Category: Cisco
Do not worry about your Cisco 642-617 exam,Flydumps now has published the new veriosn Cisco 642-617 exam dumps with more new added questions and answers,also you can free download Cisco 642-617 vce test software and pdf dumps on Flydumps.com.
QUESTION 40
Using the default modular policy framework global configuration on the Cisco ASA, how does the Cisco ASA process outbound HTTP traffic?
A. HTTP flows are not permitted through the Cisco ASA, because HTTP is not inspected bydefault.
B. HTTP flows match theinspection_default traffic class and are inspected using HTTP inspection.
C. HTTP outbound traffic is permitted, but all return HTTP traffic is denied.
D. HTTP flows arestatefully inspected using TCP stateful inspection.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which feature is not supported on the Cisco ASA 5505 with the Security Plus license? O A. security contexts
A. stateless active/standby failover
B. transparent firewall
C. threat detection
D. traffic shaping
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
What is the first configuration step when using Cisco ASDM to configure a new Layer 3/4 inspection policy on the Cisco ASA?
A. Create a new class map.
B. Create a new policy map and apply actions to the traffic classes.
C. Create a new service policy rule.
D. Create the ACLs to be referenced by any of the new class maps.
E. Disable the default global inspection policy.
F. Create a new firewall access rule.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 43
Which statement about the Cisco ASA 5505 configuration is true?
A. The IP address is configured under the physical interface (ethemet 0/0 to ethemet 0/7).
B. With the default factory configuration, the management interface (management 0/0) is configured with the 192.168.1.1/24 IP address
C. With the default factory configuration, Cisco ASDM access is not enabled.
D. Theswitchport access vlan command can be used to assign the VLAN to each physical interface (ethemet 0/0 to ethemet 0/7).
E. With the default factory configuration, both the inside and outside interface will use DHCP to acquire its IP address.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit. What does the * next to the CTX security context indicate?
A. The CTX context is the active context on the Cisco ASA.
B. The CTX context is the standby context on the Cisco ASA.
C. The CTX context contains the system configurations.
D. The CTX context has the admin role.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. loggingHsttest message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7 E. logging trap test
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 46
Refer to the exhibit. Which two configurations are required on the Cisco ASAs so that the return traffic from the 10.10.10.100 outside server back to the 10.20.10.100 inside client can be rerouted from the Active CtxB context in ASA Two to the Active Ctx A context in ASA One? (Choose two.)
A. stateful active/active failover
B. dynamic routing (EIGRP or OSPF or RIP)
C. ASR-group
D. no NAT-control
E. policy-based routing
F. TCP/UDP connections replication
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Where in the ACS are the individual downloadable ACL statements configured to achieve the most scalable deployment?
A. Group Setup
B. User Setup
C. Shared Profile Components
D. Network Access Profiles
E. Network Configuration Build Your Dreams PassGuide 642-617
F. Interface Configuration
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two methods can be used to access the Cisco AIP-SSM CLI? (Choose two.)
A. initiating an SSH connection to the Cisco AIP-SSM external management Ethernet port
B. connecting to the console port on the Cisco AIP-SSM
C. using the setup command on the Cisco ASA CLI
D. using thesession 1 command on the Cisco ASA CLI
E. using the hw-module command on the Cisco ASA CLI
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Refer to the exhibit. Which three CLI configuration commands result from this configuration? (Choose three.)
A. global (outside) 1 192.168.11
B. nat (inside) 110.16.1.1
C. static(inside.outside) 192.168.1.1 10.16.1.1 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.16.1.1 80
E. access-listoutside_access_in line 1 extended permit tcp any host 192.168.1.1 eq http
F. access-listoutside_access_in line 1 extended permit tcp any host 10.16.1.1 eq http
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Build Your Dreams PassGuide 642-617
Which three configuration options are available when configuring static routes on the Cisco ASA? (Choose three.)
A. Change the default metric (admin distance) from 1 to some other value.
B. Enable route tracking.
C. Specify the static route as the default tunnel gateway for VPN traffic.
D. Specify that the static route will not be removed, even if the interface shuts down.
E. Specify a tag value to the static route that can be used as a “match” value for controlling redistribution via route maps
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
On the Cisco ASA, what is the default access rule if no user-defined access lists are defined on the interfaces?
A. All inbound connections from the lower-security interfaces to the higher-security interfaces are permitted.
B. All outbound connections from the higher-security interfaces to the lower-security interfaces are permitted
C. All IP traffic between interfaces with the same security levelare permitted.
D. All IP traffic in and out of the same interface is permitted.
E. All IP traffic is denied.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 52
When the Cisco ASA detects scanning attacks, how long is the attacker who is performing the scan shunned?
A. 120 seconds
B. 600 seconds
C. 1200 seconds
D. 3600 seconds
E. 6000 seconds
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
The ASA administrator wants to configure Botnet Traffic Filter using the dynamic database but it is not working properly after the initiate configuration has been entered. What other configuration is missing?
Build Your Dreams PassGuide 642-617
A. Enabling DNS Snooping
B. Enabling Botnet Traffic Filtering on at least one of the ASA interface
C. Enabling the ASA to periodically download the dynamic database from Cisco
D. Enabling DNS inspection globally
E. Configuring the manual white and black lists
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which two statements about the Cisco ASA configuration is true? (Choose two.)
