ATTENTION : Because Cisco 642-515 exam has change recently,Flydumps has updated the Cisco 642-515 exam dumps with all new Cisco https://www.pass4itsure.com/642-515.html exam questions and answers, visit flydumps.com to get free Cisco 642-515 PDF and VCE dumps.
QUESTION 90
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection.
B. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy.
C. The protocol inspection feature of the security appliance securely opens and closes PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-515 negotiated ports and IP addresses for legitimate client-server connections through the security appliance.
D. If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Tom works as a network administrator for the PG company. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status. Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?
A. failover reset
B. failover primary active
C. failover active
D. failover exec standby
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 93
A recent network upgrade at a branch office has changed the network topology of the branch, and the site-to-site VPN tunnel that runs between the branch and the corporate office has been reconfigured to perform Reverse Route Injection to accommodate the recent change. You are running OSPF between the corporate Cisco ASA security appliance and routers on the internal network. Assuming that the VPN configuration is correct, which step do you need to perform on the corporate Cisco ASA security appliance to ensure that these new routes are visible to internal routers that are running OSPF?
A. Reverse Route Injection requires that you configure a new OSPF process that will add these routes to the Cisco ASA security appliance routing table.
B. Reverse route injection requires that you add a static route for each branch-office network to the Cisco ASA security appliance routing table.
C. Reverse Route Injection uses static routes, so you must configure OSPF to redistribute the static routes.
D. Reverse Route Injection uses RIP, so you must add a RIP process and redistribute the learned RIP routes into OSPF.
E. Reverse Route Injection uses EIGRP, so you must add an EIGRP process and redistribute the learned EIGRP routes into OSPF.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 94
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-515
Using a valid identity certificate from her certificate authority, an administrator of a Cisco ASA security appliance has used the IPsec VPN Wizard to create the necessary configuration for remote-access VPN tunnels. When she tests the remote-access VPN, the VPN tunnel does not come up. Assuming that the remote-access VPN configuration created by the wizard is correct and that valid certificates are being used by the Cisco ASA security appliance and Cisco VPN Client, which corrective action must be configured or corrected for the VPN tunnel to come up properly?
A. The IKE phase one configuration is not part of the IPsec VPN Wizard configuration and must be configured.
B. The IKE phase two configuration is not part of the IPsec VPN Wizard configuration and must be configured.
C. The crypto ACL configuration is not part of the IPsec VPN Wizard configuration and must be configured.
D. The mapping of digital certificates to connection profile is not part of the IPsec VPN Wizard configuration and must be configured.
E. NAT-Transparency configuration is not part of the IPsec VPN Wizard configuration and must be configured.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 95
You are configuring a Cisco ASA 5520 Adaptive Security Appliance as a Easy VPN hardware client. But from within Cisco ASDM, you cannot find the Easy VPN Remote configuration option within the Remote Access VPN menu. Why would you not be able to find this configuration option within Cisco ASDM on the ASA 5520 Adaptive Security Appliance?
A. The version of Cisco ASDM software loaded on the Cisco ASA security appliance does not support the Easy VPN feature.
B. The version of Cisco ASDM software loaded on the Cisco ASA security appliance is corrupt.
C. Only the Cisco ASA 5505 Adaptive Security Appliance can be a Easy VPN hardware client.
D. The Easy VPN feature with the BIOS of the ASA 5520 Adaptive Security Appliance was not enabled.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams
Flydumps is ready to provide Cisco 642-515 candidates with Cisco 642-515 training materials which can be very much helpful for getting Cisco 642-515 certification, which means that candidates.Cisco 642-515 can easily get access to the services of Cisco https://www.pass4itsure.com/642-515.html for practice exam,which will assure them 100% Cisco 642-515 success rate.Though Cisco 642-515 tests are not easy at all, but they do not make Cisco 642-515 things complicated.