Pass4Test의 Cisco 642-647 (Deploying Cisco ASA VPN Solutions (VPN v1.0))덤프를 구매하기전 우선 pdf버전 덤프샘플을 다운받아 덤프문제를 공부해보시면 Pass4Test덤프품질에 신뢰가 느껴질것입니다. Pass4Test의 Cisco 642-647 (Deploying Cisco ASA VPN Solutions (VPN v1.0))덤프가 고객님의 시험패스테 조금이나마 도움이 되신다면 행복으로 느끼겠습니다.

 

NO.1 An administrator has preconfigured the Cisco ASA 5505 user settings with a username and a password.

 

When the telecommuter first turns on the Cisco ASA 5505 and attempts to establish a VPN tunnel, the

user is prompted for a username and password. Which two Cisco ASA 5505

Group Policy features require this extra level of authentication? (Choose two.)

A. New Unit Authentication

B. Extended Group Authentication

C. Secure Unit Authentication

D. Role-Based Access Control Authentication

E. Compartmented Mode Authentication

F. Individual User Authentication

Answer: C,F

 

NO.2 An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters,

tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC

conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN

tunnel. From home the previous day, however, the engineer connected to the XYZ sales demonstration

folder and transferred the demonstration via IPsec over DSL.

To get the connection to work and transfer the demonstration, what can you suggest?

A. Change the MTU size on theIPsec client to account for the change from DSL to cable transmission.

B. Enable the local LAN access option on theIPsec client.

C. Enable theIPsec over TCP option on the IPsec client.

D. Enable the clientless SSL VPN option on the PC

Answer: A

 

NO.3 Your corporate finance department purchased a new non-web-based TCP application tool to run on one

of its servers. The finance employees need remote access to the software during non-business hours.

The employees do not have "admin" privileges to their PCs. How would you configure the SSL VPN

tunnel to allow this application to run?

A. Configure a smart tunnel for the application.

B. Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal.

C. Configure the plug-in that best fits the application.

D. Configure the Cisco ASA appliance to download the CiscoAnyConnect SSL VPN client to the finance

employee each time an SSL VPN tunnel is established.

Answer: A

 

NO.4 Refer to the exhibit. A new network engineer configured the ABC adaptive security appliance with two

bookmarks for a new temporary employee. The temporary worker can connect to the administrator server

via the temp_worker_admin bookmark but cannot connect to the project server via the

temp_worker_projects (greyed-out) bookmark. It was determined that the URL and IP addressing

information in the GUI screens is correct.

What is wrong with the configuration?

A. URL Entry should be enabled.

B. The File Server Entry Inherit parameter should be overwritten and set for enabled.

C. The DNS server information is incorrect.

D. File Server Browsing should be enabled

Answer: C

 

NO.5 VPN using the Cisco ASDM? (Choose four.)

A. encryption algorithm

B. hash algorithm

C. authentication method

D. IP address of remoteIPsec peer

E. D-H group

F. perfect forward secrecy

Answer: A,B,C,E

 

NO.6 Which two types of digital certificate enrollment processes are available for the Cisco ASA security

appliance? (Choose two.)

A. LDAP

B. FTP

C. TFTP

D. HTTP

E. SCEP

F. Manual

Answer: E,F

 

NO.7 Refer to the exhibit. Which two statements are correct regarding these two Cisco ASA clientless SSL VPN

bookmarks? (Choose two.)

A. CSCO_WEBVPN_USERNAME is a user attribute.

B. CSCO_WEBVPN_USERNAME is a Cisco predefined variable that is used for macro substitution.

C. The CSCO_WEBVPN_USERNAME variable is enabled by using the Post SSO plug-in.

D. CSCO_SSO is a Cisco predefined variable that is used for macro substitution.

E. The CSCO_SSO=1 parameter enables SSO for the SSH plug-in.

F. The CSCO_SSO variable is enabled by using the Post SSO plug-in.

Answer: B,E

 

NO.8 Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation

of two sets of username and password credentials on the SSL VPN login page?

A. Single Sign-On

B. Certificate to Profile Mapping

C. Double Authentication

D. RSA OTP

Answer: D

 

NO.9 Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel

groups from a drop-down menu on the Cisco IOS WebVPN login page. As the Cisco ASA administrator,

how would you accomplish this task?

A. Define a special identity certificate with multiple groups that are defined in the certificate OU field that

will grant the certificate holder access to the named groups on the login page.

B. Under Group Policies, define a default group that encompasses the required individual groups that

would appear on the login page.

C. Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that

would appear on the login page.

D. Under Connection Profiles, enable group selection from the login page.

Answer: D

 

NO.10 The administrator configured a Cisco ASA 5505 as a Cisco Easy VPN hardware client and also defined

a list of Cisco Easy VPN backup servers in the Cisco ASA 5505. After an outage of the primary VPN

server, you notice that your Cisco Easy VPN hardware client has now reconnected via a backup server

that was not defined within the original Cisco Easy VPN backup servers list. Where did your Cisco Easy

VPN hardware client get this backup server?

A. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client

queried the load balance server for a "new" backup server address.

B. The backup servers that you listed were no longer available, so a Group Policy that was configured on

the primary VPN server pushed "new" backup server addresses to your client.

C. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client

queried the primary VPN server via RADIUS protocol for a "new" backup server address.

D. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client

queried and received from a predefined LDAP server a "new" backup server address.

Answer: B