Cisco 642-511 Preparation Materials, Provide Latest Cisco 642-511 Practice Exam

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

Flydumps Cisco 642-511 material details are researched and created by the most professional certified authors who are regularly using current exams experience to create precise and logical dumps. You can get questions and answers from many other websites or books, but logic is the main key of success. And Flydumps will give you this key of success.

QUESTION 136
Which of the following is the best PKI model for a large enterprise?
A. Central
B. Flat
C. Hub and Spoke
D. Hierarchical

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Which of the following predefined administrators allows the administrator all rights except SNMP access?
A. User
B. MIS
C. Config
D. ISP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 138
Which of the following are valid authentication options for the Hardware Client? (Choose two)
A. Unit authentication
B. Interactive group authentication
C. Interactive unit authentication
D. MAC address authentication

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 139
What are two Quick Configuration elements used in the configuration of IPSec groups? Choose two.
A. password
B. user name
C. group priority
D. group access protocols
E. group server name
F. group name

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 140
When configuring remote access protocols under quick configuration, what protocol restrictions does the Cisco VPN Concentrator impose?
A. no protocol restrictions
B. only one access protocol per group
C. any two access protocols per group
D. IPSec plus one other access protocol

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 141
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 142
The Cisco VPN Concentrator supports routing updates based on what protocol?
A. OSPF
B. EIGRP
C. BGP
D. IS-IS

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 143
What is the primary advantage of using Mode Configuration?
A. It negotiates IKE sessions faster than Quick Mode.
B. It negotiates IKE sessions faster than Main Mode.
C. It pre-configures dial-up networking.
D. It pushes configuration parameters to the Cisco VPN Client.
E. It allows the end user more flexibility in choosing the connection parameters.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 144
Which of the following operating systems support the Cisco VPN Client Virtual Adapter? (Choose two)
A. Windows 98
B. Windows NT 4.0
C. Windows 2000
D. Windows XP
E. Mac OS X version 10.1.0 or higher
F. Solaris 2.6 or higher

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 145
What are three steps in the file-based certificate enrollment process? Choose three.
A. The identity certificate is loaded into the Cisco VPN Concentrator first.
B. The CA generates the root and identity certificates.
C. The root certificate is loaded into the Cisco VPN Concentrator second.
D. The root certificate is loaded into the Cisco VPN Concentrator first.
E. Cisco VPN Concentrator generates a PKCS#7.
F. The Cisco VPN Concentrator generates a PKCS#10.

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 146
Which two DH groups does the VPN3000 Concentrator support for key exchange? Choose two.
A. 1
B. 2
C. 3
D. 4
E. 6

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 147
Using the default Cisco VPN 3002 unit authentication, what happens to the unit password?
A. pushed down to the Cisco VPN 3002 the first time the tunnel is established
B. authenticated via a TACACS+ server
C. stored permanently in Cisco VPN 3002 memory
D. authenticated via a NT Domain server

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 148
If there is a need to see the devices behind the Hardware Client, which mode of operation must be used?
A. main extension mode
B. aggressive extension mode
C. discovery extension mode
D. network extension mode
E. client extension mode

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 149
Which feature will not allow the Cisco VPN Client to connect without a firewall running?
A. AYT
B. Connectionless Firewall
C. Stateful Firewall
D. CIC Firewall

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 150
What file must be modified to enable the Cisco VPN Software Client Auto-Initiation feature?
A. main.ini
B. user.ini
C. client.ini
D. vpnclient.ini

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 151
To pre-configure a Cisco VPN client, what three files are required? Choose three.
A. unattended_setup.ini
B. user.pcf
C. data.ini
D. oem.ini
E. vpnclient.ini
F. client.ini

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 152
With SEP redundancy, if the top SEP fails and the bottom SEP takes over, which statement is true?
A. all sessions are lost
B. operator intervention is required
C. no sessions are lost
D. only the Cisco VPN 3080 supports SEP redundancy

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 153
If a remote user exceeds the configured policing rate, what will the VPN Concentrator do?
A. Log the event, set the DE bit, and allow the traffic to pass.
B. All packets marked high priority are passed and all packets marked low priority are dropped.
C. Allow excess traffic to pass up to the configured normal burst size.
D. Allow excess traffic to pass up to 1/8th of the CIR.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 154
How did Cisco solve the PAT translation issue?
A. wrap a standard IKE packet with a UDP port number
B. wrap a standard IPSec packet with a UDP port number
C. change the IKE TCP port number from a well known to a dynamically assigned port number
D. change the IPSec TCP port number from a well known to a dynamically assigned port number

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 155
Which statement about the Cisco VPN Concentrator load balancing feature is true?
A. Cisco VPN Concentrators load balance both site-to-site and remote access tunnels.
B. Cisco VPN Concentrators load balance site-to-site tunnels only.
C. Cisco VPN Concentrators load balance remote access tunnels only.
D. Cisco VPN Concentrator load balances administration sessions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 156
Which of the following is enabled by default on the Hardware Client?
A. IPSec over TCP
B. IPSec over IP
C. NAT-T
D. NAT-U

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which three are Cisco VPN Client firewall features? Choose three.
A. are you there
B. authentication proxy
C. stateful firewall (always on)
D. content filtering
E. central protection policy
F. stateful failover
Correct Answer: ACF Section: (none) Explanation

Explanation/Reference:
QUESTION 158
A PC at site A wants to access server B2 through a LAN-to-LAN tunnel. Which statement is true?

