Tag: Cisco 642-515

Cisco 642-515 Certification, Latest Updated Cisco 642-515 Questions And Answers With Low PriceCisco 642-515 Certification, Latest Updated Cisco 642-515 Questions And Answers With Low Price

Where to free download the new Cisco 642-515 exam questions to pass the exam easily? Now,Flydumps has publised the new version of Cisco 642-515 exam dumps with new added exam questions.you can also get free VCE and PDF, and the new Cisco 642-515 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!

QUESTION 60
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
What is the impact of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?

A. Masks the FTP banner.
B. Tracks each FTP command and response sequence for certain anomalous activity.
C. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
D. Prevents web browsers from sending embedded commands in FTP requests.

Correct Answer: C Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 61
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which two impacts are of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?

A. Prevents all users except “root” from accessing the path /root.
B. Logs all attempts to download files from the FTP server on the inside interface.
C. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.
D. Resets connections that send embedded commands.

Correct Answer: CD Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 62
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which option is correct with regard to HTTP inspection on the Cisco Adaptive Security Appliance?

A. HTTP traffic is inspected as it enters or exits the outside interface.
B. HTTP traffic is inspected only as it enters any interface.
C. Advanced HTTP inspection is applied to traffic entering the outside interface, and basic HTTP inspection is applied to traffic entering any interface.
D. HTTP traffic is inspected as it enters or exits any interface.

Correct Answer: A Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 63
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which step will be taken by the Cisco Adaptive Security Appliance on FTP traffic entering its outside interface?

A. Masks the FTP greeting banner.
B. Translates embedded IP addresses.
C. Blocks the FTP request commands APPE, GET, RNFR, RNTO, DELE, MKD, and RMD.
D. Prevents all users except “root” from accessing the path/root.

Correct Answer: B Section: Firewall/Policys Explanation Explanation/Reference:
QUESTION 64
Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins?
A. web-enabled applications
B. Microsoft Outlook Web Access
C. files on the network, via FTP or the CIFS protocol
D. internal websites

Correct Answer: ABCD Section: VPN Explanation
Explanation/Reference:
QUESTION 65
While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.)
A. best effort queue
B. round robin queue
C. weighted fair
D. low latency queue

Correct Answer: AD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 66
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is notenabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.

Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 67
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.

Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 68
Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Study the following exhibit carefully. What does Reverse Route Injection enable in this configuration?

A. The Cisco ASA security appliance will advertise its default routes to the distant end of the site- to-site VPN tunnel.
B. The Cisco ASA security appliance will advertise routes that are at the distant end of the site-to- site VPN tunnel.
C. The Cisco ASA security appliance will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.
D. The Cisco ASA security appliance will advertise routes from the dynamic routing protocol that is running on the Cisco ASA security appliance to the distant end of the site-to-site VPN tunnel.

Correct Answer: B Section: Other Explanation
Explanation/Reference: QUESTION 69
Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.)
A. The security appliance scanning threat detection feature is based on traffic signatures.
B. The threat detection feature can help you determine the level of severity for packets that are detected and dropped by the security appliance inspection engines.
C. Because of their impact on performance, both basic threat detection and scanning threat detection are disabled by default.
D. Scanning threat detection detects network sweeps and scans and optionally takes appropriate preventative action.

Correct Answer: BD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 70
For configuring VLAN trunking on a security appliance interface, which three actions are mandatory? (Choose three.)
A. associating a logical interface with a physical interface
B. specifying a VLAN ID for asubinterface
C. specifying a name for asubinterface
D. specifying the maximum transmission unit for asubinterface

Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 71
Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)
A. 802.1Q VLANs
B. OSPF dynamic routing
C. static routes
D. BGP dynamic routing

Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 72
What is the reason that you want to configure VLANs on a security appliance interface?
A. for use in multiple contextmode, where you can map only VLAN interfaces to contexts
B. for use in conjunction with device-level failover to increase the reliability of your security appliance
C. to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances D. for use in transparent firewall mode, where only VLAN interfaces are used

Correct Answer: C Section: Other Explanation
Explanation/Reference:
QUESTION 73
The P4S security department would like to apply specific restrictions to one network user, Bob, because he works from home and accesses the corporate network from the outside interface of the security appliance. P4S decides to control network access for this user by using the downloadable ACL feature of the security appliance. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks should be completed in order to achieve the goal of limiting network access for Bob via downloadable ACLs? (Choose three.)
A. Configure the security appliance to use downloadable ACLs.
B. Configure the downloadable ACLs on the Cisco Secure ACS.
C. Attach the downloadable ACL to the user profile for Bob on the Cisco Secure ACS.
D. Configure the Cisco Secure ACS to use downloadable ACLs.

Correct Answer: BCD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 74
The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)
A. Configure a rule that specifies which traffic flow to authenticate.
B. Designate an authentication server.
C. Specifya AAA server group.
D. Configure per-user override.

Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 75
Which two statements correctly describe the local user database in the security appliance? (Choose two.)
A. You can create user accounts with or without passwords in the local database.
B. You cannot use the local database for network access authentication.
C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
D. The default privilege level for a new user is 15.

Correct Answer: AC Section: Other Explanation
Explanation/Reference: QUESTION 76
Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
A. show run ipsec sa
B. show run crypto map
C. show ipsec sa
D. show crypto map

Correct Answer: B Section: VPN Explanation
Explanation/Reference:
QUESTION 77
Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.)
A. show disk0:
B. dir
C. show flash:
D. show memory

Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 78
Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.)
A. Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.
B. Downloadable ACLs are supported using TACACS+ or RADIUS.
C. The downloadable ACL must be attached to a user or group profile on a AAA server.
D. The security appliance supports only per-user ACL authorization.

