New Version Professional Cisco 642-524 Exam Questions From Flydumps For Free Download

 

Exam A FLYDUMPS bring you the best Cisco 642-524 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-524 exam updates as Microsoft announces a change in its Cisco 642-524 exam syllabus,we inform you about it without delay.
QUESTION 1
Refer to the exhibit. The network administrator for this site wants hosts on DMZ2 to be able to make HTTP connections to host 172.16.1.10. Hosts on DMZ2 are currently unable to make these connections. The network administrator checks the security appliance and determines that there are no access lists configured on either the DMZ1 or DMZ2 interfacE. Which task or set of tasks does the administrator need to complete to enable all hosts on DMZ2 to make HTTP connections to host 172.16.1.10?

A. Configure an access rule on the DMZ2 interface permitting HTTP from network 172.25.3.0/24 to IP address 172.16.1.10. Then enable HTTP inspection in the global policy.
B. Configure an access rule on the DMZ1 interface permitting HTTP from network 172.25.3.0/24 to IP address 172.16.1.10.
C. Configure a dynamic NAT rule specifying DMZ1/172.16.1.0 as the original interface/address and DMZ2/172.25.3.0 as the translated interface/address.
D. Configure a dynamic NAT rule specifying DMZ2/172.25.3.0 as the original interface/address and DMZ1/172.16.1.0 as the translated interface/address.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which three statements about clientless SSL VPN are true? (Choose three. )
A. Users are not required to use any particular PC or workstation.
B. It requires little or no desktop support by IT organizations.
C. Client software is dynamically downloaded from the adaptive security appliance to the remote PC without any interaction from the end user or the network administrator.
D. Users have full, direct access to resources on the internal network.
E. It requires an SSL-enabled web browser.
F. Browser cookies must be disabled for the proper operation of clientless SSL VPN.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which four parameters must be defined in an IKE policy when creating an IPsec site-to-site VPN? (Choose four.)
A. message encryption algorithm
B. message integrity (hash) algorithm
C. perfect forward secrecy
D. peer authentication method
E. key exchange parameters (DH group ID)
F. interesting traffic

Correct Answer: ABDE Section: (none) Explanation
Explanation/Reference:
QUESTION 4
To require users to authenticate before accessing the corporate DMZ servers, the network security administrator needs to configure cut-through proxy authentication via RADIUS. Which three tasks are required to accomplish this goal? (Choose three. )
A. Specify a AAA server group.
B. Designate an authentication server.
C. Add users to the local user database
D. Configure per-user overridE.
E. Configure a rule that specifies which traffic flow to authenticatE.
F. Assign ACLs to users or groups.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. Which two statements about configuring passive RIP on the security appliance are true? (Choose two.)

A. You must specify a classful network IP address to define a network for the RIP routing process.
B. Auto-summarization must be disabled when using RIP version 1.
C. There is no limit to the number of networks you can specify for the RIP routing process.
D. If you enable passive RIP, all interfaces must operate in passive modE.
E. Enabling passive RIP mode causes the security appliance to receive all RIP routing updates but send only a default route to neighboring routers.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which three steps are mandatory for configuring VLAN trunking on a security appliance interface? (Choose three. )
A. configuring the speed and duplex on a subinterface to match to the speed and duplex settings of an associated physical interface
B. specifying a name for a subinterface
C. configuring a MAC address for a subinterface
D. associating a logical interface with a physical interface
E. specifying a VLAN ID for a subinterface
F. specifying the maximum transmission unit for a subinterface

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Which three commands would verify that the boot image is asa802-k8.bin? (Choose three. )

A. show disk0:
B. show bootvar
C. show startup-config
D. show asdm image
E. show device-boot history
F. show version

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which two statements accurately describe the effects of this configuration? (Choose two.)
class-map INBOUND_HTTP_TRAFFIC match access-list TOINSIDEHOST
class-map OUTBOUND_HTTP_TRAFFIC match access-list TOOUTSIDEHOST policy-map MYPOLICY class INBOUND_HTTP_TRAFFIC inspect http set connection conn-max 100 policy-map MYOTHERPOLICY class OUTBOUND_HTTP_TRAFFIC inspect http service-policy MYOTHERPOLICY interface inside service-policy MYPOLICY interface outside
A. Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to maximum connection limits only.
B. Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection and connection limits.
C. Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
D. Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection.
E. Traffic that matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
F. Traffic that enters the security appliance through the inside interface is subject to HTTP inspection.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:

Whenever Cisco candidates take a tour of sample questions of Cisco 642-524 exam they find their training to be matchless to great extent. Passing the Cisco 642-524 on your own can be a difficult task, but with Cisco 642-524 preparation products, many candidates who appeared online passed Cisco 642-524 easily.