passguide 642-515 pdf demo
Cisco 642-515
Securing Networks with ASA Advanced
Product Description
Exam Number/Code: 642-515
Exam Name: Securing Networks with ASA Advanced
For candidates making preparation for the Cisco 642-515 exam, what they most desire is to easily pass the 642-515 (Securing Networks with ASA Advanced) exam. PassGuide 642-515 includes 91 questions and answers, which are collected and collated by experts of Cisco. With our 642-515 study materials, you can successfully take Cisco certification of 642-515 exam and go further on Cisco career path.
Free 642-515 Demo
Download Demo of Cisco 642-515 exam for free (in PDF format ) before you decide to purchase it. Thus,you can know better about the quality of our practice exam and then make your right decision.
Q&A V3.20
www.PassGuide.com
(C) Copyright 2006-2009 CertBible Tech LTD,All Rights Reserved.
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not
missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 120 days after the purchase. You should check your
member zone at PassGuide an update 3-4 days before the scheduled exam date.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.
Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————
Copyright
Each pdf file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular pdf file is
being distributed by you, CertBible reserves the right to take legal action against you
according to the International Copyright Laws.
QUESTION: 1
Refer to the exhibit. You are configuring a Cisco ASA security appliance to participate in a VPN cluster. Based on the exhibit, to which value would you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?
A. 0
B. 1
C. 10
D. 100
Answer: C
QUESTION: 2
Refer to the exhibit. You are the administrator of multiple remote Cisco ASA security appliances, which are administered through Cisco ASDM. You recently configured one of these Cisco ASA security appliances for SSL VPNs and are requiring a client certificate, as shown. How would this configuration affect your next ASDM connection to this Cisco ASA security appliance?
A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
C. You would be required to download the identity certificate of the remote Cisco ASA security appliance.
D. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.
Answer: D
QUESTION: 3
Refer to the exhibit. You are the administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You have been tasked to deploy the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic that is to be passed to the AIP-SSM. On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)
A. Inside interface
B. Dmz interface
C. Internet interface
D. Globally on all interfaces
E. Outside interface
Answer: B, E
QUESTION: 4
Refer to the exhibit. You are configuring the Cisco ASA security appliance as the hub in a hub- and-spoke site-to-site VPN. Which of these configurations will enable traffic to flow between spokes?
A.
B.
C.
D
Answer: D
QUESTION: 5
Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?
A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
C. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
D. Yes, because the log action for headers greater than 200 bytes would be the last match.
Answer: A
QUESTION: 6
Refer to the exhibit. The network security administrator for XYZ Corporation wants to configure the corporate Cisco ASA security appliance to take the following actions on its outside interface:
–rate limit all IP traffic from telecommuting system engineers to the insidehost
–drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes
–prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server Which set of Modular Policy Framework components will be involved in accomplishing this goal?
A. One Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer ¾
policy map
B. One Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
C. Two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer ¾
policy map
D. Three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
Answer: A
QUESTION: 7
Refer to the exhibit. You have configured a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. During the configuration, you defined a list of backup servers for the security appliance to use. After a few hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?
A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
B. The group policy that was configured on the primary VPN server was pushed to your Easy
VPN client and overwrote the list of backup servers that you had configured.
C. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured. D. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
Answer: B
QUESTION: 8
Refer to the exhibit. You are the administrator of a Cisco ASA security appliance that is configured with a local CA. Based on the exhibit, for which purpose would the user student1 use this password?
A. Authentication to the SSL VPN server
B. Retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
C. Retrieval of the Cisco ASA security appliance identity certificate
D. The initial authentication to the SSL VPN server
Answer: B
QUESTION: 9
Refer to the exhibit. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session will trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often referred to as TCP-over-TCP meltdown. Based on the Cisco ASDM configuration that is shown, which Cisco ASA security appliance configuration will help alleviate this problem?
A. Keepalive Messages
B. Compression
C. MTU size of 500
D. Datagram TLS
Answer: D
QUESTION: 10
Refer to the exhibit. You have been tasked with configuring your Cisco ASA security appliance for EIGRP routing. Based on the information that is provided in the exhibit, which two Cisco ASDM configurations will add these networks to the configuration of EIGRP?
A.
B.
C.
Answer: A
QUESTION: 11
Which two of these choices are types of queues available on the Cisco ASA security appliance when implementing QoS? (Choose two.)
A. Weighted fair queue
B. Last in first out queue
C. Policing queue
D. Low latency queue
E. Custom queue
F. Best effort queue
G. Round robin queue
Answer: D, F
Just wanted to say that you have some great content on your blog. If it’s allowed I would like to use some of it on my blog. If I link back to this page do I have your permission to do so?