642-515 pracitce test questions
PassGuide Engine Features
Quality and Value for the 642-515 Exam
PassGuide Practice Exams for Cisco CCSP 642-515 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-515 Exam
If you do not pass the CCSP 642-515 exam (Securing Networks with ASA Advanced) on your first attempt using our PassGuide testing engine, we will give you a FULL REFUND of your purchasing fee.
Downloadable, Interactive 642-515 Testing engines
Our Securing Networks with ASA Advanced Exam Preparation Material provides you everything you will need to take a CCSP certification examination. Details are researched and produced by Cisco Certification Experts who are constantly using industry experience to produce precise, and logical.
QUESTION: 39
Which two types of digital certificate enrollment processes are available for the Cisco ASA
security appliance? (Choose two.)
A. LDAP
B. FTP
C. HTTP
D. SCEP
E. Manual
F. TFTP
Answer: D, E
QUESTION: 40
With Cisco ASA Adaptive Security Appliance Software Version 7.x and later, which IPsec standard is not supported on the Cisco ASA security appliance?
A. SHA-1
B. DES C. MD5
D. ESP E. AH F. AES
Answer: E
QUESTION: 41
Refer to the exhibit. You have configured Telnet port forwarding to a specific server on the clientless SSL VPN portal. A clientless SSL VPN user has called to complain that after she starts the application helper, her attempts to establish a Telnet connection to 10.0.4.3 time out. Assuming that the clientless SSL VPN configuration is correct, which type of Telnet connection would you have the end user make?
A. To 10.0.4.3 on TCP port 2300
B. To 10.0.4.3 on TCP port 23
C. To 127.0.0.1 on TCP port 23
D. To 127.0.0.1 on TCP port 2300
Answer: D
QUESTION: 42
Refer to the exhibit. You are configuring a DAP for SSL VPN connections to your Cisco ASA security appliance. You add an Endpoint Attribute Type of “File” and select the Endpoint ID of “10,” based on the configuration that is shown. Within which area of the Cisco ASA security appliance configuration is this endpoint attribute defined?
A. DAP policy
B. SSL VPN group policy
C. SSL VPN connection profile
D. user-specific policy
E. Cisco Secure Desktop
Answer: E
QUESTION: 43
Which three of these choices are potential groups of users for clientless SSL VPNs? (Choose three.)
A. Partners who access specific internal applications from desktops and laptops that are not managed by IT
B. Administrators who need to manage servers and networking equipment
C. Temporary or remote employees who only rarely need access to a few applications
D. Employees who need access to a wide range of corporate applications
E. Customers who use a customer service kiosk placed in a retail store
F. Remote employees who need daily access to the internal corporate network
Answer: A, C, E
QUESTION: 44
Refer to the exhibit. What does Reverse Route Injection enable in this configuration?
A. The Cisco ASA security appliance will advertise routes that are at the distant end of the site- to- site VPN tunnel.
B. The Cisco ASA security appliance will advertise its default routes to the distant end of the site- to-site VPN tunnel.
C. The Cisco ASA security appliance will advertise routes that are on its side of the site-to-site
VPN tunnel to the distant end of the site-to-site VPN tunnel.
D. The Cisco ASA security appliance will advertise routes from the dynamic routing protocol that is running on the Cisco ASA security appliance to the distant end of the site-to-site VPN tunnel.
Answer: A
QUESTION: 45
Refer to the exhibit. You have been tasked with configuring split tunneling to use the ACL split- tunnel for remote access IPsec VPNs. Based on the exhibit, which two of these Cisco ASDM configurations would tunnel traffic to the inside network and allow connected users to access their local network and the Internet? (Select two.)
A.
B.
C.
Answer: B, C
QUESTION: 46
An administrator wants to add SSL VPN Cisco AnyConnect VPN Client for use by remote users. Upon checking the Cisco software download site, the administrator notices that there are a number of different versions of Cisco AnyConnect VPN Client Software available for download. If the administrator knows the Cisco ASA Adaptive Security Appliance Software version and the remote user’s PC operating system, how can the administrator determine the appropriate version of Cisco AnyConnect VPN Client to download?
A. The version of Cisco AnyConnect VPN Client Software and the compatible version of
Cisco ASA Adaptive Security Appliance Software are based on release notes.
B. The version of Cisco AnyConnect VPN Client Software must only be compatible with the operating system.
C. All versions of the Cisco AnyConnect VPN Client Software are compatible with all releases of Cisco ASA Adaptive Security Appliance Software.
D. Newer versions of the Cisco AnyConnect VPN Client Software are backward compatible with earlier versions.
Answer: A
QUESTION: 47
Refer to the exhibit. You have configured the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. During your troubleshooting, you determine that you must make configuration changes. Based on the Cisco ASDM configuration that is shown, which configuration change should you start with?