Build Your Dreams PassGuide 642-617
A. NAT Control is enabled
B. The Cisco ASAis setup as the DHCP server for hosts on the inside and outside interfaces
C. All IP traffic is permitted from the inside host to the outside
D. All hosts on the inside and on the outside can access Cisco ASDM
E. Access to the CLI in privileged mode will be authenticated using the LOCAL database on the Cisco ASA
F. The ASAis using a persistent self-signed certificated so users can authenticate the Cisco ASA when accessing it via Cisco ASDM
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 55
On the Cisco ASA, tcp-map can be applied to a traffic class using which MPF CLI configuration command?
Build Your Dreams PassGuide 642-617
A. inspect
B. sysopt connection
C. tcp-options
D. parameters
E. set connection advanced-options
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 56
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit. Which two options will result from the Cisco ASA configuration? (Choose two.)
Build Your Dreams PassGuide 642-617
A. The outside hosts can use the 192.168.100.1 IP address to reach the web server on the inside network.
B. The global IP address of the web server is 209.165.200.230.
C. The inside web client will use the 209.165.200.230 IP address to reach the web server and the Cisco ASA will translate the 209.165.200.230 IP address to the 192.168.100.1 IP address.
D. The Cisco ASA will translate the DNS A-Record reply from the DNS server to any inside client for the web server (web server IP = 192.168.100.1).
E. The web server will be reachable only from the inside.
F. The web server will be reachable only from the outside.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 58
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 59
With Cisco ASA active/active or active/standby stateful failover, which state information or
Build Your Dreams PassGuide 642-617
table is not passed between the active and standby Cisco ASA by default?
A. NAT translation table
B. TCP connection states
C. UDP connection states
D. ARP table
E. HTTP connection table
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Refer to the exhibit. What requirement is mandatory when configuring a Cisco ASA to operate in transparent firewall mode?
A. IP routing must be disabled on the Cisco ASA using the noip routing global configuration command.
B. The Cisco ASA must be configured to use the same MAC address on its outside and inside interfaces.
C. ARP inspection must be enabled on both the inside and outside interfaces using thearpinspection interface-name enable flood command.
D. Both the inside and outside interfaces must be configured with the same security level.
E. An inboundEtherType ACL is required on the inside and outside interfaces to permit ARP traffic.
F. The management IP address of the Cisco ASA configured with theip address global configuration command must belong in the 10.0.1.0/24 subnet.
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Build Your Dreams PassGuide 642-617
Refer to the exhibit. Which two statements are true? (Choose two.)
A. The connection isawaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based securesyslog server
Correct Answer: BCDFG Section: (none) Explanation
Explanation/Reference:
QUESTION 63
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. Thenameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 64
What mechanism is used on the Cisco ASA to map IP addresses to domain names that are contained in the botnet traffic filter dynamic database or local blacklist?
Build Your Dreams PassGuide 642-617
A. HTTP inspection
B. DNS inspection and snooping
C. WebACL
D. dynamicbotnet database fetches (updates)
E. staticblacklist
F. static white list
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which three statements about traffic shaping capability on the Cisco ASA are true? (Choose three.)
A. Traffic shaping can be applied to all outgoing traffic on a physical interface or in the case of the Cisco ASA 5505, on a VLAN
B. Traffic shaping can be applied in the input or output direction.
C. Traffic shaping can cause jitter and delay.
D. You can configure both traffic shaping and priorityqueueing on the same interface.
E. Traffic shaping is not supported on the Cisco ASA 5580.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit. Which statement about the policy map named test is true?
A. Only HTTP inspection will be applied to the TCP port 21 traffic.
B. Only FTP inspection will be applied to the TCP port 21 traffic.
C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.
D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration
conflicts with the ftp class map
E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-617
QUESTION 67
When troubleshooting a Cisco ASA (running 8.2.2) that is operating in transparent firewall mode, what should you verify to ensure proper operation?
A. The Cisco ASA has not been configured for inside static or dynamic NAT.
B. The Cisco ASA global IP address belongs to the same subnet as the directly connected interfaces.
C. The outside and inside interfaceare connected to different Layer 3 subnets.
D. The Cisco ASA is using a dedicated management interface for management access.
E. The Cisco ASA is configured for ARP inspection.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 69
DRAG DROP A. Build Your Dreams PassGuide 642-617
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which three parameters are set using the set connection command within a policy map on the Cisco ASA
8.2 release? (Choose three.)
A. per-client TCP and/or UDP idle timeout
B. per-client TCP and/or UDP maximum session time
C. TCP sequence number randomization
D. maximum number of simultaneous embryonic connections
E. maximum number of simultaneous TCP and/or UDP connections
F. fragments reassembly options
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Cisco 642-617 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-617 exam the first time.
Fully Updated Do not hesitate to choose Flydumps Cisco 642-587 VCE Exam Dumps, all are updated timely by SAP expert professionals.Visit the site Flydumps.com to get the free Cisco 642-587 pdf dumps and free vce player.
QUESTION 50
You are using ADU and are authenticated and associated to an access point. However, you are unable to obtain an IP address. Which of these has caused this problem?
A. invalid SSID
B. invalid 802.1X authentication type
C. invalid encryption type
D. invalid WEP key
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which parameter, when enabled on a standalone access point, gives the highest priority to a voice packet even when QoS is not enabled?
A. QoS Element for Wireless Phones
B. IGMP Snooping
C. WMM
D. AVVID Priority Mapping
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
You review the Failed Attempts logs on an AAA server and find: “unknown network access server error.” Which failure could produce this error?
