642-515 Exam Details

  • Exam Code
    :642-515
  • Exam Name
    :Securing Networks with ASA Advanced
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :92 Q&As
  • Last Updated
    :Dec 16, 2021

Cisco 642-515 Online Questions & Answers

  • Question 1:

    Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. With Cisco ASA Adaptive Security Appliance Software Version 7.x and later, which IPsec standard is not supported on the Cisco ASA security appliance?

    A. AH
    B. ESP
    C. MD5
    D. DES
    E. SHA-1
    F. AES

  • Question 2:

    As the administrator of a Cisco ASA security appliance, you have been tasked to configure SSL VPNs to require digital certificates.

    Which four configuration options are available on the Cisco ASA security appliance for digital certificate management for SSL VPNs ? (Choose four.)

    A. The Cisco ASA security appliance can be configured to have a local CA that is subordinate to an external CA.
    B. The subordinate local CA on the Cisco ASA security appliance can issue certificates to users who require a certificate for their SSL VPN connections.
    C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections.
    D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA.
    E. The Cisco ASA security appliance can be configured as a standalone local CA.
    F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections.
    G. An external CA must be used for SSL VPN users who require certificates for their SSL VPN connections.
    H. The Cisco ASA security appliance must be configured to retrieve its identity certificate from an external CA.

  • Question 3:

    Observe the following exhibit carefully. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session would trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often called TCP-over-TCP meltdown. According to the presented Cisco ASDM configuration, which Cisco ASA security appliance configuration will most likely solve this problem?

    A. Compression
    B. MTU size of 500
    C. Keepalive Messages
    D. Datagram TLS

  • Question 4:

    Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?

    A. show run ipsec sa
    B. show run crypto map
    C. show ipsec sa
    D. show crypto map

  • Question 5:

    Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.)

    A. Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.
    B. Downloadable ACLs are supported using TACACS+ or RADIUS.
    C. The downloadable ACL must be attached to a user or group profile on a AAA server.
    D. The security appliance supports only per-user ACL authorization.

  • Question 6:

    You are the administrator of a Cisco ASA security appliance. Your management has asked you to configure the Cisco ASA security appliance, using Modular Policy Framework to block executables with the .exe file extension from being

    downloaded.

    Which regular expression must you create to match the .exe file extension?

    A. .*\.[Ee][Xx][Ee.
    B. .*.[Ee][Xx][Ee]
    C. .+\.[Ee][Xx][Ee]
    D. *.exe
    E. +.exe
    F. .+.[Ee][Xx][Ee]

  • Question 7:

    Study the following exhibit carefully. You work as the network administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You are asked to use the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic to be passed to the AIP-SSM.

    On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)

    A. dmz interface
    B. outside interface
    C. globally on all interfaces
    D. Internet interface
    E. Inside interface

  • Question 8:

    Observe the exhibit carefully. You are asked to review the configuration of the clientless SSL VPN connection profile, which was created by a junior administrator. Which authentication method is configured in the clientless profile?

    A. The Cisco ASA security appliance requires AAA authenticate to the external AAA server LOCAL if the remote user does not have an identity certificate for authentication.
    B. The Cisco ASA security appliance requires a username and password if the remote user does not have an identity certificate for authentication.
    C. The Cisco ASA security appliance accepts an identity certificate or a username and password for authentication of remote users, but not both.
    D. The Cisco ASA security appliance requires both an identity certificate and username and password for authentication of remote users.

  • Question 9:

    The Cisco ASA 5520 Adaptive Security Appliance delivers a wide range of security services with Active/ Active high availability and Gigabit Ethernet connectivity for medium-sized enterprise networks, in a modular, high performance appliance. You have configured a Cisco ASA 5520 Adaptive Security Appliance as a Easy VPN hardware client. But from within Cisco ASDM, you cannot find the Easy VPN Remote configuration option within the Remote Access VPN menu. What is the reason that you can not find this configuration option within Cisco ASDM on the ASA 5520 Adaptive Security Appliance?

    A. The Easy VPN feature with the BIOS of the ASA 5520 Adaptive Security Appliance was not enabled.
    B. The version of Cisco ASDM software loaded on the Cisco ASA security appliance is corrupt.
    C. The version of Cisco ASDM software loaded on the Cisco ASA security appliance does not support the Easy VPN feature.
    D. Only the Cisco ASA 5505 Adaptive Security Appliance can be a Easy VPN hardware client.

  • Question 10:

    Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Which three Cisco Modular Policy Framework features are bidirectional? (Choose three.)

    A. AIP policy
    B. QoS input policing
    C. CSC policy
    D. QoS priority queue
    E. Application inspection
    F. QoS output policing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-515 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.