Pass4sure Cisco Certification

Cisco Secure PIX Firewall Exam
Retired

Exam Number: 642-521
Associated Certifications: CCSP, Cisco Firewall Specialist
Duration: 75 minutes (55-65 questions)
Available Languages: English
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources

Exam Description

The Cisco Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the CSPFA v3.2 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the PIX Firewall product family. CCNA or CCDA recertification candidates who pass the 642-521 CSPFA exam will be considered recertified at the CCNA or CCDA level.

Exam Topics

The following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam.

Cisco PIX Firewall Technology and Features
• Firewalls
• PIX Firewall models

Cisco PIX Firewall Family
• PIX Firewall models
• PIX services module
• PIX Firewall licensing

Getting Started with the Cisco PIX Firewall
• User interface
• Examining the PIX Firewall status
• ASA security levels
• Basic PIX Firewall configuration
• Syslog configuration
• DHCP server configuration
• PPPoE and the PIX Firewall

Translations and Connections
• Transport Protocols
• Network Address Translation
• Configuring DNS Support
• Port Address Translations

Access Control Lists and Content Filtering
• ACLS
• Converting Conduits to ACLS
• Using ACLS

Object Grouping
• Overview of object grouping
• Getting started with object groups
• Configuring object groups
• Nested object groups

Advanced Protocol Handling
• Advanced protocols
• Multimedia support

Attack Guards, Intrusion Detection, and Shunning
• Attack guards
• Intrusion detection

Authentication, Authorization, and Accounting
• Introduction
• Installation of CSACS for Windows NT
• Authentication configuration
• Downloadable ACLS

Failover
• Understanding failover
• Serial failover configuration
• LAN-based failover configuration

Virtual Private Networks
• PIX Firewall enables a secure VPN
• Prepare to configure VPN support
• Configure IKE parameter
• Configure IPSec parameters
• Test and verify VPN configuration
• Cisco VPN Client
• Scale PIX Firewall VPNs

System Maintenance
• Remote access
• Command authorization

Cisco PIX Device Manager
• PDM overview
• Prepare for PDM
• Using PDM to configure the PIX Firewall
• Using PDM to create a site-to-site VPN
• Using PDM to create a remote access VPN

Enterprise PIX Firewall Management
• Configuring access and translation rules
• Reporting, tools, and administration

Enterprise PIX Firewall Maintenance
• Introduction to the auto update server
• PIX Firewall and AUS communication settings
• Devices, images, and assignments
• Reports and administration

Firewall Services Module
• FWSM overview
• Using PDM with the FWSM

QUESTION 1:

You are the security administrator at Certkiller Inc. and your assignment is to match the firewall technology with its description.

Answer:

Explanation:
Proxy server – hides valuable data by requiring users to communicate with secure
system by means of a proxy. Users gain access to the network by going through a process that establishes session state, user authentication, and authorized policy.
Packet filters – A Cisco router configured with an ACL to filter traffic flowing through it
is an example of a packet filter.
Stateful Packet filters – A stateful packet filter keeps complete session state information for each session built through the firewall. Each time an IP connection is established for
an inbound or outbound connection, the information is logged in a stateful session flow table.
Reference: Cisco Secure PIX Firewall (Ciscopress) pages 16 – 18

QUESTION 2:

Which of the following is a problem with packet-filtering firewalls?

A. It is simple to add new services to the firewall, and services can be easily exploited.
B. Packets are permitted to pass through the filter by being fragmented. C. It is problematic to add new services to the firewall.
D. Packets are unable to pass through the filter by being fragmented.

Answer: B

TK

Explanation:
Packet filtering
A firewall can use packet filtering to limit information entering a network or information moving from one segment of a network to another. Packet filtering uses access control
lists (ACLs), which allow a firewall to accept or deny access based on packet types and other variables.
This method is effective when a protected network receives a packet from an unprotected network. Any packet that is sent to the protected network and does not fit the criteria defined by the ACLs is dropped.
However, there are problems with packet filtering:
1. Arbitrary but undesirable packets can be sent that fit the ACL criteria and, therefore, pass through the filter.
2. Packets can pass through the filter by being fragmented.
3. Complex ACLs are difficult to implement and maintain correctly.
4. Some services cannot be filtered. PIX FW Advanced, Cisco Press, p. 18
Reference: CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-5

QUESTION 3:

At which of the following stages will the PIX Firewall log information about packets, such as source and destination IP addresses, in the stateful session table?

