642-515 Exam Details

  • Exam Code
    :642-515
  • Exam Name
    :Securing Networks with ASA Advanced
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :92 Q&As
  • Last Updated
    :Dec 16, 2021

Cisco 642-515 Online Questions & Answers

  • Question 51:

    What does the redundant interface feature of the security appliance accomplish?

    A. to increase the number of interfaces available to your network without requiring you to add additional physical interfaces or security appliances
    B. to increase the reliability of your security appliance
    C. to allow a VPN client to sendIPsec-protected traffic to another VPN user by allowing such traffic in and out of the same interface
    D. to facilitate out-of-band management

  • Question 52:

    You are the network administrator for your company. Study the exhibit carefully. You are responsible for a Cisco ASA security appliance configured with a local CA. According to the exhibit below, what is the reason that the user student1 will use this password?

    A. retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
    B. authentication to the SSL VPN server
    C. retrieval of the Cisco ASA security appliance identity certificate
    D. the initial authentication to the SSL VPN server

  • Question 53:

    Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).

    Which option is correct with regard to HTTP inspection on the Cisco Adaptive Security Appliance?

    A. HTTP traffic is inspected as it enters or exits the outside interface.
    B. HTTP traffic is inspected only as it enters any interface.
    C. Advanced HTTP inspection is applied to traffic entering the outside interface, and basic HTTP inspection is applied to traffic entering any interface.
    D. HTTP traffic is inspected as it enters or exits any interface.

  • Question 54:

    As the administrator of a Cisco ASA security appliance, you have been tasked to configure SSL VPNs to require digital certificates.

    Which four configuration options are available on the Cisco ASA security appliance for digital certificate management for SSL VPNs ? (Choose four.)

    A. The Cisco ASA security appliance can be configured to have a local CA that is subordinate to an external CA.
    B. The subordinate local CA on the Cisco ASA security appliance can issue certificates to users who require a certificate for their SSL VPN connections.
    C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections.
    D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA.
    E. The Cisco ASA security appliance can be configured as a standalone local CA.
    F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections.
    G. An external CA must be used for SSL VPN users who require certificates for their SSL VPN connections.
    H. The Cisco ASA security appliance must be configured to retrieve its identity certificate from an external CA.

  • Question 55:

    Observe the following items carefully, which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)

    A. HTTP
    B. manual
    C. FTP
    D. SCEP
    E. LDAP
    F. TFTP

  • Question 56:

    Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?

    A. No, because the reset action for headers greater than 100 bytes would be the first match.
    B. Yes, because the log action for headers greater than 200 bytes would be the last match.
    C. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
    D. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.

  • Question 57:

    What is the reason that you want to configure VLANs on a security appliance interface?

    A. for use in multiple contextmode, where you can map only VLAN interfaces to contexts
    B. for use in conjunction with device-level failover to increase the reliability of your security appliance
    C. to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances
    D. for use in transparent firewall mode, where only VLAN interfaces are used

  • Question 58:

    Which two of these choices are types of queues available on the Cisco ASA security appliance when implementing QoS? (Choose two.)

    A. Weighted fair queue
    B. Last in first out queue
    C. Policing queue
    D. Low latency queue
    E. Custom queue
    F. Best effort queue
    G. Round robin queue

  • Question 59:

    Refer to the exhibit. An administrator is editing user-specific policy. The administrator has configured a group policy for Sales to use the IP address pool that is defined by the pool VPNPOOL and to allow as many as three simultaneous logins. Based on the exhibit, when this user connects, what will be the IP address assigned to the connection and what will be the number of simultaneous logins allowed for this user? (Choose two.)

    A. The user will receive an IP address from the VPNPOOL.
    B. The user will be allowed to make only one connection.
    C. The user will be allowed to make connections up to the limit that is defined in the default group policy.
    D. The user will be assigned the IP address from the user-specific policy.
    E. The user will be allowed to make as many as three simultaneous connections
    F. The user will receive an IP address from the address pool that is defined in the default group policy.

  • Question 60:

    For configuring VLAN trunking on a security appliance interface, which three actions are mandatory? (Choose three.)

    A. associating a logical interface with a physical interface
    B. specifying a VLAN ID for asubinterface
    C. specifying a name for asubinterface
    D. specifying the maximum transmission unit for asubinterface

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-515 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.