pass4sure cisco 642-515 test
Securing Networks with ASA Advanced: cisco 642-515 Exam
Exam Number/Code: 642-515
Exam Name:Securing Networks with ASA Advanced
Exam Language:English
Questions and Answers : 262 Q&As with Expert Explanations
Latest Updated: Oct 6th,2009
Free 642-515 Demo Trial:
Not sure to buy or not? Try our free demo and see for yourself! This is a free trial version of our integrated testing engine,
Download the Free Demo now and have a free experience of the 6 642-515 testing.
When we first started offering the 642-515 exam questions and 642-515 simulator exam, we never dreamed we would be making the claims that we do now in the form of our unbelievable guarantee. pass4sure guarantees that you will pass your 642-515 exam on your first attempt after using one of our 642-515 training products. The 642-515 exam tools that we have created for you are so good – we can’t help but guarantee your results.The 642-515 exam plays an integral role in obtaining your certification. All cisco certification exams are extremely detailed and cover many different technological areas. We designed the 642-515 test questions for this very purpose, to prepare you for the unexpected. Beyond the testing center, the skills you learn and the knowledge you confirm using the 642-515 practice exam will translate directly into your daily work environment.
The passguide ccsp 642-515 certificates give you possibility to work in any country of the world because they are acknowledged in all countries equally. This pass4sure 642-515 torrent certificate helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of pass4sure 642-515 exam products under different conditions. The majority of companies in the sphere of information technologies require the presence of cisco 642-515 exam for the work in the company, and that makes obtaining this 642-515 certificate necessary. Many IT specialists were not able to obtain the 642-515 certificate from the first attempt, which was the result of poor preparation for the examination, using preparatory 642-515 study guide of poor quality.
The leader among the providers of 642-515 preparatory materials is pass4sure products such as 642-515 Braindumps, Cisco 642-515 Study Guides, 642-515 Exam Questions with Answers, 642-515 Trainings, 642-515 Online Course and free 642-515 PDF. It obtained its leadership and trust of the users from the very beginning of its work on the pass4sure 642-515 training materials market.
When available, take advantage of the pass4sure 642-515 Value Pack and save time and money while developing your skills to pass your 642-515 exam and grab that cisco certification. Let us help you climb that ladder of success and pass your 642-515(Securing Networks with ASA Advanced)now
QUESTION: 31
Which three types of encapsulation does the Cisco ASA security appliance support for IPsec
NAT transparency? (Choose three.)
A. L2TP over IPsec
B. IPsec over GRE
C. IPsec over TCP
D. IPsec over UDP
E. IPsec over PPTP
F. NAT-T
Answer: C, D, F
QUESTION: 32
Refer to the exhibit. The HTTP inspection map named HTTP_POLICY is applied to the partnernet interface of the security appliance. Which of these actions does the security appliance take as a result of its configuration for HTTP traffic that enters its partnernet interface?
A. Drops and logs HTTP request messages for which the request method is put or the request header host field contains either the string example1.com or the string example2.com
B. Drops and logs HTTP request messages for which the request method is put and the request header host field contains either the string example1.com or the string example2.com C. Drops and logs HTTP request messages for which the request method is put and the request header host field contains the strings example1.com and example2.com
D. Drops and logs HTTP request messages for which the request method is put or the request header host field contains the strings example1.com and example2.com
E. Drops HTTP request messages for which the request method is put, and logs HTTP request messages for which the request header host field contains either the string example1.com or the string example2.com
F. Logs HTTP request messages for which the request method is put, and drops HTTP request messages for which the request header host field contains either the string example1.com or the string example2.com
Answer: B
QUESTION: 33
A recent network upgrade at a branch office has changed the network topology of the branch, and the site-to-site VPN tunnel that runs between the branch and the corporate office has been reconfigured to perform Reverse Route Injection to accommodate the recent change. You are running OSPF between the corporate Cisco ASA security appliance and routers on the internal network. Assuming that the VPN configuration is correct, which step do you need to perform on the corporate Cisco ASA security appliance to ensure that these new routes are visible to internal routers that are running OSPF?
