642-515 Exam Details

  • Exam Code
    :642-515
  • Exam Name
    :Securing Networks with ASA Advanced
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :92 Q&As
  • Last Updated
    :Dec 16, 2021

Cisco 642-515 Online Questions & Answers

  • Question 81:

    Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Study the following exhibit carefully. What does Reverse Route Injection enable in this configuration?

    A. The Cisco ASA security appliance will advertise its default routes to the distant end of the site- to-site VPN tunnel.
    B. The Cisco ASA security appliance will advertise routes that are at the distant end of the site-to- site VPN tunnel.
    C. The Cisco ASA security appliance will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.
    D. The Cisco ASA security appliance will advertise routes from the dynamic routing protocol that is running on the Cisco ASA security appliance to the distant end of the site-to-site VPN tunnel.

  • Question 82:

    You have configured two SSL VPN certificate-to-connection profile mappings for all users and Sales users. The connection profiles for the Sales users are not being applied when the users connect. Based on the configuration that is shown, what would cause this issue?

    A. The priority of the RASSL4SALES mapping is too high and needs to be lower than the priority of the RASSL4ALL mapping.
    B. The priority of the RASSL4ALL mapping is too low and it needs to be increase but not more than the priority of the RASSL4SALES mapping.
    C. The priority of the RASSL4ALL mapping is not low enough and it needs to be lowered to 1.
    D. The matching criteria for the RASSL4SALES mapping is too specific and should match something more generic.

  • Question 83:

    You work as a network administrator for your company. Recently, you have been tasked to configure access for development partners by use of the clientless SSL VPN portal on your Cisco ASA security appliance. These partners want to access to the desktop of internal development servers. Which three configurations for the clientless SSL VPN portal can achieve this goal? (Choose three.)

    A. RDP bookmark using the RDP plug-in
    B. Citrix plugin using the Citrix plug-in
    C. VNC bookmark using the VNC plug-in
    D. SSH bookmark using the SSH plug-in
    E. Xwindows bookmark using the Xwindows plug-in
    F. Telnet bookmark using the Telnet plug-in

  • Question 84:

    The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)

    A. Configure a rule that specifies which traffic flow to authenticate.
    B. Designate an authentication server.
    C. Specifya AAA server group.
    D. Configure per-user override.

  • Question 85:

    Cisco ASA 5500 Series Adaptive Security Appliances are easy-to-deploy solutions that integrate world- class firewall, Unified Communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. You are asked to configure a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. In the process of configuration, you defined a list of backup servers for the security appliance to use. After several hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?

    A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
    B. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured.
    C. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
    D. The group policy that was configured on the primary VPN server was pushed to your Easy VPN client and overwrote the list of backup servers that you had configured.

  • Question 86:

    What are the three main components of Cisco Modular Policy Framework? (Choose three.)

    A. Security policy
    B. Policy map
    C. Security map
    D. Route map
    E. Class map
    F. Interface map
    G. Traffic policy
    H. Service policy

  • Question 87:

    Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of troubleshooting, you determine to make configuration changes. According to the provided Cisco ASDM configuration, which configuration change will you begin with?

    A. Require a client certificate on the interface.
    B. Enable an SSL VPN client type on the interface.
    C. Enable DTLS on the interface.
    D. Enable a different access port that doesn't conflict with Cisco ASDM.

  • Question 88:

    Which two statements correctly describe the local user database in the security appliance? (Choose two.)

    A. You can create user accounts with or without passwords in the local database.
    B. You cannot use the local database for network access authentication.
    C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
    D. The default privilege level for a new user is 15.

  • Question 89:

    Cisco ASA 5505 Adaptive Security Appliance is designed for providing high-performance security services. Study the following exhibit carefully. You are asked to configure a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. When the telecommuter using the ASA 5505 Adaptive Security Appliance for remote access first tries to connect to resources on the corporate network, he is prompted for authentication. Which two group policy features will require authentication, even if a username and password are configured on the Easy VPN hardware client? (Select two.)

    A. Individual User Authentication
    B. Certificate Authentication
    C. Secure Unit Authentication
    D. Extended Authentication
    E. Remote User Authentication
    F. Group Authentication

  • Question 90:

    DAP is short for Dynamic Access Policies. You are configuring a DAP for SSL VPN connections to your Cisco ASA security appliance. You add an Endpoint Attribute Type of "File" and select the Endpoint ID of "10," according to the presented configuration. Within which area of the Cisco ASA security appliance configuration is this endpoint attribute defined?

    A. SSL VPN connection profile
    B. SSL VPN group policy
    C. user-specific policy
    D. Cisco Secure Desktop
    E. DAP policy

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-515 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.