642-515 Free Sample Download, Cisco Certification Exam Demos

	Adobe
	Apple
	Avaya
	BlackBerry
	Check Point
	Cisco
	Citrix
	CIW
	CompTIA
	CWNP
	EC-Council
	EMC
	Exin
	Hewlett Packard
	IBM
	ISC
	ISEB
	Juniper Networks
	LPI
	Microsoft
	Network Appliance
	Nortel
	Novell
	Oracle
	PMI
	RedHat
	RSA Security
	SAP
	Sun
	Symantec
	Tibco
	VMWare

Cisco 642-515 Exam - Cheat-Test.com

Free 642-515 Sample Questions:

1. The following exhibit shows a Cisco ASA security appliance configured to participate in a VPN cluster. According to the exhibit, to which value will you set the priority to increase the chances of this Cisco ASA security appliance becoming the cluster master?

A. 100
B. 0
C. 10
D. 1
Answer: C

2. Tom works as a network administrator for the CISCO company. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status. Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?
A. failover reset
B. failover primary active
C. failover active
D. failover exec standby
Answer: C

3. Which two statements are true about multiple context mode? (Choose two.)
A. Multiple context mode does not support IPS, IPsec, and SSL VPNs, or dynamic routing protocols.
B. Multiple context mode enables you to create multiple independent virtual firewalls with their own security policies and interfaces.
C. Multiple context mode enables you to add to the security appliance a hardware module that supports up to four independent virtual firewalls.
D. When you convert from single mode to multiple mode, the security appliance automatically adds an entry for the admin context to the system configuration with the name "admin."
Answer: B, D

4. Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
B. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.
C. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate clientserver connections through the security appliance.
D. If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Answer: B, C, D

5. Study the following exhibit carefully. You work as the network administrator of a corporate Cisco ASA security appliance with a Cisco ASA AIPSSM. You are asked to use the AIPSSM to protect corporate DMZ web servers. The AIPSSM has been configured, and a service policy has been configured to identify the traffic to be passed to the AIPSSM.
On which two interfaces would application of the service policy for the AIPSSM be most effective while causing the least amount of impact to Cisco ASA security appliance performance? (Choose two.)

A. Internet interface
B. dmz interface
C. globally on all interfaces
D. outside interface
Answer: B, D

6. Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A, C, D

7. Which two options are correct about the impacts of this configuration? (Choose two.)
classmap INBOUND_HTTP_TRAFFIC
match accesslist TOINSIDEHOST
classmap OUTBOUND_HTTP_TRAFFIC match accesslist TOOUTSIDEHOST policymap MYPOLICY
class INBOUND_HTTP_TRAFFIC
inspect http
set connection connmax 100
policymap MYOTHERPOLICY
class OUTBOUND_HTTP_TRAFFIC
inspect http
servicepolicy MYOTHERPOLICY interface inside servicepolicy MYPOLICY interface outside
A. Traffic that matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
B. Traffic that enters the security appliance through the inside interface is subject to HTTP inspection.
C. Traffic that enters the security appliance through the outside interface and matches access control list TOINSIDEHOST is subject to HTTP inspection and maximum connection limits.
D. Traffic that enters the security appliance through the inside interface and matches access control list TOOUTSIDEHOST is subject to HTTP inspection.
Answer: C, D

8. Refer to the exhibit. You have configured a Layer 7 policy map to match the size of HTTP header fields that are traversing the network. Based on this configuration, will HTTP headers that are greater than 200 bytes be logged?

A. No, because the reset action for headers greater than 100 bytes would be the first match.
B. Yes, because the log action for headers greater than 200 bytes would be the last match.
C. Yes, because the reset action for headers greater than 100 bytes and the log action for headers greater than 200 bytes would both be applied.
D. No, because reset or log actions are a part of the service policy and the Layer 7 policy map.
Answer: A

9. What is the reason that you want to configure VLANs on a security appliance interface?
A. for use in conjunction with devicelevel failover to increase the reliability of your security appliance
B. for use in transparent firewall mode, where only VLAN interfaces are used
C. to increase the number of interfaces available to the network without adding additional physical interfaces or security appliances
D. for use in multiple context mode, where you can map only VLAN interfaces to contexts
Answer: C

10. You work as a network security administrator for your company. Now, you are asked to configure the corporate Cisco ASA security appliance to take the following steps on its outside interface:
rate limit all IP traffic from telecommuting system engineers to the insidehost
drop all HTTP requests from the Internet to the web server that have a body length greater than 1000 bytes
prevent users on network 192.168.6.0/24 from using the FTP PUT command to store .exe files on the FTP server
In order to achieve this objective, which set of Modular Policy Framework components will be included?

A. one Layer 7 class map, two Layer 7 policy maps, three Layer 3/4 class maps, one Layer 3/4 policy map
B. three Layer 7 policy maps, one Layer 3/4 class map, one Layer 3/4 policy map
C. one Layer 7 class map, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
D. two Layer 7 class maps, one Layer 7 policy map, three Layer 3/4 class maps, one Layer 3/4 policy map
Answer: A

11. Which one of the following commands can provide detailed information about the crypto map configurations of a Cisco ASA adaptive security appliance?
A. show ipsec sa
B. show crypto map
C. show run ipsec sa
D. show run crypto map
Answer: D

12. Cisco ASA 5500 Series Adaptive Security Appliances are easytodeploy solutions that integrate worldclass firewall, Unified Communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. You are asked to configure a Cisco ASA 5505 Adaptive Security Appliance as an Easy VPN hardware client. In the process of configuration, you defined a list of backup servers for the security appliance to use. After several hours of being connected to the primary VPN server, the security appliance fails. You notice that your Easy VPN hardware client has now connected to a backup server that is not defined within the configuration of the client. Where did your Easy VPN hardware client get this backup server?

A. The connection profile that was configured on the primary VPN server was pushed to your Easy VPN hardware client and overwrote the list of backup servers that you had configured.
B. The group policy that was configured on the primary VPN server was pushed to your Easy VPN client and overwrote the list of backup servers that you had configured.
C. The backup servers that you listed were not configured as VPN servers, so the Easy VPN hardware client used the list of backup servers retrieved from the primary server.
D. The backup servers that you listed were no longer available, so the Easy VPN hardware client used the list of backup servers that it retrieved from the primary server.
Answer: B

13. Which three features can the Cisco ASA adaptive security appliance support? (Choose three.)
A. BGP dynamic routing
B. 802.1Q VLANs
C. OSPF dynamic routing
D. static routes
Answer: B, C, D

14. You are the network administrator for your company. Study the exhibit carefully. You are responsible for a Cisco ASA security appliance configured with a local CA. According to the exhibit below, what is the reason that the user student1 will use this password?

A. retrieval of the Cisco ASA security appliance identity certificate
B. retrieval of the digital certificate from the local CA on the Cisco ASA security appliance
C. the initial authentication to the SSL VPN server
D. authentication to the SSL VPN server
Answer: B