A. Reverse Route Injection requires that you configure a new OSPF process that will add these routes to the Cisco ASA security appliance routing table.
B. Reverse route injection requires that you add a static route for each branch-office network to the Cisco ASA security appliance routing table.
C. Reverse Route Injection uses static routes, so you must configure OSPF to redistribute the static routes.
D. Reverse Route Injection uses RIP, so you must add a RIP process and redistribute the learned RIP routes into OSPF.
E. Reverse Route Injection uses EIGRP, so you must add an EIGRP process and redistribute the learned EIGRP routes into OSPF.
Answer: C
QUESTION: 34
Using a valid identity certificate from her certificate authority, an administrator of a Cisco ASA security appliance has used the IPsec VPN Wizard to create the necessary configuration for remote-access VPN tunnels. When she tests the remote-access VPN, the VPN tunnel does not come up. Assuming that the remote-access VPN configuration created by the wizard is correct and that valid certificates are being used by the Cisco ASA security appliance and Cisco VPN Client, which corrective action must be configured or corrected for the VPN tunnel to come up properly?
A. The IKE phase one configuration is not part of the IPsec VPN Wizard configuration and must be configured.
B. The IKE phase two configuration is not part of the IPsec VPN Wizard configuration and must be configured.
C. The crypto ACL configuration is not part of the IPsec VPN Wizard configuration and must be configured.
D. The mapping of digital certificates to connection profile is not part of the IPsec VPN Wizard configuration and must be configured.
E. NAT-Transparency configuration is not part of the IPsec VPN Wizard configuration and must be configured.
Answer: D
QUESTION: 35
You are configuring a Cisco ASA 5520 Adaptive Security Appliance as a Easy VPN hardware client. But from within Cisco ASDM, you cannot find the Easy VPN Remote configuration option within the Remote Access VPN menu. Why would you not be able to find this configuration option within Cisco ASDM on the ASA 5520 Adaptive Security Appliance?
A. The version of Cisco ASDM software loaded on the Cisco ASA security appliance does not support the Easy VPN feature.
B. The version of Cisco ASDM software loaded on the Cisco ASA security appliance is corrupt.
C. Only the Cisco ASA 5505 Adaptive Security Appliance can be a Easy VPN hardware client.
D. The Easy VPN feature with the BIOS of the ASA 5520 Adaptive Security Appliance was not enabled.
Answer: C
QUESTION: 36
Refer to the exhibit. You have been tasked to configure your Cisco ASA security appliance for port forwarding access to the internal e-mail server that is running POP3 (TCP port 110) and SMTP (TCP port 25). Which two configurations of the port forwarding list will allow remote users to access the internal email server through port forwarding? (Choose two.)
Answer: Pending
QUESTION: 37
You have configured Cisco Secure Desktop on your Cisco ASA security appliance. You need to configure Cisco Secure Desktop to perform Host Scan checks on the remote endpoint. Which three available Basic Host Scan checks can you configure? (Choose three.)
A. Registry
B. User rights
C. File
D. Groups E. Process F. Shares
Answer: A, C, E
QUESTION: 38
As the administrator of a Cisco ASA security appliance, you have been tasked to configure SSL VPNs to require digital certificates. Which four configuration options are available on the Cisco ASA security appliance for digital certificate management for SSL VPNs ? (Choose four.)
A. The Cisco ASA security appliance can be configured to have a local CA that is subordinate to an external CA.
B. The subordinate local CA on the Cisco ASA security appliance can issue certificates to users who require a certificate for their SSL VPN connections.
C. The Cisco ASA security appliance can generate a self-signed certificate to be used as its identity certificate for SSL VPN connections.
D. The Cisco ASA security appliance can be configured to retrieve its identity certificate from an external CA.
E. The Cisco ASA security appliance can be configured as a standalone local CA.
F. The local CA on the Cisco ASA security appliance can issue certificates to users who require certificates for SSL VPN connections.
G. An external CA must be used for SSL VPN users who require certificates for their SSL VPN connections.
H. The Cisco ASA security appliance must be configured to retrieve its identity certificate from an external CA.
Answer: C, D, E, F
