收藏
下载资源下载资源 加入VIP,免费下载

Cisco642515最新题库.docx

上传人:b****2 文档编号:3196922 上传时间:2023-05-05 格式:DOCX 页数:27 大小:1,017.63KB
下载 相关 举报
Cisco642515最新题库.docx_第1页
第1页 / 共27页
Cisco642515最新题库.docx_第2页
第2页 / 共27页
Cisco642515最新题库.docx_第3页
第3页 / 共27页
Cisco642515最新题库.docx_第4页
第4页 / 共27页
Cisco642515最新题库.docx_第5页
第5页 / 共27页
Cisco642515最新题库.docx_第6页
第6页 / 共27页
Cisco642515最新题库.docx_第7页
第7页 / 共27页
Cisco642515最新题库.docx_第8页
第8页 / 共27页
Cisco642515最新题库.docx_第9页
第9页 / 共27页
Cisco642515最新题库.docx_第10页
第10页 / 共27页
Cisco642515最新题库.docx_第11页
第11页 / 共27页
Cisco642515最新题库.docx_第12页
第12页 / 共27页
Cisco642515最新题库.docx_第13页
第13页 / 共27页
Cisco642515最新题库.docx_第14页
第14页 / 共27页
Cisco642515最新题库.docx_第15页
第15页 / 共27页
Cisco642515最新题库.docx_第16页
第16页 / 共27页
Cisco642515最新题库.docx_第17页
第17页 / 共27页
Cisco642515最新题库.docx_第18页
第18页 / 共27页
Cisco642515最新题库.docx_第19页
第19页 / 共27页
Cisco642515最新题库.docx_第20页
第20页 / 共27页
亲,该文档总共27页,到这儿已超出免费预览范围,如果喜欢就下载吧!
下载资源
资源描述

Cisco642515最新题库.docx

《Cisco642515最新题库.docx》由会员分享,可在线阅读,更多相关《Cisco642515最新题库.docx(27页珍藏版)》请在冰点文库上搜索。

Cisco642515最新题库.docx

Cisco642515最新题库

642-515SecuringNetworkswithASAAdvanced

 

Number:

642-515

QUESTION1

Refertotheexhibit.YouareconfiguringaCiscoASAsecurityappliancetoparticipateinaVPNcluster.

Basedontheexhibit,towhichvaluewouldyousettheprioritytoincreasethechancesofthisCiscoASAsecurityappliancebecomingtheclustermaster?

 

A.

0

B.

1

C.

10

D.

100

Answer:

C

Section:

(none)

Explanation/Reference:

 

QUESTION2

Refertotheexhibit.YouaretheadministratorofmultipleremoteCiscoASAsecurityappliances,securityappliancesforSSLVPNsandarerequiringaclientcertificate,asshown.

HowwouldthisconfigurationaffectyournextASDMconnectiontothisCiscoASAsecurityappliance?

 

A.

Youwouldbeaskedtopresentanidentitycertificate.Ifyoudidnothaveone,theCiscoASAsecurityappliancewouldpromptyouforauthenticationcredentials,consistingofausernameandpassword.

B.

YourconnectionwouldbehandledthewayitisalwayshandledbythisCiscoASAsecurityappliance.

C.

YouwouldberequiredtodownloadtheidentitycertificateoftheremoteCiscoASAsecurityappliance.

D.

YouwouldberequiredtohaveanidentitycertificatethattheCiscoASAsecurityappliancecanuseforauthentication.

Answer:

D

Section:

(none)

Explanation/Reference:

 

QUESTION3

Refertotheexhibit.YouaretheadministratorofacorporateCiscoASAsecurityappliancewithaCiscoASAAIP-SSM.YouhavebeentaskedtodeploytheAIP-SSMtoprotectcorporateDMZwebservers.TheAIP-SSMhasbeenconfigured,andaservicepolicyhasbeenconfiguredtoidentifythetrafficthatistobepassedtotheAIP-SSM.

OnwhichtwointerfaceswouldapplicationoftheservicepolicyfortheAIP-SSMbemosteffectivewhilecausingtheleastamountofimpacttoCiscoASAsecurityapplianceperformance?

(Choosetwo.)

 

A.

Insideinterface

B.

Dmzinterface

C.

Internetinterface

D.

Globallyonallinterfaces

E.

