Cisco Exam #642-522: SNPA Exam (Cisco Press)
Check your aptitude in configuring and managing Cisco PIX and ASA security appliances for the CCSP or Cisco Firewall Specialist certifications with these 10 sample questions.
courtesy of Cisco Press
Question:
1. What design features enables a Cisco Security Appliance, such as the PIX Firewall, to outperform conventional application firewalls?
a. The Adaptive Security Algorithm
b. Super-packet filtering
c. Purpose-built, real-time operating environment
d. Hot standby proxy processing
e. Cut-through Proxy support
2. A Cisco Security Appliance can be configured to send syslog messages to all of the following except which one?
a. Console
b. Telnet session
c. Serial port
d. Syslog server
e. Answers a, b, c, and d are correct
3. Which platform does Cisco Secure ACS for Windows Version 3.3 currently support?
a. Windows XP Professional
b. Windows 2000 Server
c. Windows NT Workstation
d. Windows 2000 Professional
4. Why is it difficult to penetrate a Security Appliance over UDP port 53?
a. The Security Appliance allows multiple outbound queries but randomizes the UDP sequence numbers.
b. The Security Appliance allows queries to go out to multiple DNS servers but drops all but the first response.
c. The Security Appliance allows responses only to outbound DNS queries.
d. All of the above
5. Which command lets you create a network object group?
a. object-group network group-id
b. enable object-group network group-id
c. create network object-group
d. network object-group enable
6. What part of the Modular Policy Framework assigns a Traffic Class?
a. Service map
b. Priority map
c. Class map
d. Policy map
7. If an AIP-SSM module fails while using an IPS policy, what command allows traffic to continue to transmit during the failure?
a. pass-thru
b. fail-close
c. cross-connect
d. fail-open
8. What type of Ethernet VLAN tagging does a ASA Security Appliance support?
a. ISL
b. 802.1x
c. 802.1q
d. 802.3
e. None of these answers are correct
9. What is the size of the output for a MD5 hash?
a. There is no fixed size.
b. 256 bits
c. 255 bits
d. 128 bits
e. None of these answers are correct
10. What features of WebVPNs differ from IPSec VPNs?
a. WebVPNs are clientless.
b. WebVPNs allow Port Forwarding.
c. WebVPNs securely accesses e-mail systems.
d. WebVPNs are supported only by ASA 55X0 firewalls.
e. None of these answers are correct.
1. Answers A, C and E are correct.
2. Answer E is correct.
3. Answer B is correct.
4. Answer B is correct.
5. Answer A is correct.
6. Answer C is correct.
7. Answer D is correct.
8. Answer C is correct.
9. Answer D is correct.
10. Answers A, B and C are correct.
Questions and answers provided by Cisco Press from the book "CCSP SNPA Official Exam Certification Guide, 3rd Edition," to be published in April 2006. To order the book, click here.
More Pop Quiz:
|