A. failure of the wireless client and AAA server handshake
B. supplicant authentication failure
C. AAA client and AAA server handshake
D. Wrong password used by the supplicant
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
If it is properly deployed, a controller-based access point is capable of monitoring all VLANs on a network when you select which of the following modes from the AP Mode drop-down menu on the controller?
A. Monitor
B. Rogue Detector
C. Sniffer
D. Mirror
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
On a WLAN controller, what is the default limit on the number of entries in the database that will be used for local authentication?
A. 50
B. 128
C. 512
D. 1024
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which Cisco Aironet Series has a built-in digital thermometer designed to protect the radio?
A. Cisco Aironet 1500 Series
B. Cisco Aironet 1400 Series
C. Cisco Aironet 1300 Series
D. Cisco Aironet 1200 Series
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
A Cisco 4404 WLAN controller is being connected to a Cisco 6500 Catalyst Series Switch. How would you interconnect and configure LAG for connectivity and ensure redundancy?
A. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module and channel group.
B. All four ports from the Cisco WLC terminated to the same Catalyst gigabit module using two channel groups.
C. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 20 and Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 40.
D. Ports 1 and 2 from Cisco WLC to Catalyst gigabit module slot 1 channel group 10 and Cisco WLC ports 3 and 4 to Catalyst gigabit module slot 2 channel group 10.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which of the following commands on the wireless interface of a Cisco 3845 Integrated Service Router allows the SSID to broadcast?
A. router(config-ssid)# enable
B. router(config-ssid)# advertise
C. router(config-ssid)# broadcast
D. router(config-ssid)# guest-mode
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
You have been called upon to add location-based services into an existing controller-based wireless design which primarily encompasses handheld devices such as barcode scanners and Cisco 7920 wireless IP phones. In which mode should you deploy
the additional access points to achieve the density required without excessive co-channel interference?
A. sniffer mode
B. monitor mode
C. location mode D. tracking mode
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
What is the maximum number of WLAN controllers that can join a single mobility group?
A. 12
B. 24
C. 36
D. 48
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Cisco 642-587 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-587. We provide our customers with the excellent 7×24 hours customer service.We have the most professional Cisco 642-587 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-587 free pdf
Flydumps Cisco 642-359 exam questions and answers in PDF are prepared by our expert,Moreover,they are based on the recommended syllabus covering all the Adobe exam objectives. You will find them to be very helpful and precise in the subject matter since all the Cisco 642-359 exam content is regularly updated and has been checked for accuracy by our team of Adobe expert professionals.
QUESTION 20
A customer with multiple vendor switches establishes an ISL between a non-Cisco switch and an E_Port
on a Cisco MDS 9000 switch.
Which three statements are true about the interop behavior between the two switches? (Choose three.)
A. Exchange-based load balancing is supported in all interop modes.
B. Interop mode affects all VSANs.
C. Only E_Ports can be used to connect to non-Cisco MDS switches.
D. The non-Cisco switch must have matching FC timers with the VSAN containing the E_Port on the Cisco MDS 9000 Series switch.
E. Adding another ISL between the switches will allow a PortChannel to be configured for HA.
F. Interop mode 1 allows full featured communication between all combinations of MDS and non- MDS switches
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Which license is required on switches that are going to implement LUN zoning?
A. Storage Services Enabler
B. Enterprise license
C. Fabric Manager Server license
D. SAN Extension over IP license
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 22
DRAG DROP
Drop
Match the definition on the left with its appropriate word or phrase about switch interoperability on the right.
“Pass Any Exam. Any Time.” – www.actualtests.com 11
Cisco 642-359: Practice Exam
Drag and drop question. Drag the items to the proper locations.
A. 1=2, 2=1, 3=4, 4=5, 5=3
B.
C.
D.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
“Pass Any Exam. Any Time.” – www.actualtests.com 12 Cisco 642-359: Practice Exam
QUESTION 23
Which two of these logging statements are true? (Choose two.)
A. Call Home message level 0 is most urgent and level 7 is least urgent, whereas the syslog level 9 is most urgent and level 0 is least urgent.
B. Syslog message level 0 is most urgent and level 7 is least urgent, whereas the Call Home message level 9 is most urgent and level 0 is least urgent,
C. Syslog message level 7 is most urgent and level 0 is least urgent, whereas the Call Home message level 9 is most urgent and level 0 is least urgent.
D. Accounting logs can be stored locally and sent to remote AAA servers.
E. Go to logs > syslog > setup in Device Manager to view the local accounting log.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Which of these Cisco Fabric Manager debugging tools can compare the current configuration with a previously saved configuration file?
A. Switch Health Analysis
B. Fabric Configuration Analysis
C. EnD.to-End Connectivity Analysis
D. Zone Merge Analysis
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 25
Choose the correct list of tasks to configure Remote Spanning.
A. Create a VSAN interface. Enable a Fibre Channel tunnel. Initiate the Fibre Channel tunnel. Configure the ST_Port in the source switch. Configure the SD_Port in the destination switch. Configure a SPAN session in the source switch.
B. Create a VSAN interface. Enable a Fibre Channel tunnel. Initiate the Fibre Channel tunnel. Configure the ST_Port in the source switch. Configure the SD_Port in the destination switch. Configure an RSPAN session in the source switch.
C. Create an RSPAN interface. Enable a Fibre Channel tunnel. Initiate the Fibre Channel tunnel. Configure the SD_Port in the destination switch. Configure the ST_Port in the source switch. Configure an RSPAN session in the source switch.
