642-524 Exam

免费下载 642-524 认证考题Demo

下载 642-524 PDF 认证考试题库
考试引擎下载

选择 pass4side 642-524 题库

642-524 考试是 Cisco 公司的 Securing Networks with ASA Foundation 认证考试官方代号，pass4side 的 642-524 权威考试题库软件是 Cisco 认证厂商的授权产品，pass4side 绝对保证第一次参加 642-524 考试的考生即可顺利通过，否则承诺全额退款！

1、Pass4Side考题大师642-524试题都是考试原题的完美组合，覆盖率95％以上，答案由多位专业资深讲师原版破解得出，正确率100％，只要您使用本站的考试题库参加642-524 考试，我们保证您一次轻松通过考试；

2、售后服务第一！我们相信要想在当今时代取得成功，必须为广大用户提供全套的周到细致的全程优质售后服务，只有客户满意了，我们才能发展。客户至上是我们Pass4Side考题大师的一贯宗旨；

3、Pass4Side实行“一次不过全额退款”承诺。如果您购买我们642-524的考题，只要不是首次通过，凭盖有PROMETRIC或VUE考试中心钢印的考试成绩单，我们将退还您购买642-524考题大师的全部费用，绝对保证您的利益不受到任何的损失；

4、本站642-524题库根据642-524考试的变化动态更新，在厂家考题每次发生变化后，我们承诺2天内更新642-524题库。在您购买我们的产品之后，我们将提供90天的免费更新。确保642-524考题的覆盖率始终都在95％以上；我们提供2种 642-524 考题大师版本供你选择。

5、软件版本642-524 考试题库
优点：具有学习模式，测试模式，线上自动升级
缺点：仅限固定电脑使用，不可打印为文本，只能PC阅读

6、PDF 格式642-524 考试题库(部分最新更新科目已不提供PDF)
优点：不需下载安装软件，方便用户打印和携带，但也带来了可随意制的弊端，因此我们提醒用户不得随意公开或出售本站的642-524题库，一经发现立即取消其升级资格，且不予退款。
缺点：不具备测试模式，通过查看 pass4side.cn网站及查收我们的更新E-MAIL获取更新信息。
　
　
Exam : Cisco 642-524
Title : Securing Networks with ASA Foundation


1. To require users to authenticate before accessing the corporate DMZ servers, the network security administrator needs to configure cut-through proxy authentication via RADIUS. Which three tasks are required to accomplish this goal? (Choose three.)
A. Specify a AAA server group.
B. Designate an authentication server.
C. Add users to the local user database.
D. Configure per-user override.
E. Configure a rule that specifies which traffic flow to authenticate.
F. Assign ACLs to users or groups.
Answer: ABE

2. Refer to the exhibit. Given the configuration that is shown, what traffic will be logged to the AAA server?
A. All connection information will be logged in the accounting database.
B. All outbound TCP connection information will be logged in the accounting database.
C. Only authenticated and authorized console connection information will be logged in the accounting database.
D. No information will be logged. This is not a valid configuration because TACACS+ connection information cannot be captured and logged.
Answer: B

3. Which two of the following statements are true about the local user database in the security appliance? (Choose two.)
A. You can create user accounts with or without passwords in the local database.
B. The default privilege level for a new user is 15.
C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
D. You can use the local database for CLI access authentication, privileged mode authentication, command authorization, network access authentication, and network access authorization.
E. You cannot use the local database for network access authentication.
F. The enable_16 user is always present in the local user database and represents the default username.
Answer: AC

4. Refer to the exhibit. Which two statements accurately describe the effect of the configuration that is shown in the exhibit? (Choose two.)
A. Users will be prompted for a username and password when they start HTTP connections to host 192.168.1.11 from the outside.
B. Users will be prompted for a username and password when they start HTTP connections from the inside to host 192.168.1.11 on the outside interface.
C. The security appliance will first contact host 10.0.1.2 on the inside interface for verification of credentials; if host 10.0.1.2 is unavailable, the security appliance will attempt to authenticate the user via the local user database.
D. The security appliance will contact a AAA server in the AUTHIN server group for verification of credentials.
Answer: AD

5. Which two statements accurately describe the downloadable ACL feature of the security appliance? (Choose two.)
A. Downloadable ACLs are the only supported authorization method that works without authentication.
B. Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.
C. Downloadable ACLs are supported using TACACS+ or RADIUS.
D. The downloadable ACL must be attached to a user or group profile on a AAA server.
E. The security appliance supports only per-user ACL authorization.
F. Downloadable ACLs cannot be manually removed; they must expire based on the configured timeout.
Answer: BD

6. Refer to the exhibit. A network administrator wants to authenticate remote users who are accessing the WEB1 server from the Internet. When a remote user initiates a session to the WEB1 server, the ASA1 security appliance will verify the credentials of the user with the TX_ACS AAA server via RADIUS. To accomplish this, the administrator must load and configure Cisco Secure ACS software on the TX_ACS AAA server. During the process, the administrator must correctly configure the AAA client information in the Cisco Secure ACS network configuration window.
What must the administrator place in field A (AAA Client Hostname) and field B (AAA Client IP Address)?
A. ATX_ACS
B10.0.1.10
B. AWEB1
B172.16.1.2
C. AASA1
B10.0.1.1
D. ABOB
B192.168.2.10
Answer: C

7. Refer to the exhibit. Which two scenarios accurately illustrate the effect of the configuration that is shown in the exhibit? (Choose two.)
A. User addison enters the login command at the > prompt and logs in with the correct username and password when prompted. User addison can then enter the global configuration mode on the security appliance.
B. User carter enters the login command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode on the security appliance.
C. User carter enters the enable command at the > prompt and logs in with the correct username and password when prompted. User carter can then enter the global configuration mode.
D. User kenny enters the enable command at the > prompt and logs in with the correct username and password when prompted. User kenny can then enter the global configuration mode.
E. User kenny enters the command enable 10 to access privilege level 10 and provides the password for privilege level 10 when prompted. User kenny can then enter the global configuration mode.
Answer: AD

8. The network security administrator for XYZ Corporation wants to apply specific restrictions to one network user, Bob, who works from home and accesses the corporate network from the outside interface of the security appliance. The administrator decides to use the downloadable ACL feature of the security appliance to control network access for this user. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks does the administrator need to complete in order to accomplish the goal of limiting network access for Bob via downloadable ACLs? (Choose three.)
A. Enable inbound authorization on the security appliance.
B. Configure the security appliance to use downloadable ACLs.
C. Attach the downloadable ACL to the user profile for Bob on the Cisco Secure ACS.
D. In the authorization configuration of the security appliance, specify the RADIUS server where the user account for Bob resides.
E. Configure the Cisco Secure ACS to use downloadable ACLs.
F. Configure the downloadable ACLs on the Cisco Secure ACS.
Answer: CEF