Cisco642515最新题库.docx
《Cisco642515最新题库.docx》由会员分享,可在线阅读,更多相关《Cisco642515最新题库.docx(27页珍藏版)》请在冰点文库上搜索。
![Cisco642515最新题库.docx](https://file1.bingdoc.com/fileroot1/2023-5/5/7199847b-bdc9-4677-a176-b8b4f3bd4538/7199847b-bdc9-4677-a176-b8b4f3bd45381.gif)
Cisco642515最新题库
642-515SecuringNetworkswithASAAdvanced
Number:
642-515
QUESTION1
Refertotheexhibit.YouareconfiguringaCiscoASAsecurityappliancetoparticipateinaVPNcluster.
Basedontheexhibit,towhichvaluewouldyousettheprioritytoincreasethechancesofthisCiscoASAsecurityappliancebecomingtheclustermaster?
A.
0
B.
1
C.
10
D.
100
Answer:
C
Section:
(none)
Explanation/Reference:
QUESTION2
Refertotheexhibit.YouaretheadministratorofmultipleremoteCiscoASAsecurityappliances,securityappliancesforSSLVPNsandarerequiringaclientcertificate,asshown.
HowwouldthisconfigurationaffectyournextASDMconnectiontothisCiscoASAsecurityappliance?
A.
Youwouldbeaskedtopresentanidentitycertificate.Ifyoudidnothaveone,theCiscoASAsecurityappliancewouldpromptyouforauthenticationcredentials,consistingofausernameandpassword.
B.
YourconnectionwouldbehandledthewayitisalwayshandledbythisCiscoASAsecurityappliance.
C.
YouwouldberequiredtodownloadtheidentitycertificateoftheremoteCiscoASAsecurityappliance.
D.
YouwouldberequiredtohaveanidentitycertificatethattheCiscoASAsecurityappliancecanuseforauthentication.
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION3
Refertotheexhibit.YouaretheadministratorofacorporateCiscoASAsecurityappliancewithaCiscoASAAIP-SSM.YouhavebeentaskedtodeploytheAIP-SSMtoprotectcorporateDMZwebservers.TheAIP-SSMhasbeenconfigured,andaservicepolicyhasbeenconfiguredtoidentifythetrafficthatistobepassedtotheAIP-SSM.
OnwhichtwointerfaceswouldapplicationoftheservicepolicyfortheAIP-SSMbemosteffectivewhilecausingtheleastamountofimpacttoCiscoASAsecurityapplianceperformance?
(Choosetwo.)
A.
Insideinterface
B.
Dmzinterface
C.
Internetinterface
D.
Globallyonallinterfaces
E.
Outsideinterface
Answer:
BE
Section:
(none)
Explanation/Reference:
QUESTION4
Refertotheexhibit.YouareconfiguringtheCiscoASAsecurityapplianceasthehubinahub-and-spokesite-to-siteVPN.
Whichoftheseconfigurationswillenabletraffictoflowbetweenspokes?
Exhibit:
A.
B.
C.
D.
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION5
Refertotheexhibit.YouhaveconfiguredaLayer7policymaptomatchthesizeofHTTPheaderfieldsthataretraversingthenetwork.
Basedonthisconfiguration,willHTTPheadersthataregreaterthan200bytesbelogged?
policy-maptypeinspecthttpTEST
parameters
matchrequestheaderlengthgt100
reset
matchrequestheaderlengthgt200
log
A.
No,becausetheresetactionforheadersgreaterthan100byteswouldbethefirstmatch.
B.
Yes,becausetheresetactionforheadersgreaterthan100bytesandthelogactionforheadersgreaterthan200byteswouldbothbeapplied.
C.
No,becauseresetorlogactionsareapartoftheservicepolicyandtheLayer7policymap.
D.
Yes,becausethelogactionforheadersgreaterthan200byteswouldbethelastmatch.
Answer:
A
Section:
(none)
Explanation/Reference:
QUESTION6
Refertotheexhibit.ThenetworksecurityadministratorforXYZCorporationwantstoconfigurethecorporateCiscoASAsecurityappliancetotakethefollowingactionsonitsoutsideinterface:
--ratelimitallIPtrafficfromtelecommutingsystemengineerstotheinsidehost
--dropallHTTPrequestsfromtheInternettothewebserverthathaveabodylengthgreaterthan1000bytes
--preventusersonnetwork192.168.6.0/24fromusingtheFTPPUTcommandtostore.exefilesontheFTPserver
WhichsetofModularPolicyFrameworkcomponentswillbeinvolvedinaccomplishingthisgoal?
A.
OneLayer7classmap,twoLayer7policymaps,threeLayer3/4classmaps,oneLayer3/4policymap
B.
OneLayer7classmap,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap
C.
TwoLayer7classmaps,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap
D.
ThreeLayer7policymaps,oneLayer3/4classmap,oneLayer3/4policymap
Answer:
A
Section:
(none)
Explanation/Reference:
QUESTION7
Refertotheexhibit.YouhaveconfiguredaCiscoASA5505AdaptiveSecurityApplianceasanEasyVPNhardwareclient.Duringtheconfiguration,youdefinedalistofbackupserversforthesecurityappliancetouse.AfterafewhoursofbeingconnectedtotheprimaryVPNserver,thesecurityappliancefails.YounoticethatyourEasyVPNhardwareclienthasnowconnectedtoabackupserverthatisnotdefinedwithintheconfigurationoftheclient.
WheredidyourEasyVPNhardwareclientgetthisbackupserver?
