Cisco642515最新题库.docx
- 文档编号:3196922
- 上传时间:2023-05-05
- 格式:DOCX
- 页数:27
- 大小:1,017.63KB
Cisco642515最新题库.docx
《Cisco642515最新题库.docx》由会员分享,可在线阅读,更多相关《Cisco642515最新题库.docx(27页珍藏版)》请在冰点文库上搜索。
Cisco642515最新题库
642-515SecuringNetworkswithASAAdvanced
Number:
642-515
QUESTION1
Refertotheexhibit.YouareconfiguringaCiscoASAsecurityappliancetoparticipateinaVPNcluster.
Basedontheexhibit,towhichvaluewouldyousettheprioritytoincreasethechancesofthisCiscoASAsecurityappliancebecomingtheclustermaster?
A.
0
B.
1
C.
10
D.
100
Answer:
C
Section:
(none)
Explanation/Reference:
QUESTION2
Refertotheexhibit.YouaretheadministratorofmultipleremoteCiscoASAsecurityappliances,securityappliancesforSSLVPNsandarerequiringaclientcertificate,asshown.
HowwouldthisconfigurationaffectyournextASDMconnectiontothisCiscoASAsecurityappliance?
A.
Youwouldbeaskedtopresentanidentitycertificate.Ifyoudidnothaveone,theCiscoASAsecurityappliancewouldpromptyouforauthenticationcredentials,consistingofausernameandpassword.
B.
YourconnectionwouldbehandledthewayitisalwayshandledbythisCiscoASAsecurityappliance.
C.
YouwouldberequiredtodownloadtheidentitycertificateoftheremoteCiscoASAsecurityappliance.
D.
YouwouldberequiredtohaveanidentitycertificatethattheCiscoASAsecurityappliancecanuseforauthentication.
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION3
Refertotheexhibit.YouaretheadministratorofacorporateCiscoASAsecurityappliancewithaCiscoASAAIP-SSM.YouhavebeentaskedtodeploytheAIP-SSMtoprotectcorporateDMZwebservers.TheAIP-SSMhasbeenconfigured,andaservicepolicyhasbeenconfiguredtoidentifythetrafficthatistobepassedtotheAIP-SSM.
OnwhichtwointerfaceswouldapplicationoftheservicepolicyfortheAIP-SSMbemosteffectivewhilecausingtheleastamountofimpacttoCiscoASAsecurityapplianceperformance?
(Choosetwo.)
A.
Insideinterface
B.
Dmzinterface
C.
Internetinterface
D.
Globallyonallinterfaces
E.
Outsideinterface
Answer:
BE
Section:
(none)
Explanation/Reference:
QUESTION4
Refertotheexhibit.YouareconfiguringtheCiscoASAsecurityapplianceasthehubinahub-and-spokesite-to-siteVPN.
Whichoftheseconfigurationswillenabletraffictoflowbetweenspokes?
Exhibit:
A.
B.
C.
D.
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION5
Refertotheexhibit.YouhaveconfiguredaLayer7policymaptomatchthesizeofHTTPheaderfieldsthataretraversingthenetwork.
Basedonthisconfiguration,willHTTPheadersthataregreaterthan200bytesbelogged?
policy-maptypeinspecthttpTEST
parameters
matchrequestheaderlengthgt100
reset
matchrequestheaderlengthgt200
log
A.
No,becausetheresetactionforheadersgreaterthan100byteswouldbethefirstmatch.
B.
Yes,becausetheresetactionforheadersgreaterthan100bytesandthelogactionforheadersgreaterthan200byteswouldbothbeapplied.
C.
No,becauseresetorlogactionsareapartoftheservicepolicyandtheLayer7policymap.
D.
Yes,becausethelogactionforheadersgreaterthan200byteswouldbethelastmatch.
Answer:
A
Section:
(none)
Explanation/Reference:
QUESTION6
Refertotheexhibit.ThenetworksecurityadministratorforXYZCorporationwantstoconfigurethecorporateCiscoASAsecurityappliancetotakethefollowingactionsonitsoutsideinterface:
--ratelimitallIPtrafficfromtelecommutingsystemengineerstotheinsidehost
--dropallHTTPrequestsfromtheInternettothewebserverthathaveabodylengthgreaterthan1000bytes
--preventusersonnetwork192.168.6.0/24fromusingtheFTPPUTcommandtostore.exefilesontheFTPserver
WhichsetofModularPolicyFrameworkcomponentswillbeinvolvedinaccomplishingthisgoal?
A.
OneLayer7classmap,twoLayer7policymaps,threeLayer3/4classmaps,oneLayer3/4policymap
B.
OneLayer7classmap,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap
C.
TwoLayer7classmaps,oneLayer7policymap,threeLayer3/4classmaps,oneLayer3/4policymap
D.
ThreeLayer7policymaps,oneLayer3/4classmap,oneLayer3/4policymap
Answer:
A
Section:
(none)
Explanation/Reference:
QUESTION7
Refertotheexhibit.YouhaveconfiguredaCiscoASA5505AdaptiveSecurityApplianceasanEasyVPNhardwareclient.Duringtheconfiguration,youdefinedalistofbackupserversforthesecurityappliancetouse.AfterafewhoursofbeingconnectedtotheprimaryVPNserver,thesecurityappliancefails.YounoticethatyourEasyVPNhardwareclienthasnowconnectedtoabackupserverthatisnotdefinedwithintheconfigurationoftheclient.
WheredidyourEasyVPNhardwareclientgetthisbackupserver?
A.
Thebackupserversthatyoulistedwerenolongeravailable,sotheEasyVPNhardwareclientusedthelistofbackupserversthatitretrievedfromtheprimaryserver.
