Cisco 642-511 Exam Dumps, Download Latest Cisco 642-511 Dump Latest Version PDF&VCE

Important Info — Cisco 642-511 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-511 exam dumps.Visit Flydumps.com to get more valid information.

QUESTION 111
When issuing a digital certificate, which information does the CA supply? Choose three.
A. user name
B. validity dates
C. private key
D. issuer’s name
E. CA signature algorithm
F. user’s private key information

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 112
When configuring CPP, which statement is true?
A. CPP is enabled in both the Cisco VPN Client and Cisco VPN Concentrator
B. CPP is enabled in the Cisco VPN Client, Cisco VPN Concentrator, and firewall
C. CPP is enabled on the Cisco VPN Concentrator only
D. CPP is enabled in the Cisco VPN Concentrator and firewall

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 113
During IKE negotiations, when an identity certificate is received from an IKE peer, which three things does the Cisco VPN 3000 Concentrator check? Choose three.
A. Is the certificate still valid?
B. Has the CA expired?
C. Has the CA been revoked?
D. Is the certificate signed by a trusted CA?
E. Is the certificate FQDN valid?
F. Is the certificate in the CRL?

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which type of VPN is considered an extension of the classic WAN network?
A. Remote access
B. Site-to-site
C. Firewall-based
D. Centrally based

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 115
For client RRI, which IP address does the Cisco VPN Concentrator advertise?
A. Cisco VPN 3002 private interface IP address
B. Cisco VPN 3002 assigned IP address
C. Cisco VPN Client NIC IP address
D. Cisco VPN 3002 public interface IP address

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Drag Drop question A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 117
In LAN-to-LAN NAT, the NAT rule type is selected; NAT source and translated network addresses are defined; and LAN-to-LAN tunnel NAT rules are enabled. The last step is to tie the translated IP addresses to the Concentrator so the Concentrator knows how to route the translated IP addresses. How are the translated addresses tied to the Concentrator?
A. by defining the local and remote networks in the LAN-to-LAN wizard
B. by configuring custom private interface filters
C. by configuring static routes in the LAN-to-LAN wizard
D. by enabling network auto-discovery in the LAN-to-LAN wizard

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Drag Drop question A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 119
Which two certificates need to be installed in the Cisco VPN 3000 Concentrator? Choose two.
A. SSL certificate
B. root certificate
C. public certificate
D. private certificate
E. trusted certificate
F. identity certificate

Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
QUESTION 120
What does the backup server feature enable the Cisco VPN 3002 to access?
A. backup DHCP server
B. backup Cisco VPN Concentrator
C. backup authentication server
D. backup certificate server

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Drag Drop question A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 122
How do you activate a Cisco CPP custom policy?
A. enable custom CPP in the Cisco VPN Concentrator only
B. enable custom CPP in the client and Cisco VPN Concentrator
C. enable CPP in the Cisco VPN Concentrator and select the custom policy under policy management
D. enable CPP in the Cisco VPN Concentrator and select the custom policy under the pushed policy drop-down menu

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
If CRL checking is enabled, the VPN Concentrator retrieves and examines CRLs. To mitigate potential timeout problems due to network congestion and delay, CRLs can be cached locally. Where are CRLs cached?
A. on a pre-defined TFTP server on the local private network
B. on a pre-defined FTP server on the local private network
C. in the VPN Concentrator’s volatile memory
D. in the VPN Concentrator’s non volatile memory

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 124
LAB A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 125
In this network, if any PC at site A wants to access server B2, the PC IP address is translated to 20.20.20.X/24 (X = PC host address). For the Concentrator to perform the translation, how are the source network IP address and wildcard mask configured on the Concentrator at site A?

e
A. IP address – 20.20.20.0 Wildcard Mask – 0.0.0.0
B. IP address – 20.20.20.0 Wildcard Mask – 0.0.0.255
C. IP address – 10.10.10.0 Wildcard Mask – 0.0.0.0
D. IP address – 10.10.10.0 Wildcard Mask – 0.0.0.255

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Which data is shown on the Monitor Sessions screen? Choose three.
A. session summary
B. LAN-to-LAN sessions
C. tunnel summary
D. client tunnels
E. site-to-site tunnels
F. remote access sessions

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 127
What are the three steps in the Are You There feature configuration? Choose three.
A. Select the firewall setting.
B. Select the firewall.
C. Select are you there on the firewall.
D. Select are you there on the Cisco VPN Client.
E. Enable the firewall virtual interface.
F. Select are you there on the Cisco VPN Concentrator.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 128
In the GUI, what happens if you reboot without saving the configuration changes?
A. configuration changes are lost
B. configuration changes remain
C. system does not allow you to reboot without saving
D. system warns you that the configuration changes will be lost, do you still want to proceed

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 129
For network extension RRI, which IP address does the Cisco VPN Concentrator advertise?
A. Cisco VPN Client NIC IP address
B. Cisco VPN 3002 assigned IP address
C. Cisco VPN 3002 public interface IP address
D. Cisco VPN 3002 private interface network address

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which feature enables the Concentrator administrator to centrally define a set of rules for the Cisco VPN Client firewall?
A. AYT
B. CPP
C. Stateful Firewall
D. CIC Firewall

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 131
When is the auto VPN initiation menu item available from the VPN client GUI?
A. It is available by default.
B. after auto-initiate dll is added to the Cisco Systems VPN Client folder
C. after AutoInitiateEnable=1 line is added to VPNclient.pcf file
D. after AutoInitiateEnable=1 line is added to VPNclient.ini file

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 132
The network auto-discovery feature enables the Cisco VPN Concentrator to learn automatically which networks are reachable at both ends of a LAN-to-LAN tunnel. From which routing protocols can the Cisco VPN Concentrator learn these networks?
A. EIGRP
B. OSPF
C. RIP
D. RIP and OSPF
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 133
What is the effect of enabling transparent tunneling on the Cisco VPN Client?
A. data packets are wrapped in UDP
B. encryption is disabled on the Cisco VPN Client
C. Cisco VPN Client transmits traffic in clear text
D. split tunneling is enabled on the Cisco VPN Client

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Under the IKE active proposal list, the certicom client supports which IKE proposal?
A. IKE-3DES-MD5-RSA
B. IKE-3DES-MD5-DH7
C. CiscoVPNClient-3DES-MD5
D. IKE-3DES-MD5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Which of the following filters are part of the Cisco CPP default policy?
A. blocks all inbound tunnel traffic not related to an outbound session
B. blocks all inbound Internet traffic not related to an outbound session
C. blocks all outbound tunnel traffic
D. blocks all outbound Internet traffic

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

If you fail in Cisco 642-511 exam test with Cisco 642-511 exam dumps, we promise to give you full refund! You only need to scan your Cisco 642-511 est score report to us together with your receipt ID. After our confirmation, we will give you full refund in time.Or you can choose to charge another IT exam Q&As instead of Cisco 642-511 exam dumps.Useful Cisco certifications exam dumps are assured with us.If our Cisco 642-511 exam dumps can’t help you pass Cisco 642-511  exam,details will be sent before we send the exam to you.We don’t waste our customers’ time and money! Trusting Passtcert is your best choice!