D. Create a VSAN interface. Enable a Fibre Channel tunnel. Initiate the Fibre Channel tunnel. Configure the ST_Port in the destination switch. Configure the SD_Port in the source switch. “Pass Any Exam. Any Time.” – www.actualtests.com 13 Cisco 642-359: Practice Exam Configure an RSPAN session in the source switch.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 26
When creating an Inter-VSAN routing topology, which type of World Wide Name (WWN) must be used?
A. Port WWN
B. Switch WWN
C. Fabric Port WWN
D. VSAN WWN
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Your company has a multiswitch fabric including Switch A and Switch B. An administrator of Switch A creates the following zone set and successfully activates it: zoneset name ZoneSetl vsan 1 zone name Zonel vsan 1 pwwn 21:01:00:e0:8b:3c:03:b6 pwwn 21:01:00:e0:8b:3c:55:bb Later in the day, a second administrator creates the following zone set on Switch B: zoneset name ZoneSet2 vsan 1 zone name Zonel vsan 1 pwwn 21:01:00:e0:8b:3c:03:b6 pwwn 21:01:00:e0:8b:3c:55:aa What happens when the administrator of Switch B attempts to activate ZoneSet2?
A. ZoneSet2 becomes the active zone set for both Switches A and
B.
C. The fabric segments and ZoneSet2 become the active zone set for Switch B only.
D. The fabric segments and ZoneSet2 become the active zone set for Switch A only.
E. The fabric segments and ZoneSetl remain the active zone set for Switch B, while ZoneSet2 becomes the active zone set for Switch A.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 28
“Pass Any Exam. Any Time.” – www.actualtests.com 14 Cisco 642-359: Practice Exam
You have been asked to configure a port on your Cisco MDS switch so that a host can join your fabric. Which of these switch port types should the port be set to?
A. N_Port
B. NL_Port
C. F_Port
D. E_Port
E. TE_Port
F. SD Port
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 29
DRAG DROP
Drop The IT director wants to standardize the process that the SAN team follows when troubleshooting the SAN. IT director wants to leverage the tools that are provided by Cisco Fabric Manager so that each member of the team executes the samesteps when faced with a problem in the SAN. Click and drag the Cisco Fabric Manager troubleshooting tool to the purpose it serves in the repair strategy.
Drag and drop question. Drag the items to the proper locations.
A. 1=2, 2=4, 3=3, 4=1
B.
C.
D.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 15 Cisco 642-359: Practice Exam
Explanation:
QUESTION 30
Which of the following tools would you use to view SCSI error count statistics?
A. Cisco Performance Manager
B. RMON
C. Cisco Traffic Analyzer
D. Cisco Fabric Analyzer
Correct Answer: C Section: (none)
Explanation
Explanation/Reference:
QUESTION 31
A customer would like to implement a low-cost traffic engineering solution that provides a primary data path, and a secondary data path that will only be used in the event of a failure in the primary path. Which of these solutions best meets the customer needs?
A. VSAN allowed list pruning
B. FCC
C. QoS “Pass Any Exam. Any Time.” – www.actualtests.com 16 Cisco 642-359: Practice Exam
D. FSPF link costs
E. VOQ
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
The output from the switch show interface command indicates that the link from a host comes up as an FL_Port. The switch port is configured as auto. Which three of these HBA configurations could cause this scenario? (Choose three.)
A. the HBA is configured as an N_Port
B. the HBA is configured as an NL_Port
C. the HBA supports only NL mode
D. the HBA is configured as a TE_Port
E. the HBA supports only FC.AL technology
F. the HBA is configured as an TL_Port
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Refer to the exhibit. Which of the following statements is true?
A. All users belonging to the sangroup role are allowed to perform all configuration commands except fspf commands because the deny config feature fspf is listed first.
B. All users are allowed to perform all configuration commands because the permit config command is listed last and that will globally override all other rules.
C. All users belonging to the sangroup role to perform all configuration commands except fspf commands because it does not matter what order the rules are entered.
D. The configuration is not valid because rules are entered at the switch (config-role-vsan)# level.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which three types of network statistics can be captured with the Cisco Traffic Analyzer? (Choose three.)
“Pass Any Exam. Any Time.” – www.actualtests.com 17 Cisco 642-359: Practice Exam
A. historical reporting
B. total bandwidth used
C. Tx/Rx bandwidth per VSAN
D. Tx/Rx bandwidth per N_Port
E. class-based traffic breakdown
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Which two security protocols are supported in the Cisco iSCSI implementation? (Choose two.)
A. IPSec
B. FC.SP
C. SLAP
D. CHAP
E. PAP
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which feature requires the Cisco MDS 9000 Series Enterprise license?
A. PortChannels
B. virtual output queues
C. port security
D. centralized AAA services
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Which three of these steps are required to configure IVR? (Choose three.)
A. Enable IVR in the border switches.
B. Configure interop mode 1.
C. Configure NAT.
D. Configure the IVR topology.
E. Create and activate IVR zone sets.
F. Configure a transit VSAN. “Pass Any Exam. Any Time.” – www.actualtests.com 18 Cisco 642-359: Practice Exam
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 38
What is the default policy when defining role-based access for a VSAN?
A. Deny
B. Permit
C. Permit only for the default VSAN.
D. There is no default role policy for a VSAN.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Which two features help you verify connectivity between host and storage devices? (Choose two.)
A. fcanalyzer
B. Cisco Traffic Analyzer
C. EnD.to-End Connectivity Analysis
D. Zone Merge Analysis
E. fcping
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 40
Which two of these features are characteristic of out-of-band management for the Cisco MDS 9000 Series switches? (Choose two.)