B.
ThegrouppolicythatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNclientandoverwrotethelistofbackupserversthatyouhadconfigured.
C.
TheconnectionprofilethatwasconfiguredontheprimaryVPNserverwaspushedtoyourEasyVPNhardwareclientandoverwrotethelistofbackupserversthatyouhadconfigured.
D.
ThebackupserversthatyoulistedwerenotconfiguredasVPNservers,sotheEasyVPNhardwareclientusedthelistofbackupserversretrievedfromtheprimaryserver.
Answer:
B
Section:
(none)
Explanation/Reference:
QUESTION8
Refertotheexhibit.YouaretheadministratorofaCiscoASAsecurityappliancethatisconfiguredwithalocalCA.
Basedontheexhibit,forwhichpurposewouldtheuserstudent1usethispassword?
A.
AuthenticationtotheSSLVPNserver
B.
RetrievalofthedigitalcertificatefromthelocalCAontheCiscoASAsecurityappliance
C.
RetrievaloftheCiscoASAsecurityapplianceidentitycertificate
D.
TheinitialauthenticationtotheSSLVPNserver
Answer:
B
Section:
(none)
Explanation/Reference:
QUESTION9
Observethefollowingexhibitcarefully.WhenTCPconnectionsaretunneledoveranotherTCPconnectionandlatencyexistsbetweenthetwoendpoints,eachTCPsessionwouldtriggeraretransmission,whichcanquicklyspiraloutofcontrolwhenthelatencyissuespersist.ThisissueisoftencalledTCP-over-TCPmeltdown.
AccordingtothepresentedCiscoASDMconfiguration,whichCiscoASAsecurityapplianceconfigurationwillmostlikelysolvethisproblem?
A.
Compression
B.
MTUsizeof500
C.
KeepaliveMessages
D.
DatagramTLS
Answer:
D
Section:
(none)
Explanation/Reference:
QUESTION10
Refertotheexhibit.YouhavebeentaskedwithconfiguringyourCiscoASAsecurityapplianceforEIGRProuting.
Basedontheinformationthatisprovidedintheexhibit,whichtwoCiscoASDMconfigurationswilladdthesenetworkstotheconfigurationofEIGRP?
(Choosetwo.)
A.
B.
C.
D.
E.
F.
Answer:
AE
Section:
(none)
Explanation/Reference:
ThetwonetworkswheretheASisthesame.
QUESTION11
WhichtwoofthesechoicesaretypesofqueuesavailableontheCiscoASAsecurityappliancewhenimplementingQoS?
(Choosetwo.)
A.
Weightedfairqueue
B.
Lastinfirstoutqueue
C.
Policingqueue
D.
Lowlatencyqueue
E.
Customqueue
F.
Besteffortqueue
G.
Roundrobinqueue
Answer:
DF
Section:
(none)
Explanation/Reference:
QUESTION12
Refertotheexhibit.TheFTPinspectionmapnamedL7FTPPOLICYisappliedtotheoutsideinterfaceofthesecurityappliance.
Asaresultofthisconfiguration,whichofthefollowingactionsdoesthesecurityappliancetakeonFTPtrafficenteringitsoutsideinterface?
A.
ResetsandlogsconnectionsfromanyuserwhoattemptstoretrievefilesviaFTP;resetsconnectionsfromuserswhoattempttodeliverfilesviaFTP
B.
ResetsconnectionsfromanduserswhentheyattempttoretrievefilesviaFTP;logsanyuserconnectionsthatattempttodeliverfilesviaFTP
C.
ResetsandlogsconnectionsfromuserswhentheyattempttoretrievefilesviaFTP;resetsallFTPconnectionsfromusers;resetsanyuserconnectionsthatattempttodeliverfilesviaFTP
D.
ResetsandlogsconnectionsfromusersonlywhentheyattempttoretrievefilesviaFTP:
resetsconnectionsfromusersonlywhentheyattempttodeliverfilesviaFTP
Answer:
C
Section:
(none)
Explanation/Reference:
QUESTION13
WhichtwointernalchannelsareusedforcommunicationbetweentheCiscoASAAIP-SSMandtheCiscoASAsecurityappliance?
(Choosetwo.)
A.
Sessionchannel
B.
Commandchannel
C.
Inlinechannel
D.
Promiscuouschannel
E.
Controlchannel
F.
Datachannel
Answer:
EF
Section:
(none)
Explanation/Reference:
QUESTION14
Refertotheexhibit.Anadministratoriseditinguser-specificpolicy.TheadministratorhasconfiguredagrouppolicyforSalestousetheIPaddresspoolthatisdefinedbythepoolVPNPOOLandtoallowasmanyasthreesimultaneouslogins.
Basedontheexhibit,whenthisuserconnects,whatwillbetheIPaddressassignedtotheconnectionandwhatwillbethenumberofsimultaneousloginsallowedforthisuser?
(Choosetwo.)
A.
TheuserwillreceiveanIPaddressfromtheVPNPOOL.
B.
Theuserwillbeallowedtomakeonlyoneconnection.
C.
Theuserwillbeallowedtomakeconnectionsuptothelimitthatisdefinedinthedefaultgrouppolicy.
D.
TheuserwillbeassignedtheIPaddressfromtheuser-specificpolicy.
E.
Theuserwillbeallowedtomakeasmanyasthreesimultaneousconnections
F.
TheuserwillreceiveanIPaddressfromtheaddresspoolthatisdefinedinthedefaultgrouppolicy.
Answer:
BD
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Cisco642515 最新 题库
![提示](https://static.bingdoc.com/images/bang_tan.gif)