642-515 exam
642-515 SNAA
Securing Networks with ASA Advanced
Exam Number: 642-515
Associated Certifications: CCSP
Duration: 90 minutes (55 – 65 questions)
Available Languages: English, Japanese
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Register for Course: SNAA courses and other offerings
Exam Description
The Securing Networks with ASA Advanced exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNAA course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco ASA Security Appliance product.
Exam Topics
The following topics are general guidelines for the content likely to be included. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
642-515 SNAA Exam Topics
Recommended Training
Securing Networks with ASA Advanced (SNAA) is the recommended training for this exam.
Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.
Additional Resources
A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.QUESTION: 13
Which two internal channels are used for communication between the Cisco ASA AIP-SSM
and the Cisco ASA security appliance? (Choose two.)
A. Session channel
B. Command channel
C. Inline channel
D. Promiscuous channel
E. Control channel
F. Data channel
Answer: E, F
QUESTION: 14
Refer to the exhibit. An administrator is editing user-specific policy. The administrator has configured a group policy for Sales to use the IP address pool that is defined by the pool VPNPOOL and to allow as many as three simultaneous logins. Based on the exhibit, when this user connects, what will be the IP address assigned to the connection and what will be the number of simultaneous logins allowed for this user? (Choose two.)
A. The user will receive an IP address from the VPNPOOL.
B. The user will be allowed to make only one connection.
C. The user will be allowed to make connections up to the limit that is defined in the default group policy.
D. The user will be assigned the IP address from the user-specific policy.
E. The user will be allowed to make as many as three simultaneous connections.
F. The user will receive an IP address from the address pool that is defined in the default group policy.
Answer: B, D
QUESTION: 15
Which three Cisco Modular Policy Framework features are bidirectional? (Choose three.)
A. AIP policy
B. QoS input policing
C. CSC policy
D. QoS priority queue
E. Application inspection
F. QoS output policing
Answer: A, C, E
QUESTION: 16
You have been tasked to configure your Cisco ASA security appliance for multiple VLANs that use one physical interface. You must make sure that the switch in which the physical Cisco ASA security appliance interface is connected has been configured for the appropriate VLAN tagging protocol. Which VLAN tagging protocol will the Cisco ASA security appliance use to communicate with this switch?
A. IEEE 802.1X
B. IEEE 802.1Q
C. IEEE 802.1AE
D. ISL
E. IEEE 802.3
Answer: B
QUESTION: 17
Refer to the exhibit. If a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool would the Cisco ASA security appliance use for the NAT?
A. 192.168.8.101 – 192.168.8.105
B. 192.168.8.106 – 192.168.8.110
C. 192.168.8.20 – 192.168.8.110
D. 192.168.8.20 – 192.168.8.100
Answer: D
QUESTION: 18
You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?
A. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.
B. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
C. The tunnel group and DSCP traffic matching criteria were configured within the Service
Policy Rule Wizard.
D. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.
Answer: A
QUESTION: 19
What are the three main components of Cisco Modular Policy Framework? (Choose three.)
A. Security policy
B. Policy map
C. Security map
D. Route map
E. Class map
F. Interface map
G.Traffic policy
H. Service policy
Answer: B, E, H
QUESTION: 20
When configuring port forwarding for a clientless SSL VPN connection, which end user privilege level is required at the endpoint if port forwarding is to work?
A. Guest level
B. Administrator level
C. System level
D. User level
Answer: B
QUESTION: 21
You are configuring bookmarks for the clientless SSL VPN portal on your Cisco ASA security appliance. Which four of these choices are supported bookmark types? (Choose four.)
A. RDP
B. HTTP
C. SSH
D. HTTPS
E. Telnet
F. FTP
G. CIFS
Answer: B, D, F, G
QUESTION: 22
Refer to the exhibit. You have been asked to verify the Cisco ASA security appliance interfaces that are used for a web connection from the Internet to a DMZ web server. Based on the Configuration > Device Setup > Interfaces pane that is shown, which two interfaces will a connection traverse when it is coming from the Internet and connecting to the web server with the IP address 172.16.20.10? (Choose two.)
A. GigabitEthernet0/0
B. GigabitEthernet0/1
C. GigabitEthernet0/2.10
D. GigabitEthernet0/2.20
E. GigabitEthernet0/2.30
F. Management0/0
Answer: A, D
QUESTION: 23
Refer to the exhibit. Based on the Configuration > Device Setup > Interfaces pane that is shown, what is the model number of this Cisco ASA security appliance?
***Exhibit Missing***
A. Cisco ASA 5505 Adaptive Security Appliance
B. Cisco ASA 5510 Adaptive Security Appliance
C. Cisco ASA 5520 Adaptive Security Appliance
D. Cisco ASA 5540 Adaptive Security Appliance
E. Cisco ASA 5550 Adaptive Security Appliance F. Cisco ASA 5580 Adaptive Security Appliance
Answer: A