Correct Answer: AC Section: Other Explanation
Explanation/Reference:
QUESTION 79
In the default global policy, which three traffic types are inspected by default? (Choose three.)
A. TFTP
B. FTP
C. ESMTP
D. ICMP

Correct Answer: ABC Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 80
What does the redundant interface feature of the security appliance accomplish?
A. to increase the number of interfaces available to your network without requiring you to add additional physical interfaces or security appliances
B. to increase the reliability of your security appliance
C. to allow a VPN client to sendIPsec-protected traffic to another VPN user by allowing such traffic in and out of the same interface
D. to facilitate out-of-band management

Correct Answer: B Section: Other Explanation
Explanation/Reference:

Preparing Cisco 642-515 exam is not difficult now.You can prepare from Cisco 642-515 Certification or Cisco 642-515 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-515 study material notes for test preparation.Latest Cisco 642-515 study material available.

Cisco 642-515 Brain Demos, Most Popular Cisco 642-515 Answers Covers All Key PointsCisco 642-515 Brain Demos, Most Popular Cisco 642-515 Answers Covers All Key Points

[The Newest Dumps] Real Cisco 642-515 exam dumps revised by experts, they were updated with the change of the Cisco 642-515 ,covering all the whole aspects of Cisco 642-515 exam. Just have a training of Flydumps Cisco 642-515 exam questions to guarantee your 100% pass

QUESTION 51
The IT department of your company must perform a custom-built TCP application within the clientless SSL
VPN portal configured on your Cisco ASA security appliance. The application should be run by users who
have either guest or normal user mode privileges.
In order to allow this application to run, how to configure the clientless SSL VPN portal?

A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application

Correct Answer: A Section: VPN Explanation
Explanation/Reference:
QUESTION 52
Which major benefit do digital certificates provide when deploying IPsec VPN tunnels?
A. Resiliency
B. Obfuscation
C. Simplification
D. Scalability

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. As the administrator of a Cisco ASA security appliance for remote access IPsec VPNs,
you are assisting a user who has a digital certificate that is configured for the Cisco VPN Client.
Based on the exhibit, how would you find the MD5 and SHA-1 thumb print of the certificate?
A. Choose the certificate and then click the Certificate drop-down menu.
B. Choose the certificate and then click Options > Properties.
C. Choose the certificate and then click the View button.
D. Choose the certificate and then click the Verify button.

Correct Answer: C Section: Cert Authentication Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which will use digital certificates for authentication. Which protocol will the Cisco VPN client use to retrieve the digital certificate from the CA server?

A. FTP
B. HTTPS
C. TFTP
D. LDAP
E. SCEP

Correct Answer: E Section: Cert Authentication Explanation
Explanation/Reference:
QUESTION 55
Refer to the exhibit. A junior Cisco ASA security appliance administrator has asked for your help in configuring a Cisco ASA security appliance for an identity certificate to be used for IPsec VPNs. Based on the two Cisco ASDM configuration screens that are shown, what is needed to configure the Cisco ASA security appliance for an identity certificate?
Exhibit:

A. To retrieve an identity certificate, a new pair of RSA keys must be created.
B. To retrieve an identity certificate, the Cisco ASA security appliance must have the certificate of the CA.
C. To retrieve an identity certificate, the common name must be an FQDN.
D. The Cisco ASA security appliance doesn’t need to retrieve an identity certificate. It can use a self-signed identity certificate for IPsec.
E. Because of the lack of a CA certificate, the administrator must import the identity certificate from a file.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 56
SSL VPNs can provide increased flexibility over IPsec VPNs, based on the location of the client and ownership of the endpoint. However, security of the endpoint is a potential problem. Which three of these potential security issues can the Cisco ASA security appliance address through SSL VPN policies or features? (Select three.)
A. SSL attacks
B. Malware
C. Phishing
D. Spoofing
E. Viruses
F. Spyware

Correct Answer: BEF Section: (none) Explanation
Explanation/Reference:
QUESTION 57
You have been tasked with configuring access for development partners using the clientless SSL VPN portal on your Cisco ASA security appliance. These partners need access to the desktop of internal development servers. Which three of these configurations for the clientless SSL VPN portal would allow these partners to access the desktop of remote servers? (Choose three.)
A. RDP bookmark using the RDP plug-in
B. Xwindows bookmark using the Xwindows plug-in
C. Telnet bookmark using the Telnet plug-in
D. Citrix plugin using the Citrix plug-in
E. SSH bookmark using the SSH plug-in
F. VNC bookmark using the VNC plug-in

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?
A. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
B. The tunnel group and DSCP traffic matching criteria were configured within the Service Policy Rule Wizard.
C. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.
D. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59

You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which two actions does the Cisco Adaptive Security Applicance take on HTTP traffic entering its outside interface? (Choose two.)
A. Drops HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
B. Logs HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.

Correct Answer: AB Section: Case Study Explanation
Explanation/Reference:
QUESTION 60

You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
What is the effect of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?
A. Has no effect on the behavior of the Cisco Adaptive Security Appliance.

Correct Answer: A Section: Case Study Explanation
Explanation/Reference:
QUESTION 61

You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
What are the two effects of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?
A. Resets connections that send embedded commands.
B. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.

Correct Answer: AB Section: Case Study Explanation
Explanation/Reference:
QUESTION 62

You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which statement is true about HTTP inspection on the Cisco Adaptive Security Appliance?
A. HTTP traffic is inspected as it enters or exits the outside interface.

Correct Answer: A Section: Case Study Explanation
Explanation/Reference:
QUESTION 63

You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which action does the Cisco Adaptive Security Appliance take on FTP traffic entering its outside interface?
A. Translates embedded IP addresses.

Correct Answer: A Section: Case Study Explanation
Explanation/Reference:

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, Cisco 642-515 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-515 exam the first time.