A. CUP management of the switch for FICON
B. 10/100/1000 Ethernet connection C. IPFC
C. FCIP
D. logical interface VSAN 1
E. configuration during the initial switch setup
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 41
“Pass Any Exam. Any Time.” – www.actualtests.com 19 Cisco 642-359: Practice Exam
A customer has reported performance degradation in the SAN. The system administrator would like to track reaD.write I/O and LUN use on several devices. The devices are directly connected to various switches and belong to different VSANs. The administrator wants to gather information for the last 72 hours. Which of the following Cisco MDS 9000 Series tools is needed to track SCSI I/O and LUN statistics?
A. Cisco Fabric Manager
B. Cisco Traffic Analyzer and PAA
C. Cisco Performance Manager
D. Cisco Fabric Analyzer
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Reference the exhibit.
A customer has configured an FCIP connection between two sites. The customer issues an extended IP
ping command to determine path availability, MTU, and rounD.trip time.
According to the output in the exhibit, which parameter in the extended ping needs adjustment in order to
increase the chances of establishing enD.to-end connectivity?
A. timeout in seconds
B. repeat count
C. datagram size
D. nothing, enD.to-end connectivity cannot be established
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 20 Cisco 642-359: Practice Exam
QUESTION 43
The HBA on your storage server only supports the NL_Port mode. Which interface type on the Cisco MDS 9000 Series fabric switches can support this HBA?
A. F
B. TE
C. FL
D. N
E. E
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 44
While examining the output of a show run command on the Cisco MDS 9000 Series, you notice that the statement interface GigabitEthernet2/1.2 appears in the output. What does this mean?
A. It refers to the second FCIP tunnel that is configured on port GigabitEthernet2/1.
B. It refers to a VLAN subinterface on port GigabitEthernet2/1.
C. It means that port GigabitEthernet2/1 is assigned to VSAN 2.
D. It is a mistake in the interface configuration.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit. What is the effect of executing the commands shown in the exhibit?
A. Host A will not be able to communicate with interface mgmtO. “Pass Any Exam. Any Time.” – www.actualtests.com 21 Cisco 642-359: Practice Exam
B. Host B will not be able to communicate with interface mgmtO.
C. All hosts will be able to communicate with interface mgmtO.
D. No hosts will be able to communicate with interface mgmtO.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 46
A host is unable to access the storage network after its HBA is replaced. Which of these switch configurations could be preventing access?
A. port-based zoning
B. port-mode security
C. port security
D. port VSAN membership
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Which Cisco MDS feature can be used to notify an administrator or call center that a serious event has occurred in the fabric?
A. Call Home
B. syslog
C. FLOGI
D. SNMP
E. SPAN
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Why would you use the fcanalyzer command?
A. to ensure that Fibre Channel configuration settings are synchronized across all switches in the fabric
B. to identify common configuration errors in the fabric
C. to nondisruptively capture and decode Fibre Channel control frames
D. to decode and analyze Fibre Channel frames and ordered sets on a link “Pass Any Exam. Any Time.” -www.actualtests.com 22 Cisco 642-359: Practice Exam
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 49
What is the recommended minimum clearance between chassis when installing the Cisco MDS 9500 Series in a standard telco rack?
A. 2.5 inches
B. 3 inches
C. 6 inches
D. 9 inches
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Your company is planning a SAN deployment using Fibre Channel connections from a central, highly secure data center to several less secure branch offices. Which of these security features would allow you to disable all branch office switch management ports and yet still maintain the complete suite of TCP/IP-based SAN management utilities?
A. IPSec
B. Port Mode Security
C. Port Security
D. Overlay VSAN
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
What information does the command showflogi database provide?
A. verifies connectivity for attached devices
B. verifies that attached devices are in the correct zone
C. displays a list of the host ports that have logged into each storage port
D. displays fabric login errors
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
“Pass Any Exam. Any Time.” – www.actualtests.com 23
Cisco 642-359: Practice Exam
You have set up a session to the SD_Portto enable the investigation of a problem on a particular Fibre
Channel port. You need to check whether this has been correctly set up for the desired port.
Which command should you use?
A. show span session
B. showfcflow
C. showtlport
D. show fcanalyzer
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which feature detects hardware faults and attempts recovery actions?
A. Switch Health Analysis
B. Fabric Configuration Analysis
C. Online Health Management System
D. EnD.to-End Connectivity Analysis
E. Cisco Fabric Services
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Hosti and Storagel are in VSAN 10 and have been communicating successfully. An administrator creates and activates an IVR zoneset enabling Hosti and Storage2 to communicate. Unexpectedly, after this new IVR zoneset is activated, Hosti loses connectivity with Storagel. “Pass Any Exam. Any Time.” – www.actualtests.com 24 Cisco 642-359: Practice Exam Why did this happen?
A. The default zone policy in VSAN 10 is set to permit.
B. The local zoneset distribution policy for VSAN 20 is set to allow.
C. The zoneset distribution policy for VSAN 10 is set to full.
D. Standard zones and IVR zones cannot coexist in the same VSAN.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
You are implementing an FCIP solution for SAN extension between two data centers using the Cisco MDS 9000 Series platform. For redundancy, there are two Metro Ethernet paths between the data centers. How can you specify primary and secondary paths for each FCIP tunnel?