Outsideinterface

Answer:

BE

Section:

(none)

Explanation/Reference:

 

QUESTION4

Refertotheexhibit.YouareconfiguringtheCiscoASAsecurityapplianceasthehubinahub-and-spokesite-to-siteVPN.

Whichoftheseconfigurationswillenabletraffictoflowbetweenspokes?

Exhibit:

A.

B.

C.

D.

Answer:

D

Section:

(none)

Explanation/Reference:

 

QUESTION5

Refertotheexhibit.YouhaveconfiguredaLayer7policymaptomatchthesizeofHTTPheaderfieldsthataretraversingthenetwork.

Basedonthisconfiguration,willHTTPheadersthataregreaterthan200bytesbelogged?

policy-maptypeinspecthttpTEST

parameters

matchrequestheaderlengthgt100

reset

matchrequestheaderlengthgt200

log

 

A.

No,becausetheresetactionforheadersgreaterthan100byteswouldbethefirstmatch.

B.

Yes,becausetheresetactionforheadersgreaterthan100bytesandthelogactionforheadersgreaterthan200byteswouldbothbeapplied.

C.

No,becauseresetorlogactionsareapartoftheservicepolicyandtheLayer7policymap.

D.

Yes,becausethelogactionforheadersgreaterthan200byteswouldbethelastmatch.

Answer:

A

Section:

(none)

Explanation/Reference:

 

QUESTION6

Refertotheexhibit.ThenetworksecurityadministratorforXYZCorporationwantstoconfigurethecorporateCiscoASAsecurityappliancetotakethefollowingactionsonitsoutsideinterface:

--ratelimitallIPtrafficfromtelecommutingsystemengineerstotheinsidehost

--dropallHTTPrequestsfromtheInternettothewebserverthathaveabodylengthgreaterthan1000bytes

--preventusersonnetwork192.168.6.0/24fromusingtheFTPPUTcommandtostore.exefilesontheFTPserver

WhichsetofModularPolicyFrameworkcomponentswillbeinvolvedinaccomplishingthisgoal?

 

A.

OneLayer7classmap,twoLayer7policymaps,threeLayer3/4classmaps,oneLayer3/4policymap

B.

OneLayer7classmap,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap

C.

TwoLayer7classmaps,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap

D.

ThreeLayer7policymaps,oneLayer3/4classmap,oneLayer3/4policymap

Answer:

A

Section:

(none)

Explanation/Reference:

 

QUESTION7

Refertotheexhibit.YouhaveconfiguredaCiscoASA5505AdaptiveSecurityApplianceasanEasyVPNhardwareclient.Duringtheconfiguration,youdefinedalistofbackupserversforthesecurityappliancetouse.AfterafewhoursofbeingconnectedtotheprimaryVPNserver,thesecurityappliancefails.YounoticethatyourEasyVPNhardwareclienthasnowconnectedtoabackupserverthatisnotdefinedwithintheconfigurationoftheclient.

WheredidyourEasyVPNhardwareclientgetthisbackupserver?

 

A.

Thebackupserversthatyoulistedwerenolongeravailable,sotheEasyVPNhardwareclientusedthelistofbackupserversthatitretrievedfromtheprimaryserver.

B.

ThegrouppolicythatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNclientandoverwrotethelistofbackupserversthatyouhadconfigured.

C.

TheconnectionprofilethatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNhardwareclientandoverwrotethelistofbackupserversthatyouhadconfigured.

D.

ThebackupserversthatyoulistedwerenotconfiguredasVPNservers,sotheEasyVPNhardwareclientusedthelistofbackupserversretrievedfromtheprimaryserver.

Answer:

B

Section:

(none)

Explanation/Reference:

 

QUESTION8

Refertotheexhibit.YouaretheadministratorofaCiscoASAsecurityappliancethatisconfiguredwithalocalCA.

Basedontheexhibit,forwhichpurposewouldtheuserstudent1usethispassword?

 

A.

AuthenticationtotheSSLVPNserver

B.

RetrievalofthedigitalcertificatefromthelocalCAontheCiscoASAsecurityappliance

C.

RetrievaloftheCiscoASAsecurityapplianceidentitycertificate

D.

TheinitialauthenticationtotheSSLVPNserver

Answer:

B

Section:

(none)

Explanation/Reference:

 

QUESTION9

Observethefollowingexhibitcarefully.WhenTCPconnectionsaretunneledoveranotherTCPconnectionandlatencyexistsbetweenthetwoendpoints,eachTCPsessionwouldtriggeraretransmission,whichcanquicklyspiraloutofcontrolwhenthelatencyissuespersist.ThisissueisoftencalledTCP-over-TCPmeltdown.

