The Cisco Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the CSPFA v3.2 course.??The 642-521??exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the PIX Firewall product family. CCNA or CCDA recertification candidates who pass the 642-521 CSPFA exam will be considered recertified at the CCNA or CCDA level. The exam 642-521 register URL???Pearson VUE or Prometric.

???????????????????????????????????????????????????????????????????? 642-502???????????????????? 642-503

???????????????????????????????????????????????????????????????????? 642-521??????????????????????642-522

???????????????????????????????????????????????????????????????????? 642-542??????????????????????642-551

???????????????????????????????????????????????????????????????????????????????????????????? 642-552

1.What is the primary type of intrusion prevention technology used by Cisco IPS security appliances?
A: profile-based
B: rule-based
C: signature-based
D: protocol analysis-based
Correct Answers:?? C
2.A mission critical server application embeds a private IP address and port number in the payload of packets that is used by the client to reply to the server. Why is implementing NAT over the Internet supporting this type of application an issue?
A: Embedded IP addresses causes NAT to do extensive packet manipulation. This process is very time intensive and the added delay causes the connection in these types of applications to time out and fail.
B: When the client attempts to reply to the server using the embedded private IP address instead of the public IP address mapped by NAT, the embedded private IP address will not be routable over the Internet.
C: NAT traversal can’t be used for embedded IP addresses. Mission critical applications typically use NAT transversal to ensure stable timely connections, but not when embedded IP addresses and ports are used.
D: Using NAT makes troubleshooting difficult. You must know the IP address assigned to a device on its NIC and its translated address; it takes too long to determine the source and destination of an embedded IP address, and this delay is not appropriate for mission critical applications.
Correct Answers:?? B
3.What is the first step you need to perform on a router when configuring role-based CLI?
A: place the router in global configuration mode
B: create a parser view called root view
C: enable role-based CLI globally on the router using the privilege exec level Cisco IOS command.
D: enable the root view on the router
E: log in to the router as the “root” user

Correct Answers:?? D

The Gateway Gatekeeper 642-453 GWGK is the exam associated with the CCVP certification. Candidates can prepare for this exam by taking the Gateway Gatekeeper (GWGK) course.??The 642-503??exam tests a candidate’s knowledge of the implementation of Cisco gateways and gatekeepers, including integration of a VoIP network to both PSTN and TDM equipment. Topics for exam 642-503 covered include implementing dial plans and advanced gateway features such as SRST and DSP resources, implementing gatekeepers and directory gatekeepers to provide hierarchical dial plan resolution, and call admission control.

?????????????????????????????????????????????????????????????????????????? 642-502???????????????????????????????? 642-503

?????????????????????????????????????????????????????????????????????????? 642-521??????????????????????????????????642-522

?????????????????????????????????????????????????????????????????????????? 642-542??????????????????????????????????642-551

???????????????????????????????????????????????????????????????????????????????????????????????????? 642-552

1.When configuring ACS 4.0 Network Access Profiles (NAPs), which three things can be used to determine how an access request is classified and mapped to a profile? (Choose three.)
A:Network Access Filters (NAFs)
B:RADIUS Authorization Components (RACs)
C:the authentication method
D:the protocol types
E:advance filtering
F:RADIUS VSAs
Correct Answers:?? A, D, E
2.When you configure a site-to-site IPsec VPN tunnel, which configuration must be the exact reverse (mirror image) of the other IPsec peer?
A: IPsec transform set
B: ISAKMP policy
C: crypto ACL
D: pre-shared key
E: crypto map
F: static route
Correct Answers:?? C
3.When configuring FPM, what should be the next step after the PHDFs have been loaded?
A: Define a stack of protocol headers.
B: Define a traffic policy.
C: Define a service policy.
D: Define a class map of type “access-control” for classifying packets.
E: Reload the router.
F: Save the PHDFs to startup-config.
Correct Answers:?? A
4.When you implement IBNS (802.1x authentication), what is defined using the Tunnel-Private-Group-ID (81) RADIUS attribute?
A: the EAP type
B: the shared secret key
C: the ACL name
D: the VLAN name
E: the NAP
F: the NAF

Correct Answers:?? D

Cisco 642-502 exam name:Securing Networks with Cisco Routers and Switches Exam(SNRS).The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course.??The 642-502??exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

???????????????????????????????????????????????????? 642-502???????????????????????? 642-503

???????????????????????????????????????????????????? 642-521?????????????????????? ??642-522

???????????????????????????????????????????????????? 642-542???????????????????????? 642-551

???????????????????????????????????????????????????????????? ??642-552