
	Homepage \| Add to Favourites

Search the Web

CISCO CERTIFICATION

CCNA

CCNP

CCSP

CCIP

CCIE R&S

CCIE Security

WINDOWS CERTIFICATION

Download Free Tests

642-521 : Secure PIX Firewall Exam (CSPFA)

QUESTION 91 Which of the following commands allows an administrator to disable IP address translation through a pix?

A. NAT 0

B. Global disable

C. access list

D. static Answer: A Explanation: If you want to disable the ip address translation of a host as it goes through a pix, reference that host in an NAT 0 command. All hosts reference in nat 0 will not have their ip addresses translated and the destination host will see its real ip address.

QUESTION 92 Which of the following pix commands will drop all current ip address translations?

A. clear xlate

B. drop xlate

C. xlate erase

D. xlate release Answer: A Explanation: The pix clear xlate command will drop all current ip address translations the pix has made, and will force the hosts to have their ip addresses retranslated.

QUESTION 93 Which of the following are PDM main tabs? Choose 3.

A. hosts/networks

B. administration

C. update server

D. vpn

E. monitoring Answer: A,D,E Explanation: The Pix Device Manager (PDM) GUI has 6 tabs. Access rules, translation rules, vpn, hosts/networks, monitoring, and system properties.

QUESTION 94 When connecting to a pix firewall PDM, what username is used?

A. pix

B. admin

C. cisco

D. (none) Answer: D Explanation: Pix PDM connections prompt for a username and password. The username field is left blank, and the enable password is used as the password.

QUESTION 95 What is the highest PDM version you can use with pix OS version 6.0?

A. 1.0

B. 1.1

C. 2.0

D. 2.1 Answer: B Explanation: Pix OS versions 6.1 and below can run PDM 1.1. To run PIX
PDM 2.0, you must have pix OS 6.2 or higher.

QUESTION 96 What is the maximum number of syslog messages the pix firewall can store with internal buffers?

A. 20

B. 100

C. 350

D. 600 Answer: B Explanation: The internal buffers can only store a maximum of 100 syslog messages. Once the buffers are full, the oldest syslog messages will start to be written over.

QUESTION 97 Which of the following is a valid pix transform set? Choose all that apply.

A. crypto isakmp transform-set tunnel esp-des

B. crypto isakmp transform-set tunnel ah-sha-hmac esp-des

C. crypto ipsec transform-set tunnel esp-3des ah-md5-hmac

D. crypto ipsec transform-set tunnel ah-sha-hmac Answer: C,D Explanation: To configure a transform set on the pix, use the crypto ipsec transform-set (name) command, followed by the AH (md5, sha-1) and ESP(des, 3des, aes) transforms you wish to use.

QUESTION 98 Which of the following operating systems can CSACS be installed on? Choose all that apply.

A. windows nt

B. UNIX

C. solaris

D. Macintosh

E. windows 2000 Answer: A,E Explanation: The Cisco Secure Access Control Server (CSACS) application developed by Cisco is available for Windows NT and Windows 2000 only.

QUESTION 99 How do you add a AAA server to your pix firewall configuration?

A. aaa-server farm tacacs+

B. aaa-server farm protocol tacacs+

C. aaa new-model farm radius

D. aaa new-model farm tacacs+ Answer: B Explanation: Add a AAA server to your pix configuration by using the aaa-server (server name) protocol (radius/tacacs+) command.

QUESTION 100 How can you view the files listed in pix flash memory?

A. show pix flash

B. show flash memory

C. show flashfs

D. show flash mfs Answer: C Explanation: The pix show flashfs command will display all of the files listed in flash memory such as the pix OS image, PDM, etc.

Top of page	23 of 23

Search and Find Anything Here

Web	www.ciscohighway.com