642-522 Exam

Note: After purchase, we will send questions within 24 hours.

Free 642-522 Demo Download

hiexam offers free demo for CCSP 642-522 exam (Securing Networks with PIX and ASA Exam(SNPA)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Download 642-522 ExamTesting Engine

Exam Description

642-522 exam is one of popular Cisco Certification. Many candidates won't have confidence to get it. Now We guaranteed 642-522 exam training is available in various formats to best suit your needs and learning style. Whether you are a hands-on tactile learner, visually or even a textbook training veteran, Hiexam has the 642-522 resources that will enable you to pass your 642-522 test with flying colors. As with Cisco exams, the CCSP or 642-522 exam is structured to stack or plug into other related courses. The combination of Cisco courses builds the complete core knowledge base you need to meet your Cisco certification requirements.

Why choose hiexam 642-522 braindumps

Read it before. I want to ask you few question.

1. do you know Hiexam?

2. do you know why Only Hiexam can help you ?

3. do you know 642-522 has changed ?

4.do you know you can get 100% guarantee?

OK. you can read this. if you can't find answer. you must contact us.

Quality and Value for the 642-522 Exam
100% Guarantee to Pass Your 642-522 Exam
Downloadable, Interactive 642-522 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.

Hiexam provides the fastest and best way to train 642-522 exam

* Truly interactive 642-522 practice tests
* Create and take notes on any question
* Retake tests until you're satisfied
* You select the areas of the 642-522 exam to cover
* Filter questions for a new practice test each time.
* Re-visit difficult questions

hiexam 642-522 Exam Features

* High quality - High quality and valued for the 642-522 Exam: 100% Guarantee to Pass Your 642-522 exam and get your CCSP certification
* Authoritative - Authoritative study materials with complete details about 642-522 exam
* Cheaper - Our Hiexam products are cheaper than any other website. With our completed CCSP resources, you will minimize your CCSP cost and be ready to pass your 642-522 exam on Your First Try, 100% Money Back Guarantee included
* Free - Try free CCSP demo before you decide to buy it in http://www.hiexam.net
　
　
Exam : Cisco 642-522
Title : Securing Networks with PIX and ASA Exam(SNPA)


1. Refer to the exhibit.
An administrator wants to permanently map host addresses on the DMZ subnet to the same host addresses, but a different subnet, on the outside interface. Which command should the administrator use to accomplish this?
A. NAT (dmz) 0 172.16.1.0 netmask 255.255.255.0
B. access-list server_map permit tcp any 192.168.10.0 255.255.255.0
Nat (outside) 10 access-list server_map
Global (dmz) 10 172.16.1.9-10 netmask 255.255.255.0
C. static (dmz,outside) 192.168.10.0 172.16.1.0 netmask 255.255.255.0
D. NAT (dmz) 1 172.16.1.0 netmask 255.255.255.0
　Global (outside) 1 192.168.10.9-10 netmask 255.255.255.0
Answer: C

2. An administrator is defining a modular policy. As part of the policy, the administrator wants to define a traffic flow between Internet hosts and a specific web server on the DMZ. Which commands should the administrator use?
A. class-map http_traffic
　match port tcp eq www
B. class-map http_traffic
　match flow ip destination address 192.168.1.11
C. class-map http_traffic
　match set 192.168.1.11
D. access-list 150 permit tcp any host 192.168.1.11 eq www
class-map http_traffic
match access-list 150
Answer: D

3. Refer to the exhibit.
The network administrator for this small site has chosen to authenticate HTTP cut-through proxy traffic via a local database on the Cisco PIX Security Appliance. Which command strings should the administrator enter to accomplish this?
A. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
B. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
C. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 172.16.16.6 eq www
pix1(config)# aaa authentication match 150 outside pix1
D. pix1(config)# static (dmz,outside) 192.168.16.6 172.16.16.6
pix1(config)# access-list 150 permit tcp any host 192.168.16.6 eq www
pix1(config)# aaa authentication match 150 outside LOCAL
Answer: D

4. Refer to the exhibit.
An administrator wants a user on the inside network to access two sites on the Internet and present two different source IP addresses. When the user is accessing Company A web servers, the source IP address is translated to 192.168.0.9. When the user is accessing Company B web servers, the source address is translated to 192.168.0.21.
Which of these can the security appliance administrator configure to accomplish this application?
A. inside NAT
B. identity NAT
C. static
D. policy NAT
Answer: D

5. When an outside FTP client accesses a corporation's dmz FTP server through a security appliance, the administrator wants the security appliance to restrict ftp commands that can be performed by the client. Which security appliance commands enable the administrator to restrict the ftp client to performing a specific set of ftp commands.
A. ftp-map inbound_ftp
　request-cmd deny appe dele rmd
B. ftp-map inbound_ftp
　request-cmd permit get put cdup
C. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict get put cdup
D. policy-map inbound
class inbound_ftp_traffic
inspect ftp strict appe dele rmd
Answer: A

http://www.hiexam.net The safer.easier way to get CCSP Certification.