A. Enable an SSL VPN client type on the interface.
B. Enable DTLS on the interface.
C. Require a client certificate on the interface.
D. Enable a different access port that doesn’t conflict with Cisco ASDM.
Answer: A
QUESTION: 48
In which three ways can a Cisco ASA security appliance obtain a certificate revocation list from a certificate authority? (Choose three.)
A. SCEP
B. FTP
C. TFTP
D. HTTP
E. Telnet F. SCP
G. LDAP
Answer: A, D, G
QUESTION: 49
Refer to the exhibit. You have configured a Cisco ASA 5505 Adaptive Security Appliance as
an Easy VPN hardware client. When the telecommuter that uses the ASA 5505 Adaptive Security Appliance for remote access first attempts to connect to resources on the corporate network, he is prompted for authentication. Which two group policy features would require authentication, even though a username and password are configured on the Easy VPN hardware client? (Select two.)
A. Individual User Authentication
B. Remote User Authentication
C. Group Authentication
D. Extended Authentication
E. Secure Unit Authentication
F. Certificate Authentication
Answer: A, E
QUESTION: 50
Refer to the exhibit. You have configured your Cisco ASA security appliance for SSL VPNs.
Based on the configuration that is shown, what will happen when the remote user has successfully authenticated?
A. The Cisco ASA security appliance will wait indefinitely for the user to select clientless SSL VPN portal or an SSL VPN client to use for the SSL VPN connection.
B. The Cisco ASA security appliance will open the clientless SSL VPN portal if no Cisco
AnyConnect VPN Client is installed on the remote system.
C. The Cisco ASA security appliance will push the Cisco AnyConnect VPN Client down to the remote system, install the client, and use it to complete the SSL VPN connection.
D. The Cisco ASA security appliance will push the Cisco AnyConnect VPN Client down to the remote system, install the client, and ask the user to authenticate again.
Answer: C
QUESTION: 51
Refer to the exhibit. You have configured two SSL VPN certificate-to-connection profile mappings for all users and Sales users. The connection profiles for the Sales users are not being applied when the users connect. Based on the configuration that is shown, what would cause this issue? ***Exhibit Missing***
A. The priority of the RASSL4SALES mapping is too high and needs to be lower than the priority of the RASSL4ALL mapping.
B. The priority of the RASSL4ALL mapping is too low and it needs to be increase but not more than the priority of the RASSL4SALES mapping.
C. The priority of the RASSL4ALL mapping is not low enough and it needs to be lowered to
1.
D. The matching criteria for the RASSL4SALES mapping is too specific and should match something more generic.
Answer: A
QUESTION: 52
Your IT department needs to run a custom-built TCP application within the clientless SSL VPN portal that is configured on your Cisco ASA security appliance. The application will need to be run by users who have either guest or normal user mode privileges. How would you configure the clientless SSL VPN portal to allow this application to run?
A. Configure port forwarding for the application
B. Configure a bookmark for the application
C. Configure the plug-in that best fits the application
D. Configure a smart tunnel for the application
Answer: D
QUESTION: 53
Which major benefit do digital certificates provide when deploying IPsec VPN tunnels?
A. Resiliency
B. Obfuscation
C. Simplification
D. Scalability
Answer: D
QUESTION: 54
Refer to the exhibit. As the administrator of a Cisco ASA security appliance for remote access IPsec VPNs, you are assisting a user who has a digital certificate that is configured for the Cisco VPN Client. Based on the exhibit, how would you find the MD5 and SHA-1 thumb print of the certificate?
A. Choose the certificate and then click the Certificate drop-down menu.
B. Choose the certificate and then click Options > Properties.
C. Choose the certificate and then click the View button.
D. Choose the certificate and then click the Verify button.
Answer: C
QUESTION: 55
Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which will use digital certificates for authentication. Which protocol will the Cisco VPN client use to retrieve the digital certificate from the CA server?
A. FTP
B. HTTPS
C. TFTP
D. LDAP E. SCEP
Answer: E
QUESTION: 56
Refer to the exhibit. A junior Cisco ASA security appliance administrator has asked for your help in configuring a Cisco ASA security appliance for an identity certificate to be used for IPsec VPNs. Based on the two Cisco ASDM configuration screens that are shown, what is needed to configure the Cisco ASA security appliance for an identity certificate?
A. To retrieve an identity certificate, a new pair of RSA keys must be created.
B. To retrieve an identity certificate, the Cisco ASA security appliance must have the certificate of the CA.
C. To retrieve an identity certificate, the common name must be an FQDN.
D. The Cisco ASA security appliance doesn’t need to retrieve an identity certificate. It can use a self-signed identity certificate for IPsec.
E. Because of the lack of a CA certificate, the administrator must import the identity certificate from a file.
Answer: B
