Cisco 642-515 Online Practice
Questions and Exam Preparation
642-515 Exam Details
Exam Code
:642-515
Exam Name
:Securing Networks with ASA Advanced
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:92 Q&As
Last Updated
:Dec 16, 2021
Cisco 642-515 Online Questions &
Answers
Question 31:
Refer to the following internal channels , which two can be used for communication between the Cisco ASA AIP-SSM and the Cisco ASA security appliance? (Choose two.)
A. Control channel B. Promiscuous channel C. Inline channel D. Data channel E. Session channel F. Command channel
A. Control channel D. Data channel
Question 32:
You are the network administrator of your company. You would like to add SSL VPN Cisco AnyConnect VPN Client for use by remote users. After checking the Cisco software download site, you discovered a number of different versions of Cisco AnyConnect VPN Client Software available for download. If you know the Cisco ASA Adaptive Security Appliance Software version and the remote user's PC operating system, how to determine the appropriate version of Cisco AnyConnect VPN Client to download?
A. The version of CiscoAnyConnect VPN Client Software must only be compatible with the operating system. B. Newer versions of the CiscoAnyConnect VPN Client Software are backward compatible with earlier versions. C. The version of CiscoAnyConnect VPN Client Software and the compatible version of Cisco ASA Adaptive Security Appliance Software are based on release notes. D. All versions of the CiscoAnyConnect VPN Client Software are compatible with all releases of Cisco ASA Adaptive Security Appliance Software.
C. The version of CiscoAnyConnect VPN Client Software and the compatible version of Cisco ASA Adaptive Security Appliance Software are based on release notes.
Question 33:
As the administrator of a Cisco ASA security appliance, you have been tasked to configure SSL VPNs to require digital certificates.
Which four configuration options are available on the Cisco ASA security appliance for digital certificate management for SSL VPNs ? (Choose four.)
A. The Cisco ASA security appliance can be configured to have a local CA that is subordinate to an external CA. B. The subordinate local CA on the Cisco ASA security appliance can issue certificates to users who require a certificate for their SSL VPN connections. C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections. D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA. E. The Cisco ASA security appliance can be configured as a standalone local CA. F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections. G. An external CA must be used for SSL VPN users who require certificates for their SSL VPN connections. H. The Cisco ASA security appliance must be configured to retrieve its identity certificate from an external CA.
C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections. D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA. E. The Cisco ASA security appliance can be configured as a standalone local CA. F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections.
Question 34:
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which two steps should the Cisco Adaptive Security Applicance take on HTTP traffic entering its outside interface? (Choose two.)
A. Drops HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2. B. Forwards all HTTP request messages that are permitted by access control lists (ACLs) on the outside interface. C. Logs HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2. D. Drops HTTP request messages whose user-agent field contains the string Some_New_P2P_Client1 and the string Some_New_P2P_Client2.
A. Drops HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2. C. Logs HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
Question 35:
In which three ways can a Cisco ASA security appliance obtain a certificate revocation list from a certificate authority? (Choose three.)
A. SCEP B. FTP C. TFTP D. HTTP E. TELNET F. SCP G. LDAP
A. SCEP D. HTTP G. LDAP
Question 36:
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance with a Cisco ASA CSC- SSM. You have upgraded the CSC-SSM with a new version of software. When the upgrade has finished, you issue the show module 1 detail command; the results of the command are shown in the exhibit. Why does the command output show that the status of the CSC-SSM is "Up" when it is not activated?
A. The software upgrade image has failed to load properly. B. The software upgrade image is not the correct software image for the CSC-SSM. C. The software upgrade image loaded successfully but the CSC-SSM has not had its license applied. D. The CSC-SSM cannot communicate with the network and therefore cannot apply its configuration to network traffic. E. The CSC-SSM is in the administrative down state and is waiting to be changed to the administrative up state.
C. The software upgrade image loaded successfully but the CSC-SSM has not had its license applied.
Question 37:
Study the following exhibit carefully. You have been tasked to administrate a new Cisco ASA security appliance with a Cisco ASA CSC-SSM. You are using the CSC Setup Wizard from within Cisco ASDM to configure the CSC-SSM for traffic selection. In the process of the configuration of traffic selection, the CSC Setup Wizard asks If CSC card fails and provides two options. What will each of these options do if chosen? (Choose two.)
A. The Permit option allows traffic that is configured for CSC inspection to continue through the Cisco ASA security appliance, if the CSC card fails. B. The Close option allows traffic that is configured for CSC inspection to bypass the CSC if the CSC card fails. C. The Permit option allows the Cisco ASA security appliance to apply the CSC inspection configuration through the Cisco Modular Policy Framework, even if the CSC card fails. D. The Close option does not allow traffic that is configured for CSC inspection to continue when the CSC card fails. E. The Permit option allows traffic to continue to flow to the CSC for inspection, even when a hardware failure has been detected. F. The Close option does not allow any traffic that is traversing the Cisco ASA security appliance to continue when the CSC card fails.
A. The Permit option allows traffic that is configured for CSC inspection to continue through the Cisco ASA security appliance, if the CSC card fails. D. The Close option does not allow traffic that is configured for CSC inspection to continue when the CSC card fails.
Question 38:
You work as a network security administrator for your company. Now, you are asked to configure the corporate Cisco ASA security appliance to take the following steps on its outside interface:
--rate limit all IP traffic from telecommuting system engineers to the insidehost --drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes --prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server
In order to achieve this objective, which set of Modular Policy Framework components will be included?
A. one Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map B. two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map C. one Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer 3/4 policy map D. three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
C. one Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer 3/4 policy map
Question 39:
While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.)
A. best effort queue B. round robin queue C. weighted fair D. low latency queue
A. best effort queue D. low latency queue
Question 40:
You work as a network engineer for your company. Recently, you have been tasked with verifying the Cisco ASA security appliance interfaces that are used for a web connection from the Internet to a DMZ web server. According to the presented Configuration > Device Setup > Interfaces pane, which two interfaces will a connection traverse when it is coming from the Internet and connecting to the web server with the IP address 172.16.20.10? (Choose two.)
A. GigabitEthernet0/2.30 B. Management0/0 C. GigabitEthernet0/2.20 D. GigabitEthernet0/0 E. GigabitEthernet0/1 F. GigabitEthernet0/2.10
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 642-515 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.