A. Configure OSPF routing on the IPS-8. .
B. Configure EIGRP routing on the IPS-8.
C. Configure FSPF link costs on the MDS switch.
D. Configure QoS on the MDS switch.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 25 Cisco 642-359: Practice Exam
QUESTION 56
In order to allow access to a switch using Telnet, which three settings should be configured during the initial setup of a Cisco 9000 Series switch using SAN-OS Release 2.0? (Choose three.)
A. assign an admin password
B. accept auto for the switchport trunk mode
C. configure the IP address for the VSAN 1 interface
D. configure the netmask for the IP address
E. configure the IP address for the MgmtO interface F – Configure SSH with an RSA1 key
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 57
What are four valid protocols for copying software to the MDS 9000 family switches? (Choose four.)
A. Remote Copy Service
B. Secure Copy Protocol
C. Trivial File Transfer Protocol
D. File Transfer Protocol
E. Secure Trivial File Transfer Protocol
F. Secure File Transfer Protocol
Correct Answer: BCDF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
On a Class C IP network, how many bits in the IPv4 address are used to identify the network?
A. 8
B. 16
C. 24
D. 32
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 59
“Pass Any Exam. Any Time.” – www.actualtests.com 26 Cisco 642-359: Practice Exam
After performing the initial switch configuration by running the setup utility, an administrator notices that ports configured to connect to other Cisco MDS 9000 switches invariably come up as E_Ports rather than TE_Ports. Which error was made at initial configuration?
A. VSAN capabilities were not enabled.
B. Default switchport trunk mode was set to auto.
C. Full zoneset distribution was not enabled.
D. Default switchport trunk mode was set to on.
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
QUESTION 60
Which three of these terms are valid Fibre Channel topologies? (Choose three.)
A. point-to-point
B. switched backbone
C. Gigabit Ethernet
D. arbitrated loop
E. switched fabric
F. autonomous region
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which two Cisco MDS 9000 Series Switches are used in small- and medium-sized SAN topologies? (Choose two.)
Select 2 response(s).
A. Cisco MDS 9124
B. Cisco MDS 9222i
C. Cisco MDS 9506
D. Cisco MDS 9509
E. Cisco MDS 9513
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 27 Cisco 642-359: Practice Exam
QUESTION 62
Which second-generation Fibre Channel module offers a full 4Gb/s line rate on all ports? Select the best response.
A. 12-port 1/2/4 Gb/s Fibre Channel module
B. 24-port 1/2/4 Gb/s Fibre Channel module
C. 24-port 1/2/4/8 Gb/s Fibre Channel module
D. 48-port 1/2/4 Gb/s Fibre Channel module
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 63
Which Cisco MDS 9000 Series Switch has non-field-replaceable fans? Select the best response
A. Cisco MDS 9124
B. Cisco MDS 9134
C. Cisco MDS 9222i
D. Cisco MDS 9506
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 64
When using the Cisco MDS 9000 Switches, which protocol provides in-band management? Select the best response.
A. FCIP
B. IPFC
C. iSCSI
D. SNMP
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
What is a benefit of using the Cisco Fabric Manager Software Install Wizard instead of using the CLI-based software upgrade?
“Pass Any Exam. Any Time.” – www.actualtests.com 28 Cisco 642-359: Practice Exam
Select the best response.
A. can be used to upgrade multiple switches with a single procedure
B. shows the upgrade procedure progress
C. upgrades kickstart and system images in a single step
D. notifies when upgrade procedure has finished
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 66
A junior SAN engineer is asked to prepare the configuration for the NPV edge switch. The NPV edge switch will be connected to the NPV core switch via the fc 1/24 interface. The end device will be connected to the fc 1/1 interface and should be placed in VSAN 10. Which configuration for the NPV edge switch accomplishes this request?
Select the best response.
A. feature npv interface fcl/24 switchport mode F interface fcl/1 switchport mode F vsan database vsan 10 interface fcl/1 vsan 10 interface fcl/24 153373-15
B. feature npv interface fcl/24 switchport mode F interface fcl/1 switchport mode F vsan database vsan 10 interface fcl/1 vsan 10 interface fcl/24 153373-7
C. feature npv interface fcl/24 switchport mode F interface fcl/1 switchport mode F vsan database vsan 10 interface fcl/1 vsan 10 interface fcl/24 153373-3 “Pass Any Exam. Any Time.” – www.actualtests.com 29 Cisco 642-359: Practice Exam
D. feature npv interface fcl/24 switchport mode F interface fcl/1 switchport mode F vsan database vsan 10 interface fcl/1 vsan 10 interface fcl/24 153373-11
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which two options can be used to enable flex-attach when automatic assignment is used? (Choose two.) Select 2 response(s).
A. global across all NPV switches
B. global across all NPIV-enabled switches
C. per interface or interface range
D. per server WWN
E. per server FC-ID
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Refer to the exhibit. When looking at the Cisco Fabric Manager, you notice that one of the switches has this symbol superimposed on it. What is the reason?
Select the best response.
A. The device is manageable but there are operational problems.
B. The device is online but not working properly.
C. The device is not manageable.
D. The device is Down.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 30 Cisco 642-359: Practice Exam
QUESTION 69
Which command can be used to determine whether device aliases in VSAN 5 are configured for fabric-wide distribution?
A. show fcalias distribution vsan 5
B. show cfs application name device-alias
C. show vsan 5 device-alias status
D. show vsan 5 device-alias status
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Issuing the show role command to check a defined role in an MDS 9000 Series switch will produce the following output:
Role : Manage VSAN Description : vsan policy : deny Permitted vsans: 2-4
Rule Type Command-type Feature
1.
permit config *
2.
deny config fspf
3.
permit debug zone
4.
permit exec fcping
Which of the following two functions can a user with role Manage undertake? (Choose two.)