AccordingtothepresentedCiscoASDMconfiguration,whichCiscoASAsecurityapplianceconfigurationwillmostlikelysolvethisproblem?

 

A.

Compression

B.

MTUsizeof500

C.

KeepaliveMessages

D.

DatagramTLS

Answer:

D

Section:

(none)

Explanation/Reference:

 

QUESTION10

Refertotheexhibit.YouhavebeentaskedwithconfiguringyourCiscoASAsecurityapplianceforEIGRProuting.

Basedontheinformationthatisprovidedintheexhibit,whichtwoCiscoASDMconfigurationswilladdthesenetworkstotheconfigurationofEIGRP?

(Choosetwo.)

A.

B.

C.

D.

E.

F.

Answer:

AE

Section:

(none)

Explanation/Reference:

ThetwonetworkswheretheASisthesame.

 

QUESTION11

WhichtwoofthesechoicesaretypesofqueuesavailableontheCiscoASAsecurityappliancewhenimplementingQoS?

(Choosetwo.)

A.

Weightedfairqueue

B.

Lastinfirstoutqueue

C.

Policingqueue

D.

Lowlatencyqueue

E.

Customqueue

F.

Besteffortqueue

G.

Roundrobinqueue

Answer:

DF

Section:

(none)

Explanation/Reference:

 

QUESTION12

Refertotheexhibit.TheFTPinspectionmapnamedL7FTPPOLICYisappliedtotheoutsideinterfaceofthesecurityappliance.

Asaresultofthisconfiguration,whichofthefollowingactionsdoesthesecurityappliancetakeonFTPtrafficenteringitsoutsideinterface?

 

A.

ResetsandlogsconnectionsfromanyuserwhoattemptstoretrievefilesviaFTP;resetsconnectionsfromuserswhoattempttodeliverfilesviaFTP

B.

ResetsconnectionsfromanduserswhentheyattempttoretrievefilesviaFTP;logsanyuserconnectionsthatattempttodeliverfilesviaFTP

C.

ResetsandlogsconnectionsfromuserswhentheyattempttoretrievefilesviaFTP;resetsallFTPconnectionsfromusers;resetsanyuserconnectionsthatattempttodeliverfilesviaFTP

D.

ResetsandlogsconnectionsfromusersonlywhentheyattempttoretrievefilesviaFTP:

resetsconnectionsfromusersonlywhentheyattempttodeliverfilesviaFTP

Answer:

C

Section:

(none)

Explanation/Reference:

 

QUESTION13

WhichtwointernalchannelsareusedforcommunicationbetweentheCiscoASAAIP-SSMandtheCiscoASAsecurityappliance?

(Choosetwo.)

A.

Sessionchannel

B.

Commandchannel

C.

Inlinechannel

D.

Promiscuouschannel

E.

Controlchannel

F.

Datachannel

Answer:

EF

Section:

(none)

Explanation/Reference:

 

QUESTION14

Refertotheexhibit.Anadministratoriseditinguser-specificpolicy.TheadministratorhasconfiguredagrouppolicyforSalestousetheIPaddresspoolthatisdefinedbythepoolVPNPOOLandtoallowasmanyasthreesimultaneouslogins.

Basedontheexhibit,whenthisuserconnects,whatwillbetheIPaddressassignedtotheconnectionandwhatwillbethenumberofsimultaneousloginsallowedforthisuser?

(Choosetwo.)

 

A.

TheuserwillreceiveanIPaddressfromtheVPNPOOL.

B.

Theuserwillbeallowedtomakeonlyoneconnection.

C.

Theuserwillbeallowedtomakeconnectionsuptothelimitthatisdefinedinthedefaultgrouppolicy.

D.

TheuserwillbeassignedtheIPaddressfromtheuser-specificpolicy.

E.

Theuserwillbeallowedtomakeasmanyasthreesimultaneousconnections

F.

TheuserwillreceiveanIPaddressfromtheaddresspoolthatisdefinedinthedefaultgrouppolicy.

Answer:

BD

展开阅读全文
相关资源
猜你喜欢
相关搜索
资源标签

当前位置:首页 > 解决方案 > 学习计划

copyright@ 2008-2023 冰点文库 网站版权所有

经营许可证编号:鄂ICP备19020893号-2