Cisco 642-648 Cert, Latest Release Cisco 642-648 Exam Guide Latest Version PDF&VCE

100% valid Cisco 642-648 Flydumps with more new added questions.By training the Cisco 642-648 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass Cisco 642-648 ensure!

QUESTION 41
In which three ways can a Cisco ASA security appliance obtain a certificate revocation list? (Choose three.)
A. FTP
B. SCEP
C. TFTP
D. HTTP
E. LDAP
F. SCP

Correct Answer: BDE Section: (none) Explanation
QUESTION 42
An IT manager and a Security manager are discussing the deployment options for clientless SSL VPN. They are trying to decide which groups are best suited for this new deployment option. Which two groups are the best candidates for the clientless SSL VPN rollout? (Choose two.)
A. an IT administrator who needs to manage servers from a corporate laptop
B. employees who need occasional access to check their email accounts
C. a vendor who needs access to confidential corporate presentations via Secure FTP
D. customers who need interactive access to the corporate invoice server

Correct Answer: BC Section: (none) Explanation
QUESTION 43
Your corporation has contractors that need remote access to server desktops, in order to diagnose issues and load software during nonbusiness hours. Which three clientless SSL VPN configurations allow these contractors to access the desktops of remote servers? (Choose three.)
A. XWindows bookmark by using the XWindows plug-in
B. RDP bookmark by using the RDP plug-in
C. SCP bookmark by using SCP plug-in “First Test, First Pass” – www.lead2pass.com 19 Cisco 642-648 Exam
D. VNC bookmark by using the VNC plug-in
E. SSH bookmark by using the SSH plug-in
F. Citrix plug-in by using the Citrix plug-in

Correct Answer: BDF Section: (none) Explanation
QUESTION 44
Which three Host Scan checks on a remote endpoint can you configure Cisco Secure Desktop to perform? (Choose three.)
A. registry checks
B. user rights checks
C. group policy objects checks
D. file checks
E. virus software checks
F. process checks

Correct Answer: ADF Section: (none) Explanation
QUESTION 45
Which three statements about clientless SSL VPN are true? (Choose three.)
A. Users are not tied to a particular PC or workstation.
B. Users have full application access to internal corporate resources.
C. Minimal IT support is required.
D. Cisco AnyConnect SSL VPN software is automatically downloaded to the remote user at the start of the clientless session.
E. For security reasons, browser cookies are disabled for clientless SSL VPN sessions.
F. Clientless SSL VPN requires an SSL-enabled web browser.

Correct Answer: ACF Section: (none) Explanation
QUESTION 46
A remote user who establishes a clientless SSL VPN session is presented with a web page. The administrator has the option to customize the “look and feel” of the page. What are three components of the VPN Customization Editor? (Choose three.)
A. Application page
B. Logon page
C. Networking page
D. Logout page
E. Home page
F. Portal page

Correct Answer: BDF Section: (none) Explanation
QUESTION 47
When establishing a Cisco AnyConnect SSL VPN tunnel, a system administrator wants to restrict remote home office users to either print to their local printer or send the remaining traffic down the
“First Test, First Pass” – www.lead2pass.com 20 Cisco 642-648 Exam
Cisco AnyConnect SSL VPN tunnel (with restricted Internet access). Choose both a tunnel policy option and an ACL type to accomplish this design goal. (Choose two.)
A. tunnel all networks
B. tunnel network list below
C. exclude network list from the tunnel
D. standard ACL
E. web ACL
F. extended ACL

Correct Answer: CD Section: (none) Explanation
QUESTION 48
The LAN-to-LAN tunnel is not established, but an administrator can ping the remote Cisco ASA. Which three IPsec LAN-to-LAN configuration parameters should the administrator verify at both ends of the tunnel? (Choose three.)
A. pre-shared key
B. extended authentication password
C. extended authentication username
D. crypto ACL source IP address
E. crypto ACL destination IP address
F. tunnel connection-typE. originate or answer

Correct Answer: ADE Section: (none) Explanation QUESTION 49
Upon receiving a digital certificate, what are three steps that a Cisco ASA performs to authenticate the digital certificate? (Choose three.)
A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
B. The identity certificate thumbprint is validated using the private key of the stored CA.
C. The identity certificate signature is validated by using the stored root certificate.
D. The signature is validated by using the stored identity certificate.
E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.

Correct Answer: ACE Section: (none) Explanation
QUESTION 50
You are configuring bookmarks for the clientless SSL VPN portal without the use of plug-ins. Which three bookmark types are supported? (Choose three.)
A. RDP
B. HTTP
C. FTP
D. CIFS
E. SSH
F. Telnet “First Test, First Pass” – www.lead2pass.com 21 Cisco 642-648 Exam

Correct Answer: BCD Section: (none) Explanation
QUESTION 51
What are three methods for VPN address assignment? (Choose three.)
A. RADIUS authentication server
B. Kerberos server
C. internal address pool
D. RSA SecureID authentication server
E. LDAP server

Correct Answer: ACE Section: (none) Explanation
QUESTION 52
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues. Choose three characteristics of DTLS. (Choose three.)
A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.

Correct Answer: ABE Section: (none) Explanation
QUESTION 53
Which three options are characteristics of WebType ACLs? (Choose three.)
A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.

Correct Answer: BDE Section: (none) Explanation
QUESTION 54
For clientless SSL VPN users, bookmarks can be assigned to their portal. What are three methods for assigning bookmarks? (Choose three.)
A. connection profiles
B. group policies
C. XML profiles
D. LDAP or RADIUS attributes
E. the portal customization tool
F. user policies “First Test, First Pass” – www.lead2pass.com 22 Cisco 642-648 Exam

Correct Answer: BDF Section: (none) Explanation
QUESTION 55
Your IT department needs to run a custom-built TCP application within the clientless SSL VPN tunnel. The network administrator suggests running the smart tunnel application. Which three statements concerning smart tunnel applications are true? (Choose three.)
A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.

Correct Answer: BDE Section: (none) Explanation
Cisco 642-648 Exam Certification Guide is part of a recommended study program from Cisco 642-648 that includes simulation and hands-on training from authorized Cisco 642-648 Learning Partners and self-study products from Cisco 642-648.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-648 Learning Partners worldwide