REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Logan
 
 

 

Braindumps of 642-648
Deploying Cisco ASA VPN Solutions (VPN v2.0)

 

Exam Questions, Answers, Braindumps (642-648)

This braindump is provided with ratings from different students. I used www.examcheats.net study material and the exam was not a problem for me.

  

QUESTION NO: 1

Which statement is correct concerning the trusted network detection (TND) feature?

A. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms.

B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network.

C. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client.

D. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session.

Answer: D

QUESTION NO: 2

Which four parameters must be defined in an ISAKMP policy when you are creating an IPsec siteto- site VPN using the Cisco ASDM? (Choose four.)

A. encryption algorithm

B. hash algorithm

C. authentication method

D. IP address of remote IPsec peer

E. D-H group

F. perfect forward secrecy

Answer: A,B,C,E

QUESTION NO: 3

When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use?

A. Configure the Cisco ASA appliance for split tunneling.

B. Configure network access exceptions in the SSL VPN customization editor.

C. Configure the Cisco ASA appliance to disable content rewriting.

D. Configure the Cisco ASA appliance to enable URL Entry bypass.

E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function.

Answer: C

QUESTION NO: 4

Cisco AnyConnect profiles can be used to set which three options? (Choose three.)

A. Define a list of VPN gateways that are presented to users upon login.

B. Define a quarantine VLAN for remote devices that fail a host scan.

C. Define a guest VLAN to all "noncompany" Cisco IOS WebVPN users.

D. Define a list of backup servers if primary gateways are unavailable.

E. Activate the SSL VPN tunnel as part of the Windows login sequence.

F. Configure the Cisco Secure Desktop vault.

Answer: A,D,E

QUESTION NO: 5

Which three statements concerning keystroke logger detection are correct? (Choose three.)

A. It requires administrative privileges in order to run.

B. It runs on Windows and MAC OS X systems.

C. It detects loggers that run as a process or kernel module.

D. It detects both hardware- and software-based keystroke loggers.

E. It allows the administrator to define "safe" keystroke logger applications.

Answer: A,C,E

QUESTION NO: 6

Which two options are correct regarding IKE and IPv6 VPN support on the Cisco ASA using version 8.4? (Choose two.)

A. The Cisco ASA supports full IKEv2 IPv6 for site-to-site VPNs only.

B. The Cisco ASA supports full IKEv2 IPv6 for remote-access VPNs.

C. The Cisco ASA supports IKEv1 and IKEv2 configuration on the same crypto map.

D. The Cisco ASA supports negotiation of authentication type using IKEv2 with IPv6.

E. The Cisco ASA supports all types of VPN configurations when using IPv6

Answer: A,C

QUESTION NO: 7

An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do?

A. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.

B. Enable the local LAN access option on the IPsec client.

C. Enable the IPsec over TCP option on the IPsec client.

D. Enable the clientless SSL VPN option on the PC.

Answer: C

QUESTION NO: 8

Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)

A. LDAP

B. FTP

C. TFTP

D. HTTP

E. SCEP

F. Manual

Answer: E,F

QUESTION NO: 9

The software-based Cisco IPsec VPN Client solution uses bidirectional authentication, in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based Cisco IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)

A. Unified Client Certificate authentication

B. Secure Unit authentication

C. Hybrid authentication

D. Certificate authentication

E. Group authentication

Answer: C,D,E

QUESTION NO: 10

Cisco Secure Desktop seeks to minimize the risks that are posed by the use of remote devices in establishing a Cisco clientless SSL VPN or Cisco AnyConnect VPN Client session. Which two statements concerning the Cisco Secure Desktop Host Scan feature are correct? (Choose two.)

A. It is performed before a user establishes a connection to the Cisco ASA.

B. It is performed after a user establishes a connection to the Cisco ASA but before logging in.

C. It is performed after a user logs in but before a group profile is applied.

D. It is supported on endpoints that run a Windows operating system only.

E. It is supported on endpoints that run Windows and MAC operating systems only.

F. It is supported on endpoints that run Windows, MAC, and Linux operating systems.

Answer: B,F

QUESTION NO: 11

An on-screen keyboard is a programmable SSL VPN option. Which three options are keyboardconfigurable parameters that the administrator can enable or disable? (Choose three.)

A. Show only if Secure Desktop Vault is disabled.

B. Do not show onscreen keyboard.

C. Show only for the login page.

D. Show for all user input fields.

E. Show for all portal pages that require authentication.

F. Show for all plug-in pages.

Answer: B,C,E

QUESTION NO: 12

Your IT department needs to run a custom-built TCP application within the clientless SSL VPN tunnel. The network administrator suggests running the smart tunnel application. Which three statements concerning smart tunnel applications are true? (Choose three.)

A. They support active FTP and other RTSP-based applications.

B. They do not require administrator privileges on the remote system.

C. They require the enabling of port forwarding.

D. They are supported on Windows and MAC OS X platforms.

E. They support native client applications over SSL VPN.

F. They require the modification of the Host file on the end-user PC.

Answer: B,D,E

QUESTION NO: 13

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have "admin" privileges to their PCs. What is the correct way to configure the SSL VPN tunnel to allow this application to run?

A. Configure a smart tunnel for the application.

B. Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal.

C. Configure the plug-in that best fits the application.

D. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

Answer: A

QUESTION NO: 14

Which statement about plug-ins is false?

A. Plug-ins do not require any installation on the remote system.

B. Plug-ins require administrator privileges on the remote system.

C. Plug-ins support interactive terminal access.

D. Plug-ins are not supported on the Windows Mobile platform.

Answer: B

 

642-648


 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend