642-515 training materials
QUESTION: 57
SSL VPNs can provide increased flexibility over IPsec VPNs, based on the location of the client and ownership of the endpoint. However, security of the endpoint is a potential problem. Which three of these potential security issues can the Cisco ASA security appliance address through SSL VPN policies or features? (Select three.)
A. SSL attacks
B. Malware
C. Phishing
D. Spoofing
E. Viruses
F. Spyware
Answer: B, E, F
QUESTION: 58
You have been tasked with configuring access for development partners using the clientless SSL VPN portal on your Cisco ASA security appliance. These partners need access to the desktop of internal development servers. Which three of these configurations for the clientless SSL VPN portal would allow these partners to access the desktop of remote servers? (Choose three.)
A. RDP bookmark using the RDP plug-in
B. Xwindows bookmark using the Xwindows plug-in
C. Telnet bookmark using the Telnet plug-in
D. Citrix plugin using the Citrix plug-in
E. SSH bookmark using the SSH plug-in
F. VNC bookmark using the VNC plug-in
Answer: A, D, F
Section 1: Sec One (59to 63)
Details: Scenerio:
You have been tasked with examining the current Cisco Modular Policy Framework
configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Topology:
QUESTION: 59
Which two actions does the Cisco Adaptive Security Applicance take on HTTP traffic entering its outside interface? (Choose two.)
A. Drops HTTP request messages whose request method is post.
B. Logs HTTP request messages whose request method is post or whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
C. Drops HTTP request messages whose user-agent field contains the string
Some_New_P2P_Client1 and the string Some_New_P2P_Client2.
D. Drops HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
E. Logs HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
F. Forwards all HTTP request messages that are permitted by access control lists (ACLs) on the outside interface.
Answer: D, E
QUESTION: 60
What is the effect of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?
A. Prevents web browsers from sending embedded commands in FTP requests.
B. Prevents all users except “root” from accessing the path /root.
C. Blocks the FTP request commands PUT, RNFR, RNTO, DELE, MKD, and RMD.
D. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
E. Tracks each FTP command and response sequence for certain anomalous activity.
F. Masks the FTP banner.
Answer: D
QUESTION: 61
What are the two effects of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?
A. Resets connections that send embedded commands.
B. Prevents all users except “root” from accessing the path /root.
C. Prevents all users except “root” from using the FTP request commands PUT, RNFR, RNTO, DELE, MKD, and RMD.
D. Logs all attempts to download files from the FTP server on the inside interface.
E. Has no effect on FTP traffic entering the partnernet interface (affects only FTP traffic exiting the partnernet interface.)
F. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.
Answer: A, F
QUESTION: 62
Which statement is true about HTTP inspection on the Cisco Adaptive Security Appliance?
A. HTTP traffic is inspected as it enters or exits any interface.
B. HTTP traffic is inspected as it enters or exits the outside interface. C. HTTP traffic is inspected only as it enters any interface.
D. Advanced HTTP inspection is applied to traffic entering the outside interface, and basic
HTTP inspection is applied to traffic entering any interface.
Answer: B
QUESTION: 63
Which action does the Cisco Adaptive Security Appliance take on FTP traffic entering its outside interface?
A. Blocks the FTP request commands APPE, GET, RNFR, RNTO, DELE, MKD, and RMD.
B. Translates embedded IP addresses.
C. None (FTP is inspected only on the partnernet interface.)
D. Masks the FTP greeting banner.
E. Prevents all users except “root” from accessing the path/root.
Answer: B
I have been using Google Voice (formerly Grand Central) along with Gizmo5 for awhile now. The combination is fantastic! I was both excited and nervous when I seen Google bought Gizmo5, but thus far I have not found any serious changes in the caliber of service. Voice over IP is, I think, a radical technology. Cell phones were the original nail in the coffin for landlines. I feel that VoIP will be the 2nd nail.