passguide ccsp 642-515 test questions
Questions and Answers : 91 Q&AsLatest Update: December-14th 2009Price: $125.99 $69.99
Product Description
Exam Number/Code: 642-515
Exam Name: Securing Networks with ASA Advanced
For candidates making preparation for the Cisco 642-515 exam, what they most desire is to easily pass the 642-515 (Securing Networks with ASA Advanced) exam. PassGuide 642-515 includes 91 questions and answers, which are collected and collated by experts of Cisco. With our 642-515 study materials, you can successfully take Cisco certification of 642-515 exam and go further on Cisco career path.
Free 642-515 Demo
Download Demo of Cisco 642-515 exam for free (in PDF format ) before you decide to purchase it. Thus,you can know better about the quality of our practice exam and then make your right decision.
Cisco 642-515
Securing Networks with ASA Advanced
Q&A V3.20
www.PassGuide.com
(C) Copyright 2006-2009 CertBible Tech LTD,All Rights Reserved.
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not
missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 120 days after the purchase. You should check your
member zone at PassGuide an update 3-4 days before the scheduled exam date.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.
Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————
Copyright
Each pdf file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular pdf file is
being distributed by you, CertBible reserves the right to take legal action against you
according to the International Copyright Laws.
QUESTION: 1
Refer to the exhibit. You are configuring a Cisco ASA security appliance to participate in a VPN cluster. Based on the exhibit, to which value would you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?
A. 0
B. 1
C. 10
D. 100
Answer: C
QUESTION: 2
Refer to the exhibit. You are the administrator of multiple remote Cisco ASA security appliances, which are administered through Cisco ASDM. You recently configured one of these Cisco ASA security appliances for SSL VPNs and are requiring a client certificate, as shown. How would this configuration affect your next ASDM connection to this Cisco ASA security appliance?
A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
C. You would be required to download the identity certificate of the remote Cisco ASA security appliance.
D. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.
Answer: D
QUESTION: 3
Refer to the exhibit. You are the administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You have been tasked to deploy the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic that is to be passed to the AIP-SSM. On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)
A. Inside interface
B. Dmz interface
C. Internet interface
D. Globally on all interfaces
E. Outside interface
Answer: B, E
QUESTION: 4
Refer to the exhibit. You are configuring the Cisco ASA security appliance as the hub in a hub- and-spoke site-to-site VPN. Which of these configurations will enable traffic to flow between spokes?
A.
B.
C.
D
Answer: D
QUESTION: 5
Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?
A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
C. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
D. Yes, because the log action for headers greater than 200 bytes would be the last match.
Answer: A
QUESTION: 6
Refer to the exhibit. The network security administrator for XYZ Corporation wants to configure the corporate Cisco ASA security appliance to take the following actions on its outside interface:
–rate limit all IP traffic from telecommuting system engineers to the insidehost
–drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes
–prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server Which set of Modular Policy Framework components will be involved in accomplishing this goal?
A. One Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer ¾
policy map
B. One Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
C. Two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
D. Three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
Answer: A
QUESTION: 7
Refer to the exhibit. You have configured a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. During the configuration, you defined a list of backup servers for the security appliance to use. After a few hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?
A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
B. The group policy that was configured on the primary VPN server was pushed to your Easy
VPN client and overwrote the list of backup servers that you had configured.
C. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured. D. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
Answer: B
QUESTION: 8
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance that is configured with a local CA. Based on the exhibit, for which purpose would the user student1 use this password?
A. Authentication to the SSL VPN server
B. Retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
C. Retrieval of the Cisco ASA security appliance identity certificate
D. The initial authentication to the SSL VPN server
Answer: B
QUESTION: 9
Refer to the exhibit. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session will trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often referred to as TCP-over-TCP meltdown. Based on the Cisco ASDM configuration that is shown, which Cisco ASA security appliance configuration will help alleviate this problem?
A. Keepalive Messages
B. Compression
C. MTU size of 500
D. Datagram TLS
Answer: D
QUESTION: 10
Refer to the exhibit. You have been tasked with configuring your Cisco ASA security appliance for EIGRP routing. Based on the information that is provided in the exhibit, which two Cisco ASDM configurations will add these networks to the configuration of EIGRP?
