Where to free download the new Cisco 642-515 exam questions to pass the exam easily? Now,Flydumps has publised the new version of Cisco 642-515 exam dumps with new added exam questions.you can also get free VCE and PDF, and the new Cisco 642-515 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!
QUESTION 60
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
What is the impact of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?
A. Masks the FTP banner.
B. Tracks each FTP command and response sequence for certain anomalous activity.
C. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
D. Prevents web browsers from sending embedded commands in FTP requests.
Correct Answer: C Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 61
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which two impacts are of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?
A. Prevents all users except “root” from accessing the path /root.
B. Logs all attempts to download files from the FTP server on the inside interface.
C. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.
D. Resets connections that send embedded commands.
Correct Answer: CD Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 62
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which option is correct with regard to HTTP inspection on the Cisco Adaptive Security Appliance?
A. HTTP traffic is inspected as it enters or exits the outside interface.
B. HTTP traffic is inspected only as it enters any interface.
C. Advanced HTTP inspection is applied to traffic entering the outside interface, and basic HTTP inspection is applied to traffic entering any interface.
D. HTTP traffic is inspected as it enters or exits any interface.
Correct Answer: A Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 63
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which step will be taken by the Cisco Adaptive Security Appliance on FTP traffic entering its outside interface?
A. Masks the FTP greeting banner.
B. Translates embedded IP addresses.
C. Blocks the FTP request commands APPE, GET, RNFR, RNTO, DELE, MKD, and RMD.
D. Prevents all users except “root” from accessing the path/root.
Correct Answer: B Section: Firewall/Policys Explanation Explanation/Reference:
QUESTION 64
Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins?
A. web-enabled applications
B. Microsoft Outlook Web Access
C. files on the network, via FTP or the CIFS protocol
D. internal websites
Correct Answer: ABCD Section: VPN Explanation
Explanation/Reference:
QUESTION 65
While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.)
A. best effort queue
B. round robin queue
C. weighted fair
D. low latency queue
Correct Answer: AD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 66
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is notenabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.
Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 67
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 68
Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Study the following exhibit carefully. What does Reverse Route Injection enable in this configuration?
A. The Cisco ASA security appliance will advertise its default routes to the distant end of the site- to-site VPN tunnel.
B. The Cisco ASA security appliance will advertise routes that are at the distant end of the site-to- site VPN tunnel.
C. The Cisco ASA security appliance will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.
D. The Cisco ASA security appliance will advertise routes from the dynamic routing protocol that is running on the Cisco ASA security appliance to the distant end of the site-to-site VPN tunnel.
Correct Answer: B Section: Other Explanation
Explanation/Reference: QUESTION 69
Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.)
A. The security appliance scanning threat detection feature is based on traffic signatures.
B. The threat detection feature can help you determine the level of severity for packets that are detected and dropped by the security appliance inspection engines.
C. Because of their impact on performance, both basic threat detection and scanning threat detection are disabled by default.
D. Scanning threat detection detects network sweeps and scans and optionally takes appropriate preventative action.
Correct Answer: BD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 70
For configuring VLAN trunking on a security appliance interface, which three actions are mandatory? (Choose three.)
A. associating a logical interface with a physical interface
B. specifying a VLAN ID for asubinterface
C. specifying a name for asubinterface
D. specifying the maximum transmission unit for asubinterface
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 71
Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)
A. 802.1Q VLANs
B. OSPF dynamic routing
C. static routes
D. BGP dynamic routing
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 72
What is the reason that you want to configure VLANs on a security appliance interface?
A. for use in multiple contextmode, where you can map only VLAN interfaces to contexts
B. for use in conjunction with device-level failover to increase the reliability of your security appliance
C. to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances D. for use in transparent firewall mode, where only VLAN interfaces are used
Correct Answer: C Section: Other Explanation
Explanation/Reference:
QUESTION 73
The P4S security department would like to apply specific restrictions to one network user, Bob, because he works from home and accesses the corporate network from the outside interface of the security appliance. P4S decides to control network access for this user by using the downloadable ACL feature of the security appliance. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks should be completed in order to achieve the goal of limiting network access for Bob via downloadable ACLs? (Choose three.)
A. Configure the security appliance to use downloadable ACLs.
B. Configure the downloadable ACLs on the Cisco Secure ACS.
C. Attach the downloadable ACL to the user profile for Bob on the Cisco Secure ACS.
D. Configure the Cisco Secure ACS to use downloadable ACLs.
Correct Answer: BCD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 74
The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)
A. Configure a rule that specifies which traffic flow to authenticate.
B. Designate an authentication server.
C. Specifya AAA server group.
D. Configure per-user override.
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 75
Which two statements correctly describe the local user database in the security appliance? (Choose two.)
A. You can create user accounts with or without passwords in the local database.
B. You cannot use the local database for network access authentication.
C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
D. The default privilege level for a new user is 15.
Correct Answer: AC Section: Other Explanation
Explanation/Reference: QUESTION 76
Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
A. show run ipsec sa
B. show run crypto map
C. show ipsec sa
D. show crypto map
Correct Answer: B Section: VPN Explanation
Explanation/Reference:
QUESTION 77
Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.)
A. show disk0:
B. dir
C. show flash:
D. show memory
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 78
Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.)
A. Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.
B. Downloadable ACLs are supported using TACACS+ or RADIUS.
C. The downloadable ACL must be attached to a user or group profile on a AAA server.
D. The security appliance supports only per-user ACL authorization.
Correct Answer: AC Section: Other Explanation
Explanation/Reference:
QUESTION 79
In the default global policy, which three traffic types are inspected by default? (Choose three.)
A. TFTP
B. FTP
C. ESMTP
D. ICMP
Correct Answer: ABC Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 80
What does the redundant interface feature of the security appliance accomplish?
A. to increase the number of interfaces available to your network without requiring you to add additional physical interfaces or security appliances
B. to increase the reliability of your security appliance
C. to allow a VPN client to sendIPsec-protected traffic to another VPN user by allowing such traffic in and out of the same interface
D. to facilitate out-of-band management
Correct Answer: B Section: Other Explanation
Explanation/Reference:
Preparing Cisco 642-515 exam is not difficult now.You can prepare from Cisco 642-515 Certification or Cisco 642-515 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-515 study material notes for test preparation.Latest Cisco 642-515 study material available.