642-515 Exam Details

  • Exam Code
    :642-515
  • Exam Name
    :Securing Networks with ASA Advanced
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :92 Q&As
  • Last Updated
    :Dec 16, 2021

Cisco 642-515 Online Questions & Answers

  • Question 11:

    Recently, a branch office of your company has upgraded its network by changing the network topology of the branch, and the site-to-site VPN tunnel that runs between the branch and the corporate office has been reconfigured to perform Reverse Route Injection to accommodate the recent change. You are performing OSPF between the corporate Cisco ASA security appliance and routers on the internal network. Assume that the VPN configuration is correct, which step will be taken on the corporate Cisco ASA security appliance to make sure that these new routes are visible to internal routers running OSPF?

    A. Reverse Route Injection uses RIP, so you must add a RIP process and redistribute the learned RIP routes into OSPF.
    B. Reverse Route Injection requires that you configure a new OSPF process that will add these routes to the Cisco ASA security appliance routing table.
    C. Reverse Route Injection uses static routes, so you must configure OSPF to redistribute the static routes.
    D. Reverse Route Injection uses EIGRP, so you must add an EIGRP process and redistribute the learned EIGRP routes into OSPF.
    E. Reverse route injection requires that you add a static route for each branch-office network to the Cisco ASA security appliance routing table.

  • Question 12:

    Alexander is a network engineer of his company. He is asked to configure split tunneling to use the ACL split-tunnel for remote access IPsec VPNs. According to the exhibit below, which two Cisco ASDM configurations would tunnel traffic to the inside network and allow connected users to access their local network and the Internet? (Select two.)

    A. Option A
    B. Option B
    C. Option C

  • Question 13:

    Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).

    What is the impact of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?

    A. Masks the FTP banner.
    B. Tracks each FTP command and response sequence for certain anomalous activity.
    C. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
    D. Prevents web browsers from sending embedded commands in FTP requests.

  • Question 14:

    Refer to the exhibit. The HTTP inspection map named MY_HTTP_MAP is applied to the outside interface of the security appliance.

    As a result of this configuration, which action does the security appliance take on HTTP traffic entering its outside interface? NOTE: The CLI version of this configuration is provided here.

    regex URL_ABC ".+abc\.com"

    regex URL_DEF ".+def\.com"

    regex URL_XYZ ".+xyz\.com"

    [. . .]

    class-map OUTSIDE_CLASS

    match any

    class-map type regex match-any URLs

    match regex URL_ABC

    match regex URL_XYZ

    class-map type inspect http match-all

    RESTRICTED_HTTP

    match request body length gt 1000

    match not request uri regex class URLs

    [. . .]

    policy-map type inspect http MY_HTTP_MAP

    parameters

    protocol-violation action drop-connection

    class RESTRICTED_HTTP

    drop-connection

    policy-map OUTSIDE_POLICY

    class OUTSIDE_CLASS

    inspect http MY_HTTP_MAP

    [. . .]

    service-policy OUTSIDE_POLICY interface outside

    Exhibit:

    A. Drops any HTTP packet that is destined for def.com and has a header length greater than 1000 bytes
    B. Drops any HTTP packet destined for abc.com that has a header length greater than 1000 bytes
    C. Drops any HTTP request for xyz.com that has a body length greater than 1000 bytes
    D. Drops any HTTP request for def.com that has a body length greater than 1000 bytes
    E. Drops any HTTP packet that is destined for abc.com or has a body length greater than 1000 bytes
    F. Drops any HTTP request that is destined for xyz.com or has a header length greater than 1000 bytes

  • Question 15:

    Clientless SSL VPN (WebVPN) allows a user to securely access resources on the corporate LAN from anywhere with an SSL-enabled Web browser. You are asked to configure Telnet port forwarding to a specific server on the clientless SSL VPN portal. A clientless SSL VPN user has called to complain that after she starts the application helper, her attempts to establish a Telnet connection to 10.0.4.3 time out. If the clientless SSL VPN configuration is correct, which type of Telnet connection would you have the end user make?

    A. to 127.0.0.1 on TCP port 2300
    B. to 10.0.4.3 on TCP port 23
    C. to 127.0.0.1 on TCP port 23
    D. to 10.0.4.3 on TCP port 2300

  • Question 16:

    Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.)

    A. show disk0:
    B. dir
    C. show flash:
    D. show memory

  • Question 17:

    You work as a network administrator for your company. Study the exhibit carefully. ASDM is short for Adaptive Security Device Manager. You are responsible for multiple remote Cisco ASA security appliances administered through Cisco ASDM. Recently, you have been tasked to configure one of these Cisco ASA security appliances for SSL VPNs and are requiring a client certificate, as shown. How will this configuration affect your next ASDM connection to this Cisco ASA security appliance?

    A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
    B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
    C. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.
    D. You would be required to download the identity certificate of the remote Cisco ASA security appliance.

  • Question 18:

    You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?

    A. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
    B. The tunnel group and DSCP traffic matching criteria were configured within the Service Policy Rule Wizard.
    C. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.
    D. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.

  • Question 19:

    While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.)

    A. best effort queue
    B. round robin queue
    C. weighted fair
    D. low latency queue

  • Question 20:

    The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)

    A. Configure a rule that specifies which traffic flow to authenticate.
    B. Designate an authentication server.
    C. Specifya AAA server group.
    D. Configure per-user override.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-515 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.