A. LAN-to-LAN NAT should be performed at site A Concentrator only.
B. LAN-to-LAN NAT should be performed at site B Concentrator only.
C. LAN-to-LAN NAT should be performed at both site A and B Concentrator.
D. LAN-to-LAN NAT is not necessary for this application.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
What is the default configuration of the Cisco VPN 3002 private interface?
A. DHCP server is enabled
B. DHCP client is enabled
C. static IP address of 192.168.10.1
D. enabled with an IP address of 0.0.0.0

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 160
What statement about the Cisco VPN Client local LAN access feature is true?
A. It enables split tunneling.
B. It enables Cisco VPN Client to encrypt packets destined for the local LAN.
C. It enables and disables Cisco VPN Client access to the local LAN.
D. It enables local LAN users access to the VPN tunnel.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 161
Which Cisco VPN feature allows the sender to encrypt packets before transmitting them across a network?
A. anti-replay
B. data confidentiality
C. data integrity
D. data original authentication

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Which digital signature process statement is true?
A. The hash is encrypted with the public key and decrypted with the private key.
B. The hash is encrypted and decrypted with a shared secret key.
C. The hash is encrypted and decrypted with a symmetric key.
D. The hash is encrypted with the private key and decrypted with the public key.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which information is included in the PKCS#10 request message? Choose two.
A. encryption algorithm
B. authentication algorithm
C. key size
D. validity dates
E. user information
F. private key

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 164
What auto-initiation parameters are defined by the AutoInitiationList?
A. a list of auto-initiation related section names within the INI file
B. a list of auto-initiation related section names within the PCF file
C. a list of networks that should be auto-initiated
D. a list of groups that should be auto-initiated
E. a list of users that should be auto-initiated

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which feature allows an administrator to edit the reachable subnets at both ends of the LAN-to-LAN tunnel?
A. network auto-discovery
B. Cisco VPN configuration tool
C. network lists
D. LAN-to-LAN wizard

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 166
What does the bandwidth policing feature provide to a remote user?
A. a minimum and maximum data transfer rate
B. a maximum data transfer rate
C. a minimum and maximum data transfer rate with an excess burst size
D. a maximum data transfer rate with a maximum burst size

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 167
Which encryption technique is used for digital signatures?
A. DES
B. 3DES
C. RSA
D. AES

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Which of the following are valid authentication options for the Hardware Client? (Choose two) A. User Authentication
B. Unit Authentication
C. IP Address Authentication
D. Interactive Group Authentication

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 169
When there are multiple concurrent Cisco VPN Concentrator
administration sessions, what configuration privileges does each additional administrator have?

A. read and write privileges
B. monitor only
C. read only
D. all administrators have the same privileges

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 170
If the Hardware Client cannot contact a backup server, what action is taken?
A. It starts over from the top of the backup server list.
B. It downloads a new backup server list from the Concentrator.
C. The tunnel establishment process is terminated.
D. It searches for new backup list.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 171
Which is a correctly defined static CRL distribution point?
A. TFTP://10.0.1.51/CertEnroll/Austin.crl
B. FTP://10.0.1.51/CertEnroll/Austin.crl
C. HTTP://10.0.1.51/CertEnroll/Austin.crl
D. HTTPS://10.0.1.51/CertEnroll/Austin.crl

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Which of the following are valid backup server options? (Choose two)
A. use list configured on Radius Server
B. use list configured on Client
C. use list configured on TACACS+ Server
D. use list configured on Concentrator

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 173
What routing protocol does the Hardware Client support?
A. OSPF
B. RIP
C. EIGRP
D. none of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 174
The VPN Concentrator authenticates a remote peer during IKE negotiations by extracting the group information from a certificate. Prior to VPN Concentrator release 3.6, which certificate field had to match the VPN Concentrator’s group name?
A. CN field
B. OU field
C. O field
D. L field

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

There are a lot of sites provide the Cisco 642-511 exam certification and other training materials for you . Passcert is only website which can provide you Cisco 642-511 exam certification with high quality. In the guidance and help of Flydumps, you can through your Cisco 642-511 exam the first time. The Cisco 642-511 practice test provided by Flydumps are IT experts use their extensive knowledge and experience manufacturing out. It can help your future in the IT industry to the next level.

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

Cisco 642-511 Preparation Materials, Provide Latest Cisco 642-511 Practice Exam