A.
Thebackupserversthatyoulistedwerenolongeravailable,sotheEasyVPNhardwareclientusedthelistofbackupserversthatitretrievedfromtheprimaryserver.
B.
ThegrouppolicythatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNclientandoverwrotethelistofbackupserversthatyouhadconfigured.
C.
TheconnectionprofilethatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNhardwareclientandoverwrotethelistofbackupserversthatyouhadconfigured.
D.
ThebackupserversthatyoulistedwerenotconfiguredasVPNservers,sotheEasyVPNhardwareclientusedthelistofbackupserversretrievedfromtheprimaryserver.
Answer:
B
Section:
(none)
Explanation/Reference:
QUESTION8
Refertotheexhibit.YouaretheadministratorofaCiscoASAsecurityappliancethatisconfiguredwithalocalCA.
Basedontheexhibit,forwhichpurposewouldtheuserstudent1usethispassword?
A.
AuthenticationtotheSSLVPNserver
B.
RetrievalofthedigitalcertificatefromthelocalCAontheCiscoASAsecurityappliance
C.
RetrievaloftheCiscoASAsecurityapplianceidentitycertificate
D.
TheinitialauthenticationtotheSSLVPNserver
Answer:
B
Section:
(none)
Explanation/Reference:
QUESTION9
Observethefollowingexhibitcarefully.WhenTCPconnectionsaretunneledoveranotherTCPconnectionandlatencyexistsbetweenthetwoendpoints,eachTCPsessionwouldtriggeraretransmission,whichcanquicklyspiraloutofcontrolwhenthelatencyissuespersist.ThisissueisoftencalledTCP-over-TCPmeltdown.
AccordingtothepresentedCiscoASDMconfiguration,whichCiscoASAsecurityapplianceconfigurationwillmostlikelysolvethisproblem?
A.
Compression
B.
MTUsizeof500
C.
KeepaliveMessages
D.
DatagramTLS
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION10
Refertotheexhibit.YouhavebeentaskedwithconfiguringyourCiscoASAsecurityapplianceforEIGRProuting.
Basedontheinformationthatisprovidedintheexhibit,whichtwoCiscoASDMconfigurationswilladdthesenetworkstotheconfigurationofEIGRP?
(Choosetwo.)
A.
B.
C.
D.
E.
F.
Answer:
AE
Section:
(none)
Explanation/Reference:
ThetwonetworkswheretheASisthesame.
QUESTION11
WhichtwoofthesechoicesaretypesofqueuesavailableontheCiscoASAsecurityappliancewhenimplementingQoS?
(Choosetwo.)
A.
Weightedfairqueue
B.
Lastinfirstoutqueue
C.
Policingqueue
D.
Lowlatencyqueue
E.
Customqueue
F.
Besteffortqueue
G.
Roundrobinqueue
Answer:
DF
Section:
(none)
Explanation/Reference:
QUESTION12
Refertotheexhibit.TheFTPinspectionmapnamedL7FTPPOLICYisappliedtotheoutsideinterfaceofthesecurityappliance.
Asaresultofthisconfiguration,whichofthefollowingactionsdoesthesecurityappliancetakeonFTPtrafficenteringitsoutsideinterface?
A.
ResetsandlogsconnectionsfromanyuserwhoattemptstoretrievefilesviaFTP;resetsconnectionsfromuserswhoattempttodeliverfilesviaFTP
B.
ResetsconnectionsfromanduserswhentheyattempttoretrievefilesviaFTP;logsanyuserconnectionsthatattempttodeliverfilesviaFTP
C.
ResetsandlogsconnectionsfromuserswhentheyattempttoretrievefilesviaFTP;resetsallFTPconnectionsfromusers;resetsanyuserconnectionsthatattempttodeliverfilesviaFTP
D.
ResetsandlogsconnectionsfromusersonlywhentheyattempttoretrievefilesviaFTP:
resetsconnectionsfromusersonlywhentheyattempttodeliverfilesviaFTP
Answer:
C
Section:
(none)
Explanation/Reference:
QUESTION13
WhichtwointernalchannelsareusedforcommunicationbetweentheCiscoASAAIP-SSMandtheCiscoASAsecurityappliance?
(Choosetwo.)
A.
Sessionchannel
B.
Commandchannel
C.
Inlinechannel
D.
Promiscuouschannel
E.
Controlchannel
F.
Datachannel
Answer:
EF
Section:
(none)
Explanation/Reference:
QUESTION14
Refertotheexhibit.Anadministratoriseditinguser-specificpolicy.TheadministratorhasconfiguredagrouppolicyforSalestousetheIPaddresspoolthatisdefinedbythepoolVPNPOOLandtoallowasmanyasthreesimultaneouslogins.
Basedontheexhibit,whenthisuserconnects,whatwillbetheIPaddressassignedtotheconnectionandwhatwillbethenumberofsimultaneousloginsallowedforthisuser?
(Choosetwo.)
A.
TheuserwillreceiveanIPaddressfromtheVPNPOOL.
B.
Theuserwillbeallowedtomakeonlyoneconnection.
C.
Theuserwillbeallowedtomakeconnectionsuptothelimitthatisdefinedinthedefaultgrouppolicy.
D.
TheuserwillbeassignedtheIPaddressfromtheuser-specificpolicy.
E.
Theuserwillbeallowedtomakeasmanyasthreesimultaneousconnections
F.
TheuserwillreceiveanIPaddressfromtheaddresspoolthatisdefinedinthedefaultgrouppolicy.
Answer:
BD