. Which command, when entered from the console, directs the Cisco ASA to provide interactive prompts that aid in the building of a first-use, minimal configuration?
Which of these statements regarding Active/Active failover configurations is correct?
Configure two failover groups: group 1 and group 2.
Which of these commands displays the status of the CSC SSM on the Cisco ASA?
show module 1 details
Which command will set the default route for an adaptive security appliance to the IP address 10.10.10.1?
route outside 0 0 10.10.10.1 1
Which of these commands will provide detailed information about the crypto map configurations of a Cisco ASA?
show run crypto map
Which of these commands causes the CSC SSM to load a new software image from a remote TFTP server via the CLI?
hw module 1 recover config
Which username and password can you use to establish an SSH connection to your adaptive security appliance when no local or remote user database has been configured?
the username "pix" and the password "cisco"