A. change fspf parameters
B. configure FC port parameters for VSAN 3
C. issue a debug command for a port
D. heck connectivity for VSAN 2
Correct Answer: BD Section: (none) Explanation Explanation/Reference:
With the products Cisco 642-359 for training and preparation of testing you would not only significantly reduce your fees, but pass your exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Cisco 642-359 .
Flydumps Cisco 642-359 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco 642-359 exam objectives. You will find them to be very helpful and precise in the subject matter since all the Cisco 642-359 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.
QUESTION 16
What is a benefit of enhanced zoning?
A. fabric locked during configuration changes
B. larger zoning database size
C. database rollback in case of failure
D. zones allowed to span VSANs
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17
While examining the output of a show run command on the CiscoMDS9000Series, you notice that the statement interface GigabitEthernet2/1.2 appears in the output. What does this mean?
A. It refers to these condFCIP tunnel that is configured on port GigabitEthernet2/1.
B. It refers to a VLAN subinterface on port GigabitEthernet2/1.
C. It means that port GigabitEthernet2/1is assigned to VSAN2.
D. It is a mistake in the interface configuration.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
The HBA on your storage server only supports the NL_Port mode. Which interface type on the Cisco MDS9000Series fabrics witches can support this HBA?
A. F
B. TE
C. FL
D. N E. E
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
For purposes of granting restricted access to statically configure iSCSI virtual targets, which three of these can be used to identify iSCSI initiators?(Choose three.)
A. iSCS Inodename
B. hostname
C. IPv4 address and subnet
D. MAC address
E. IPv6 address
F. iSCSI WWN
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What is a benefit of enhanced zoning?
A. fabriclockedduringconfigurationchanges
B. largerzoningdatabasesize
C. databaserollbackincaseoffailure
D. zonesallowedtospanVSANs
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 21
How many ports are address able on a fabric arbitrated loop?
A. 126
B. 127
C. 255
D. 256
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Which three of the following a repossible reasons why aline card module does not come online?
(Choose three.)
A. Port index es have been taken offline.
B. Available port indexes are non contiguous.
C. Not enough power is available in the chassis.
D. An invalid interoperability mode has been configured.
E. Unsupported SFP shave been installed.
F. Not enough port indexes are available.
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Which of the following tools would you use to view SCSI error count statistics?
A. CiscoPerformanceManager
B. RMON
C. CiscoTrafficAnalyzer
D. CiscoFabricAnalyzer
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Why would you use the fc analyzer command?
A. to ensure that FibreChannel configuration settings are synchronized across all switches in the fabric
B. to identify common configuration errors in the fabric
C. to non disruptively capture and decode FibreChannel control frames
D. to decode and analyze FibreChannel frames and ordered sets on alink
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which two features help you verify connectivity between host and storage devices?(Choose two.)
A. fcanalyzer
B. CiscoTrafficAnalyzer
C. End-to-End Connectivity Analysis
D. Zone Merge Analysis
E. fcping
Correct Answer: CE Section: (none) Explanation Explanation/Reference:
QUESTION 26
Which feature detects hardware fault san dattempts recovery actions?
A. SwitchHealthAnalysis
B. FabricConfigurationAnalysis
C. OnlineHealthManagementSystem
D. End-to-EndConnectivityAnalysis
E. CiscoFabricServices
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Flydumps offers the most comprehensive Trainingexam with full of wonderful concepts and learning skills. The training tools on the site Flydumps.com prepares you with the same questions and answers for Cisco 642-359 from the test center.You may have seen our products.Without hesitate to procure our products. Because it is the best choice for you and even for your career in the future.We promise you 100% pass guarantee.
Where to free download the new Cisco 642-515 exam questions to pass the exam easily? Now,Flydumps has publised the new version of Cisco 642-515 exam dumps with new added exam questions.you can also get free VCE and PDF, and the new Cisco 642-515 practice tests ensure your exam 100% pass. Visit Flydumps.com to get the 100% pass ensure!
QUESTION 60
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
What is the impact of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?
A. Masks the FTP banner.
B. Tracks each FTP command and response sequence for certain anomalous activity.
C. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
D. Prevents web browsers from sending embedded commands in FTP requests.
Correct Answer: C Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 61
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which two impacts are of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?
A. Prevents all users except “root” from accessing the path /root.
B. Logs all attempts to download files from the FTP server on the inside interface.
C. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.
D. Resets connections that send embedded commands.
Correct Answer: CD Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 62
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which option is correct with regard to HTTP inspection on the Cisco Adaptive Security Appliance?
A. HTTP traffic is inspected as it enters or exits the outside interface.
B. HTTP traffic is inspected only as it enters any interface.
C. Advanced HTTP inspection is applied to traffic entering the outside interface, and basic HTTP inspection is applied to traffic entering any interface.
D. HTTP traffic is inspected as it enters or exits any interface.
Correct Answer: A Section: Firewall/Policys Explanation
Explanation/Reference: QUESTION 63
Modular Policy Framework provides a consistent and flexible way to configure security appliance features in a manner similar to Cisco IOS software QoS CLI. Your company asked you to examine the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) by use of the Cisco Adaptive Security Device Manager (ASDM).
