642-515 Exam Details

  • Exam Code
    :642-515
  • Exam Name
    :Securing Networks with ASA Advanced
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :92 Q&As
  • Last Updated
    :Dec 16, 2021

Cisco 642-515 Online Questions & Answers

  • Question 21:

    The IT department of your company must perform a custom-built TCP application within the clientless SSL VPN portal configured on your Cisco ASA security appliance. The application should be run by users who have either guest or normal user mode privileges. In order to allow this application to run, how to configure the clientless SSL VPN portal?

    A. configure a smart tunnel for the application
    B. configure a bookmark for the application
    C. configure the plug-in that best fits the application
    D. configure port forwarding for the application

  • Question 22:

    Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.)

    A. The security appliance scanning threat detection feature is based on traffic signatures.
    B. The threat detection feature can help you determine the level of severity for packets that are detected and dropped by the security appliance inspection engines.
    C. Because of their impact on performance, both basic threat detection and scanning threat detection are disabled by default.
    D. Scanning threat detection detects network sweeps and scans and optionally takes appropriate preventative action.

  • Question 23:

    Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins?

    A. web-enabled applications
    B. Microsoft Outlook Web Access
    C. files on the network, via FTP or the CIFS protocol
    D. internal websites

  • Question 24:

    Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)

    A. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
    B. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
    C. If inspection for a protocol is notenabled, traffic for that protocol may be blocked.
    D. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.

  • Question 25:

    Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of troubleshooting, you determine to make configuration changes. According to the provided Cisco ASDM configuration, which configuration change will you begin with?

    A. Require a client certificate on the interface.
    B. Enable an SSL VPN client type on the interface.
    C. Enable DTLS on the interface.
    D. Enable a different access port that doesn't conflict with Cisco ASDM.

  • Question 26:

    Alex is tasked with installing a digital certificate for a Cisco VPN Client on a laptop for a user. What is the reason that the certificate is in an "invalid:not active" state?

    A. The certificate passphrase must be sent to the CA for validation.
    B. The time on the CA server and the time on the laptop are out of sync.
    C. The certificate number of "0" indicates that the certificate has expired.
    D. The user has not clicked the Verify button within the Cisco VPN Client.
    E. The user has not attempted a VPN connection to the Cisco ASA security appliance.

  • Question 27:

    Annie is a network administrator of her company. She is responsible for a Cisco ASA security appliance. Using a valid identity certificate from her certificate authority, she has created the necessary configuration for remote-access VPN tunnels by use of the IPsec VPN Wizard. When she tests the remote-access VPN, the VPN tunnel does not come up. If the remote-access VPN configuration created by the wizard is correct and valid certificates are being used by the Cisco ASA security appliance and Cisco VPN Client, which corrective action should be configured or corrected for the VPN tunnel to come up properly?

    A. The IKE phase two configuration is not part of the IPsec VPN Wizard configuration and must be configured.
    B. NAT-Transparency configuration is not part of theIPsec VPN Wizard configuration and must be configured.
    C. The IKE phase one configuration is not part of the IPsec VPN Wizard configuration and must be configured.
    D. The mapping of digital certificates to connection profile is not part of the IPsec VPN Wizard configuration and must be configured.
    E. The crypto ACL configuration is not part of the IPsec VPN Wizard configuration and must be configured.

  • Question 28:

    The following exhibit shows a Cisco ASA security appliance configured to participate in a VPN cluster. According to the exhibit, to which value will you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?

    A. 10
    B. 100
    D. 1

  • Question 29:

    You are a network engineer of your company. Recently, you have been tasked to configure Cisco ASA security appliance for EIGRP routing. Which two Cisco ASDM configurations will add these networks to the configuration of EIGRP according to the information displayed in the exhibit? (Choose two.)

    A. Option A
    B. Option B
    C. Option C
    D. Option D
    E. Option E
    F. Option F

  • Question 30:

    Which three of these choices are potential groups of users for clientless SSL VPNs? (Choose three.)

    A. Partners who access specific internal applications from desktops and laptops that are not managed by IT
    B. Administrators who need to manage servers and networking equipment
    C. Temporary or remote employees who only rarely need access to a few applications
    D. Employees who need access to a wide range of corporate applications
    E. Customers who use a customer service kiosk placed in a retail store
    F. Remote employees who need daily access to the internal corporate network

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-515 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.