The 100% valid Flydumps latest Cisco 642-515 question answers ensure you 100% pass! And now we are offering the free new version along with the VCE format Cisco 642-515 practice test. Free download Cisco 642-515 more new PDF and VCE on Flydumps.com.
Exam A
QUESTION 1
The following exhibit shows a Cisco ASA security appliance configured to participate in a VPN cluster. According to the exhibit, to which value will you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?
A. 10
B. 100
C. 0
D. 1
Correct Answer: A Section: VPN Explanation
Explanation/Reference:
QUESTION 2
You work as a network administrator for your company. Study the exhibit carefully. ASDM is short for Adaptive Security Device Manager. You are responsible for multiple remote Cisco ASA security appliances administered through Cisco ASDM. Recently, you have been tasked to configure one of these Cisco ASA security appliances for SSL VPNs and are requiring a client certificate, as shown. How will this configuration affect your next ASDM connection to this Cisco ASA security appliance?
A. You would be asked to present an identity certificate. If you did not have one, the Cisco ASA security appliance would prompt you for authentication credentials, consisting of a username and password.
B. Your connection would be handled the way it is always handled by this Cisco ASA security appliance.
C. You would be required to have an identity certificate that the Cisco ASA security appliance can use for authentication.
D. You would be required to download the identity certificate of the remote Cisco ASA security appliance.
Correct Answer: C Section: VPN Explanation
Explanation/Reference:
QUESTION 3
Study the following exhibit carefully. You work as the network administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIP-SSM. You are asked to use the AIP-SSM to protect corporate DMZ web servers. The AIP-SSM has been configured, and a service policy has been configured to identify the traffic to be passed to the AIP-SSM.
On which two interfaces would application of the service policy for the AIP-SSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)
A. dmz interface
B. outside interface
C. globally on all interfaces
D. Internet interface
E. Inside interface
Correct Answer: AB Section: Other Explanation Explanation/Reference:
QUESTION 4
Observe the exhibit below carefully. You have been tasked to configure the Cisco ASA security appliance as the hub in a hub-and-spoke site-to-site VPN. Which configurations can enable traffic to flow between spokes?
Correct Answer: D Section: VPN Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?
A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the log action for headers greater than 200 bytes would be the last match.
C. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
D. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
Correct Answer: A Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 6
You work as a network security administrator for your company. Now, you are asked to configure the corporate Cisco ASA security appliance to take the following steps on its outside interface:
–rate limit all IP traffic from telecommuting system engineers to the insidehost –drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes –prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server
In order to achieve this objective, which set of Modular Policy Framework components will be included?
A. one Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
B. two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
C. one Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer 3/4 policy map
D. three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
Correct Answer: C Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 7
Cisco ASA 5500 Series Adaptive Security Appliances are easy-to-deploy solutions that integrate world-class firewall, Unified Communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. You are asked to configure a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. In the process of configuration, you defined a list of backup servers for the security appliance to use. After several hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the
client. Where did your Easy VPN hardware client get this backup server?
A. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
B. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured.
C. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
D. The group policy that was configured on the primary VPN server was pushed to your Easy VPN client and overwrote the list of backup servers that you had configured.
Correct Answer: D Section: VPN Explanation
Explanation/Reference:
CCNA Exam Certification Guide is a best-of-breed Cisco 642-515 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and Cisco 642-515 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.Cisco 642-515 Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.