Which step will be taken by the Cisco Adaptive Security Appliance on FTP traffic entering its outside interface?
A. Masks the FTP greeting banner.
B. Translates embedded IP addresses.
C. Blocks the FTP request commands APPE, GET, RNFR, RNTO, DELE, MKD, and RMD.
D. Prevents all users except “root” from accessing the path/root.
Correct Answer: B Section: Firewall/Policys Explanation Explanation/Reference:
QUESTION 64
Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins?
A. web-enabled applications
B. Microsoft Outlook Web Access
C. files on the network, via FTP or the CIFS protocol
D. internal websites
Correct Answer: ABCD Section: VPN Explanation
Explanation/Reference:
QUESTION 65
While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.)
A. best effort queue
B. round robin queue
C. weighted fair
D. low latency queue
Correct Answer: AD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 66
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is notenabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.
Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 67
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Correct Answer: ACD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 68
Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Study the following exhibit carefully. What does Reverse Route Injection enable in this configuration?
A. The Cisco ASA security appliance will advertise its default routes to the distant end of the site- to-site VPN tunnel.
B. The Cisco ASA security appliance will advertise routes that are at the distant end of the site-to- site VPN tunnel.
C. The Cisco ASA security appliance will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.
D. The Cisco ASA security appliance will advertise routes from the dynamic routing protocol that is running on the Cisco ASA security appliance to the distant end of the site-to-site VPN tunnel.
Correct Answer: B Section: Other Explanation
Explanation/Reference: QUESTION 69
Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.)
A. The security appliance scanning threat detection feature is based on traffic signatures.
B. The threat detection feature can help you determine the level of severity for packets that are detected and dropped by the security appliance inspection engines.
C. Because of their impact on performance, both basic threat detection and scanning threat detection are disabled by default.
D. Scanning threat detection detects network sweeps and scans and optionally takes appropriate preventative action.
Correct Answer: BD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 70
For configuring VLAN trunking on a security appliance interface, which three actions are mandatory? (Choose three.)
A. associating a logical interface with a physical interface
B. specifying a VLAN ID for asubinterface
C. specifying a name for asubinterface
D. specifying the maximum transmission unit for asubinterface
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 71
Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)
A. 802.1Q VLANs
B. OSPF dynamic routing
C. static routes
D. BGP dynamic routing
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 72
What is the reason that you want to configure VLANs on a security appliance interface?
A. for use in multiple contextmode, where you can map only VLAN interfaces to contexts
B. for use in conjunction with device-level failover to increase the reliability of your security appliance
C. to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances D. for use in transparent firewall mode, where only VLAN interfaces are used
Correct Answer: C Section: Other Explanation
Explanation/Reference:
QUESTION 73
The P4S security department would like to apply specific restrictions to one network user, Bob, because he works from home and accesses the corporate network from the outside interface of the security appliance. P4S decides to control network access for this user by using the downloadable ACL feature of the security appliance. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks should be completed in order to achieve the goal of limiting network access for Bob via downloadable ACLs? (Choose three.)
A. Configure the security appliance to use downloadable ACLs.
B. Configure the downloadable ACLs on the Cisco Secure ACS.
C. Attach the downloadable ACL to the user profile for Bob on the Cisco Secure ACS.
D. Configure the Cisco Secure ACS to use downloadable ACLs.
Correct Answer: BCD Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 74
The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.)
A. Configure a rule that specifies which traffic flow to authenticate.
B. Designate an authentication server.
C. Specifya AAA server group.
D. Configure per-user override.
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 75
Which two statements correctly describe the local user database in the security appliance? (Choose two.)
A. You can create user accounts with or without passwords in the local database.
B. You cannot use the local database for network access authentication.
C. You can configure the security appliance to lock a user out after the user meets a configured maximum number of failed authentication attempts.
D. The default privilege level for a new user is 15.
Correct Answer: AC Section: Other Explanation
Explanation/Reference: QUESTION 76
Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
A. show run ipsec sa
B. show run crypto map
C. show ipsec sa
D. show crypto map
Correct Answer: B Section: VPN Explanation
Explanation/Reference:
QUESTION 77
Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.)
A. show disk0:
B. dir
C. show flash:
D. show memory
Correct Answer: ABC Section: Other Explanation
Explanation/Reference:
QUESTION 78
Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.)
A. Downloadable ACLs enable you to store full ACLs on a AAA server and download them to the security appliance.
B. Downloadable ACLs are supported using TACACS+ or RADIUS.
C. The downloadable ACL must be attached to a user or group profile on a AAA server.
D. The security appliance supports only per-user ACL authorization.
Correct Answer: AC Section: Other Explanation
Explanation/Reference:
QUESTION 79
In the default global policy, which three traffic types are inspected by default? (Choose three.)
A. TFTP
B. FTP
C. ESMTP
D. ICMP
Correct Answer: ABC Section: Firewall/Policys Explanation
Explanation/Reference:
QUESTION 80
What does the redundant interface feature of the security appliance accomplish?
A. to increase the number of interfaces available to your network without requiring you to add additional physical interfaces or security appliances
B. to increase the reliability of your security appliance
C. to allow a VPN client to sendIPsec-protected traffic to another VPN user by allowing such traffic in and out of the same interface
D. to facilitate out-of-band management
Correct Answer: B Section: Other Explanation
Explanation/Reference:
Preparing Cisco 642-515 exam is not difficult now.You can prepare from Cisco 642-515 Certification or Cisco 642-515 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-515 study material notes for test preparation.Latest Cisco 642-515 study material available.