642-515 - Securing Networks with ASA Advanced

Go back to Cisco

Example Questions

Which three features can the Cisco ASA adaptive security appliance support? (Choose three.) Which three commands can display the contents of flash memory on the Cisco ASA adaptive security appliance? (Choose three.) Which two statements about the downloadable ACL feature of the security appliance are correct? (Choose two.) Recently, a branch office of your company has upgraded its network by changing the network topology of the branch, and the site-to-site VPN tunnel that runs between the branch and the corporate office has been reconfigured to perform Reverse Route Injection to accommodate the recent change. You are performing OSPF between the corporate Cisco ASA security appliance and routers on the internal network. Assume that the VPN configuration is correct, which step will be taken on the corporate Cisco ASA security appliance to make sure that these new routes are visible to internal routers running OSPF? The security department of the P4S company wants to configure cut-through proxy authentication via RADIUS to require users to authenticate before accessing the corporate DMZ servers. Which three tasks are needed to achieve this goal? (Choose three.) An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. After configuring port forwarding for a clientless SSL VPN connection, if port forwarding is to work, which end user privilege level is required at the endpoint? While implementing QoS, which two types of queues are available on the Cisco ASA security appliance? (Choose two.) In the default global policy, which three traffic types are inspected by default? (Choose three.) For the following commands, which one causes the Cisco CSC-SSM to load a new software image from a remote TFTP server, via the CLI? For configuring VLAN trunking on a security appliance interface, which three actions are mandatory? (Choose three.) The P4S security department would like to apply specific restrictions to one network user, Bob, because he works from home and accesses the corporate network from the outside interface of the security appliance. P4S decides to control network access for this user by using the downloadable ACL feature of the security appliance. Authentication of inbound traffic is already configured on the security appliance, and Bob already has a user account on the Cisco Secure ACS. Which three tasks should be completed in order to achieve the goal of limiting network access for Bob via downloadable ACLs? (Choose three.) You are the administrator for Cisco ASA security appliances that are used for site-to-site VPNs between remote and corporate offices. You have used the Service Policy Rule Wizard within ASDM to configure low-latency queuing for unified communications on all the appropriate ASAs. Users are still having issues with unified communications between the remote and corporate offices. Assuming that the Cisco Unified Communications equipment is functioning properly and that the VPN configurations are correct, which of these choices is most likely the cause of the problems? Annie is a network administrator of her company. She is responsible for a Cisco ASA security appliance. Using a valid identity certificate from her certificate authority, she has created the necessary configuration for remote-access VPN tunnels by use of the IPsec VPN Wizard. When she tests the remote-access VPN, the VPN tunnel does not come up. If the remote-access VPN configuration created by the wizard is correct and valid certificates are being used by the Cisco ASA security appliance and Cisco VPN Client, which corrective action should be configured or corrected for the VPN tunnel to come up properly? Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.) You are the network administrator of your company. You would like to add SSL VPN Cisco AnyConnect VPN Client for use by remote users. After checking the Cisco software download site, you discovered a number of different versions of Cisco AnyConnect VPN Client Software available for download. If you know the Cisco ASA Adaptive Security Appliance Software version and the remote user's PC operating system, how to determine the appropriate version of Cisco AnyConnect VPN Client to download? The IT department of your company must perform a custom-built TCP application within the clientless SSL VPN portal configured on your Cisco ASA security appliance. The application should be run by users who have either guest or normal user mode privileges. In order to allow this application to run, how to configure the clientless SSL VPN portal? Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance? Which two statements correctly describe the local user database in the security appliance? (Choose two.) While using IPsec VPN tunnels, which primary benefit is provided by digital certificates? Which options can a clientless SSL VPN user access from a web browser without port forwarding, smart tunnels, or browser plug-ins? The Cisco ASA 5520 Adaptive Security Appliance delivers a wide range of security services with Active/Active high availability and Gigabit Ethernet connectivity for medium-sized enterprise networks, in a modular, high performance appliance. You have configured a Cisco ASA 5520 Adaptive Security Appliance as a Easy VPN hardware client. But from within Cisco ASDM, you cannot find the Easy VPN Remote configuration option within the Remote Access VPN menu. What is the reason that you can not find this configuration option within Cisco ASDM on the ASA 5520 Adaptive Security Appliance? What does the redundant interface feature of the security appliance accomplish? What is the reason that you want to configure VLANs on a security appliance interface? Cisco Secure Desktop, an innovative feature found in Cisco's WebVPN solutions, can help organizations respond to government regulations for data protection by safeguarding the privacy and security of confidential information. After configuring Cisco Secure Desktop on your Cisco ASA security appliance, you should configure Cisco Secure Desktop to run Host Scan checks on the remote endpoint. Which three available Basic Host Scan checks can be configured? (Choose three.) Which two options are correct about the threat detection feature of the Cisco ASA adaptive security appliance? (Choose two.) Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.) You have been tasked to configure your Cisco ASA security appliance for multiple VLANs that use one physical interface. You must make sure that the switch in which the physical Cisco ASA security appliance interface is connected has been configured for the appropriate VLAN tagging protocol. Which VLAN tagging protocol will the Cisco ASA security appliance use to communicate with this switch?

Study Guides