[The Newest Dumps] Real Cisco 642-515 exam dumps revised by experts, they were updated with the change of the Cisco 642-515 ,covering all the whole aspects of Cisco 642-515 exam. Just have a training of Flydumps Cisco 642-515 exam questions to guarantee your 100% pass
QUESTION 51
The IT department of your company must perform a custom-built TCP application within the clientless SSL
VPN portal configured on your Cisco ASA security appliance. The application should be run by users who
have either guest or normal user mode privileges.
In order to allow this application to run, how to configure the clientless SSL VPN portal?
A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application
Correct Answer: A Section: VPN Explanation
Explanation/Reference:
QUESTION 52
Which major benefit do digital certificates provide when deploying IPsec VPN tunnels?
A. Resiliency
B. Obfuscation
C. Simplification
D. Scalability
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. As the administrator of a Cisco ASA security appliance for remote access IPsec VPNs,
you are assisting a user who has a digital certificate that is configured for the Cisco VPN Client.
Based on the exhibit, how would you find the MD5 and SHA-1 thumb print of the certificate?
A. Choose the certificate and then click the Certificate drop-down menu.
B. Choose the certificate and then click Options > Properties.
C. Choose the certificate and then click the View button.
D. Choose the certificate and then click the Verify button.
Correct Answer: C Section: Cert Authentication Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which will use digital certificates for authentication. Which protocol will the Cisco VPN client use to retrieve the digital certificate from the CA server?
A. FTP
B. HTTPS
C. TFTP
D. LDAP
E. SCEP
Correct Answer: E Section: Cert Authentication Explanation
Explanation/Reference:
QUESTION 55
Refer to the exhibit. A junior Cisco ASA security appliance administrator has asked for your help in configuring a Cisco ASA security appliance for an identity certificate to be used for IPsec VPNs. Based on the two Cisco ASDM configuration screens that are shown, what is needed to configure the Cisco ASA security appliance for an identity certificate?
Exhibit:
A. To retrieve an identity certificate, a new pair of RSA keys must be created.
B. To retrieve an identity certificate, the Cisco ASA security appliance must have the certificate of the CA.
C. To retrieve an identity certificate, the common name must be an FQDN.
D. The Cisco ASA security appliance doesn’t need to retrieve an identity certificate. It can use a self-signed identity certificate for IPsec.
E. Because of the lack of a CA certificate, the administrator must import the identity certificate from a file.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 56
SSL VPNs can provide increased flexibility over IPsec VPNs, based on the location of the client and ownership of the endpoint. However, security of the endpoint is a potential problem. Which three of these potential security issues can the Cisco ASA security appliance address through SSL VPN policies or features? (Select three.)
A. SSL attacks
B. Malware
C. Phishing
D. Spoofing
E. Viruses
F. Spyware
Correct Answer: BEF Section: (none) Explanation
Explanation/Reference:
QUESTION 57
You have been tasked with configuring access for development partners using the clientless SSL VPN portal on your Cisco ASA security appliance. These partners need access to the desktop of internal development servers. Which three of these configurations for the clientless SSL VPN portal would allow these partners to access the desktop of remote servers? (Choose three.)
A. RDP bookmark using the RDP plug-in
B. Xwindows bookmark using the Xwindows plug-in
C. Telnet bookmark using the Telnet plug-in
D. Citrix plugin using the Citrix plug-in
E. SSH bookmark using the SSH plug-in
F. VNC bookmark using the VNC plug-in
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 58
You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems?
A. The DSCP, expedite forward, ef (46), was used to determine unified communications traffic within the Service Policy Rule Wizard.
B. The tunnel group and DSCP traffic matching criteria were configured within the Service Policy Rule Wizard.
C. Both a policing and priority queue must be applied on the interface to expedite the voice and control data flows.
D. A priority queue must be created on the interface where the site-to-site VPN tunnel is terminated.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59
You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which two actions does the Cisco Adaptive Security Applicance take on HTTP traffic entering its outside interface? (Choose two.)
A. Drops HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
B. Logs HTTP request messages whose request method is post and whose user-agent field contains either the string Some_New_P2P_Client1 or the string Some_New_P2P_Client2.
Correct Answer: AB Section: Case Study Explanation
Explanation/Reference:
QUESTION 60
You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
What is the effect of the FTP inspection policy named MY-FTP-MAP on FTP traffic entering the partnernet interface?
A. Has no effect on the behavior of the Cisco Adaptive Security Appliance.
Correct Answer: A Section: Case Study Explanation
Explanation/Reference:
QUESTION 61
You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
What are the two effects of the policy map named PARTNERNET-POLICY on FTP traffic entering the partnernet interface?
A. Resets connections that send embedded commands.
B. Blocks the FTP request commands DELE, MKD, PUT, RMD, RNFR, and RNTO.
Correct Answer: AB Section: Case Study Explanation
Explanation/Reference:
QUESTION 62
You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which statement is true about HTTP inspection on the Cisco Adaptive Security Appliance?
A. HTTP traffic is inspected as it enters or exits the outside interface.
Correct Answer: A Section: Case Study Explanation
Explanation/Reference:
QUESTION 63
You have been tasked with examining the current Cisco Modular Policy Framework configurations on the LA-ASA Cisco Adaptive Security Appliance (ASA) using the Cisco Adaptive Security Device Manager (ASDM). Answer the multiple-choice questions in this simulation using the appropriate Cisco ASDM configuration screens.
Which action does the Cisco Adaptive Security Appliance take on FTP traffic entering its outside interface?
A. Translates embedded IP addresses.
Correct Answer: A Section: Case Study Explanation
Explanation/Reference:
Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, Cisco 642-515 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-515 exam the first time.