A. Each time it is reloaded.
B. Each time a TCP or UDP outbound connection attempt is made.
C. Each time a TCP or UDP inbound or outbound connection attempt is made. D. Only when a TCP inbound or outbound connection attempts is made.
E. Never.
Answer: C Explanation:
Stateful packet filterin is the method used by the Cisco PIX Firewall. This technology maintains complete session state. Each time a Transimission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established for inbound or outbound connections, the information is logged in a stateful session flow table.
Reference: CSPFA Student Guide v3.2 – Cisco Secure PIX Advanced p.3-7
PIX FW Advanced, Cisco Press, p. 19

QUESTION 4:

John the security administrator at Certkiller Inc. is working on configuring the PIX Firewall. John must choose two features on the PIX Firewall? (Choose two)

A. One feature is it uses Cisco Finesse operating system.

TK

B. One feature is it uses Cisco IOS operating system.
C. One feature is it’s based on Windows NT technology.
D. One feature is it snalyzes every packet at the application layer of the OSI model.
E. One feature is it can be configured to provide full routing functionality.
F. One feature is it uses a cut-through proxy to provide user-based authentication connections.
Answer: A, F Explanation:
The PIX Firewall features the following technologies and benefits
Non-Unix, secure, real-time, embedded system
ASA
Cut-through proxy – A user-based authentication method of both inbound and outbound connections, providing improved performance in comparison to that of a proxy server. Statefull packet filtering
Finesse, a Cisco proprietary operating system, is a non-unix, non-windows nt, IOS-like operating system. Use of Finesse eliminates the risks associated with general-purpose operating system.
Reference: Cisco Secure PIX Firewall Advanced 3.1 chap 3 pages 8-9

QUESTION 5:
What is the operating system that a pix runs? A. unix
B. solaris
C. windows
D. none of the above
Answer: D Explanation:
The pix firewall runs code written by Cisco specifically to function as a hardened firewall, limiting its vulnerabilities.

QUESTION 6:

What encryption protocols does the pix firewall support for vpn’s? Choose all that apply.

A. MD5
B. 3DES C. AES D. DES

TK

Answer: B,C,D

Explanation:
The pix firewall supports 56 bit DES, 168 bit 3DES, and 128, 192, and 256 bit AES
encryption protocols for IPSEC VPN’s.

QUESTION 7:

What is the maximum number of interfaces the PIX Firewall 535 supports with an unrestricted license?

A. PIX Firewall 535 supports 20
B. PIX Firewall 535 supports 10
C. PIX Firewall 535 supports 6
D. PIX Firewall 535 supports 5

Answer: B

Explanation: A total of eight interface circuit boards are configurable with the restricted license and a total of ten are configurable with the unrestricted license.
- The Cisco PIX 535 Security Appliance support up to 10 Physical Ethernet interfaces.
- With version 6.3 the PIX supports a total of 24 combined physical and virtual interfaces.
- A total of 8 interfaces are configurable on the PIX 535 with the restricted license, and a total of 10 are configurable with the unrestricted license.
PIX model license Comparison

Reference:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a

0

QUESTION 8:

As of PIX Firewall release 6.3, Advanced Encryption Standard (AES) is supported on a PIX Firewall.
Which of the following statements regarding the capabilities of AES on the PIX Firewall is valid?

Free 642-521 Exams’s PDF Download
Free Testking offers free demo for 642-521 PDF(Cisco Secure PIX Firewall Advanced). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Cisco Secure PIX Firewall Advanced.

Recommended Training about 642-521 exam PDF
The following courses are the recommended training for 642-521 exam PDF.
642-521 Q & A with Explanations
642-521 Audio Exam
642-521 Study Guide
642-521 Preparation Lab

Exam Number/Code: 642-521
Exam Name: Cisco Secure PIX Firewall Advanced
VUE Code: 642-521
Questions Type: Single choice,
Question Numbers of Real-exam: 55-65 questions

“Cisco Secure PIX Firewall Advanced”, also known as 642-521 exam, is a Cisco certification.
Preparing for the 642-521 exam? Searching 642-521 Test Questions, 642-521 Practice Exam, 642-521 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 192 Q&As to your 642-521 Exam preparation. In the 642-521 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

Questions and Answers : 192 Q&As
Updated: May 4th , 2008
Market Price: $119.99
Member Price: $89.99

Pass4sure 642-521 CSPFA
Interactive Testing Engine Included!
246 Questions
Updated : 09/18/2008
Price : $87.99 $79.99

Free download?pass4sure 642-521 CSPFA
Free download?testking 642-521 CSPFA

PassGuide Braindumps: provides high quality Cisco exam practice questions and Training Materials.Hel you Pass Cisco Certifications

Download Free Latest Pass4sure P4S PassForsure Braindumps

1. Free Pass4sure 642-522 SNPA 2.93
2. Free pass4sure cisco ccsp dumps 2.83
3. Free New pass4sure cisco ccsp dumps 2.83
4. Free Pass4sure 642-552 SND 2.83
5. Free Pass4sure 642-523 SNPA 2.93
6. Free Pass4sure 642-502 SNRS 2.93
7. Free Pass4sure 642-551 SND 2.83
8. Free Pass4sure 642-825 ISCW 2.93
9. Free Pass4sure 350-022 CCIE 2.83
10. Free Pass4sure 642-511 CSVPN 2.93