A.
B.
C.
Answer: A
QUESTION: 11
Which two of these choices are types of queues available on the Cisco ASA security appliance when implementing QoS? (Choose two.)
A. Weighted fair queue
B. Last in first out queue
C. Policing queue
D. Low latency queue
E. Custom queue
F. Best effort queue
G. Round robin queue
Answer: D, F
QUESTION: 12
Refer to the exhibit. The FTP inspection map named L7FTPPOLICY is applied to the outside interface of the security appliance. As a result of this configuration, which of the following actions does the security appliance take on FTP traffic entering its outside interface?
A. Resets and logs connections from any user who attempts to retrieve files via FTP; resets connections from xyz.com users who attempt to deliver files via FTP
B. Resets connections from abc.com and xyz.com users when they attempt to retrieve files via
FTP; logs any user connections that attempt to deliver files via FTP
C. Resets and logs connections from abc.com users when they attempt to retrieve files via FTP; resets all FTP connections from xyz.com users; resets any user connections that attempt to deliver files via FTP
D. Resets and logs connections from abc.com users only when they attempt to retrieve files via FTP: resets connections from xyz.com users only when they attempt to deliver files via FTP
Answer: C
QUESTION: 13
Which two internal channels are used for communication between the Cisco ASA AIP-SSM
and the Cisco ASA security appliance? (Choose two.)
A. Session channel
B. Command channel
C. Inline channel
D. Promiscuous channel
E. Control channel
F. Data channel
Answer: E, F
QUESTION: 14
Refer to the exhibit. An administrator is editing user-specific policy. The administrator has configured a group policy for Sales to use the IP address pool that is defined by the pool VPNPOOL and to allow as many as three simultaneous logins. Based on the exhibit, when this user connects, what will be the IP address assigned to the connection and what will be the number of simultaneous logins allowed for this user? (Choose two.)
A. The user will receive an IP address from the VPNPOOL.
B. The user will be allowed to make only one connection.
C. The user will be allowed to make connections up to the limit that is defined in the default group policy.
D. The user will be assigned the IP address from the user-specific policy.
E. The user will be allowed to make as many as three simultaneous connections.
F. The user will receive an IP address from the address pool that is defined in the default group policy.
Answer: B, D
QUESTION: 15
Which three Cisco Modular Policy Framework features are bidirectional? (Choose three.)
A. AIP policy
B. QoS input policing
C. CSC policy
D. QoS priority queue
E. Application inspection
F. QoS output policing
Answer: A, C, E
QUESTION: 16
You have been tasked to configure your Cisco ASA security appliance for multiple VLANs that use one physical interface. You must make sure that the switch in which the physical Cisco ASA security appliance interface is connected has been configured for the appropriate VLAN tagging protocol. Which VLAN tagging protocol will the Cisco ASA security appliance use to communicate with this switch?
A. IEEE 802.1X
B. IEEE 802.1Q
C. IEEE 802.1AE
D. ISL
E. IEEE 802.3
Answer: B
QUESTION: 17
Refer to the exhibit. If a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool would the Cisco ASA security appliance use for the NAT?
A. 192.168.8.101 – 192.168.8.105
B. 192.168.8.106 – 192.168.8.110
C. 192.168.8.20 – 192.168.8.110
D. 192.168.8.20 – 192.168.8.100
Answer: D
QUESTION: 18
You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?
A. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.
B. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
C. The tunnel group and DSCP traffic matching criteria were configured within the Service
Policy Rule Wizard.
D. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.
Answer: A
QUESTION: 19
What are the three main components of Cisco Modular Policy Framework? (Choose three.)
A. Security policy
B. Policy map
C. Security map
D. Route map
E. Class map
F. Interface map
G.Traffic policy
H. Service policy
Answer: B, E, H
QUESTION: 20
When configuring port forwarding for a clientless SSL VPN connection, which end user privilege level is required at the endpoint if port forwarding is to work?
A. Guest level
B. Administrator level
C. System level
D. User level
Answer: B
Recent Comments