Exam Number
642-523

Associated Certifications
CCSP

Duration
90 minutes (63 questions)

Available Languages
English

Exam Topics
Install and configure a Security Appliance for basic network connectivity
• Describe the Security Appliance hardware and software architecture
• Determine the Security Appliance hardware and software configuration and verify if it is correct
• Use setup or the CLI to configure basic network settings, including interface configurations
• Use appropriate show commands to verify initial configurations
• Configure NAT and global addressing to meet user requirements
• Configure DHCP client option
• Set default route
• Configure logging options
• Describe the firewall technology
• Explain the information contained in syslog files
• Configure static address translations
• Configure Network Address Translations: PAT
• Verify network address translation operation

Configure a Security Appliance to restrict inbound traffic from untrusted sources
• Configure access-lists to filter traffic based on address, time, and protocols
• Configure object-groups to optimize access-list processing
• Configure Network Address Translations: Nat0
• Configure Network Address Translations: Policy NAT
• Configure java/activeX filtering
• Configure URL filtering
• Verify inbound traffic restrictions
• Configure static port redirection
• Configure a net static
• Set embryonic and connection limits on the Security Appliance

Configure a Security Appliance to provide secure connectivity using site-to-site VPNs
• Explain the basic functionality of IPsec
• Configure IKE with preshared keys
• Differentiate between the types of encryption
• Configure IPsec parameters
• Configure crypto-maps and ACLs

Configure a Security Appliance to provide secure connectivity using remote access VPNs
• Explain the functions of EasyVPN
• Configure IPsec using EasyVPN Server/Client
• Configure the Cisco Secure VPN client
• Explain the purpose of SSL VPN
• Configure WebVPN services: Server/Client
• Verify VPN operations
• Install and Configure SVCs
• Install and Configure Cisco Secure Desktop

Configure transparent firewall, virtual firewall, and high availability firewall features on a Security Appliance
• Explain differences between L2 and L3 operating modes
• Configure Security Appliance for transparent mode (L2)
• Explain purpose of virtual firewalls
• Configure Security Appliance to support virtual firewall
• Monitor and maintain virtual firewall
• Explain the types, purpose and operation of fail-over
• Install appropriate topology to support cable-based or LAN-based fail-over
• Explain the hardware, software and licensing requirements for high-availability
• Configure the Security Appliance for active/standby fail-over
• Configure the Security Appliance for stateful fail-over
• Configure the Security Appliance for active-active fail-over
• Verify fail-over operation
• Recover from a fail-over
• Allocate resources to virtual firewalls

Configure AAA services for the Security Appliance
• Configure ACS for Security Appliance support
• Configure Security Appliance to use AAA feature
• Configure authentication using both local and external databases
• Configure authorization using an external database
• Configure the ACS server for downloadable ACLs
• Configure accounting of connection start/stop
• Verify AAA operation

Configure routing and switching on a Security Appliance
• Enable DHCP server and relay functionality
• Configure VLANs on a Security Appliance interface
• Configure Security Appliance to pass multi-cast traffic

Configure Security Appliance advanced application layer and modular policy features
• Configure a class-map
• Configure a policy-map
• Configure a service-policy
• Configure a ftp-map
• Configure a http-map
• Configure an inspection protocol
• Explain the function of protocol inspection
• Explain DNS guard feature
• Describe the AIP-SSM HW and SW
• Load IPS SW in the AIP-SSM
• Verify AIP-SSM
• Configure an IPS modular policy
• Describe the CSC-SSM HW and SW
• Configure a typed class map
• Configure a typed policy map
• Use typed policy maps to specify granular inspection parameters for a policy map
• Configure regex class maps
• Create regular expressions
• Load CSC SW on the SSM
• Verify the CSC-SSM
• Divert traffic to the CSC-SSM
• Initialize the CSC-SSM

Monitor and manage an installed Security Appliance
• Obtain and apply OS updates
• Backup and restore configurations and software
• Explain the Security Appliance file management system
• Perform password/lockout recovery procedures
• Obtain and upgrade license keys
• Configure passwords for various access methods: Telnet, serial, enable, SSH
• Configure various access methods: Telnet, SSH, ASDM
• Configure command authorization and privilege levels
• Configure local username database
• Verify access control methods
• Enable ASDM functionality
• Verify a Security Appliance configuration via ASDM
• Verify the licensing available on a Security Appliance
• Add, delete, and modify syslog messages