Cisco 642-648 Actual Test, Most Popular Cisco 642-648 Study Guide Sale

Welcome to download the newest Dumpsoon 642-883 VCE dumps:

The Cisco 642-648 exams are conducted at some levels for testing the skills that are necessary for the networking fields. The  Cisco 642-648 Certification Exam exams are providing the methods for improving the quality of life. The  Cisco 642-648 exam sample questions is useful for solving the security integration problems. The Cisco 642-648 exam sample questions are found to be helpful not only for the job seekers, but also for the working professionals. Cisco 642-648 exam sample questions gives the solutions for the networking problems that are caused by latest developments.This Cisco 642-648 exam sample questions is a professional exam widely recognized by the professionals, it is highly focused by candidates.

QUESTION 57
Cisco Secure Desktop seeks to minimize the risks that are posed by the use of remote devices in establishing a Cisco clientless SSL VPN or Cisco AnyConnect VPN Client session. Which two statements concerning the Cisco Secure Desktop Host Scan feature are correct? (Choose two.)
A. It is performed before a user establishes a connection to the Cisco ASA.
B. It is performed after a user establishes a connection to the Cisco ASA but before logging in.
C. It is performed after a user logs in but before a group profile is applied.
D. It is supported on endpoints that run a Windows operating system only.
E. It is supported on endpoints that run Windows and MAC operating systems only.
F. It is supported on endpoints that run Windows, MAC, and Linux operating systems.

Correct Answer: BF Section: (none) Explanation
QUESTION 58
Which four statements about the Advanced Endpoint Assessment are correct? (Choose four.)
A. It examines the remote computer for personal firewall applications. “First Test, First Pass” – www.lead2pass.com 23 Cisco 642-648 Exam
B. It examines the remote computer for antivirus applications.
C. It examines the remote computer for antispyware applications.
D. It examines the remote computer for malware applications.
E. It does not perform any remediation, but it provides input that can be evaluated by DAP records.
F. It performs active remediation by applying rules, activating modules, and providing updates where applicable.

Correct Answer: ABCF Section: (none) Explanation
QUESTION 59
The software-based Cisco IPsec VPN Client solution uses bidirectional authentication, in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based Cisco IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)
A. Unified Client Certificate authentication
B. Secure Unit authentication
C. Hybrid authentication
D. Certificate authentication
E. Group authentication

Correct Answer: CDE Section: (none) Explanation
QUESTION 60
Which two options are correct regarding IKE and IPv6 VPN support on the Cisco ASA using version 8.4? (Choose two.)
A. The Cisco ASA supports full IKEv2 IPv6 for site-to-site VPNs only.
B. The Cisco ASA supports full IKEv2 IPv6 for remote-access VPNs.
C. The Cisco ASA supports IKEv1 and IKEv2 configuration on the same crypto map.
D. The Cisco ASA supports negotiation of authentication type using IKEv2 with IPv6.
E. The Cisco ASA supports all types of VPN configurations when using IPv6

Correct Answer: AC Section: (none) Explanation
QUESTION 61
In Cisco ASDM v6.4, what are four ways to implement single sign-on (SSO)? (Choose four.)
A. Use SSO for smart tunnels.
B. Use Kerberos SSO.
C. Use the HTTP Form protocol.
D. Use a dedicated SSO server.
E. Use SSO for application plug-ins.
F. Use auto sign-on for servers that do not require authentication credentials.

Correct Answer: ACDE Section: (none) Explanation
QUESTION 62
An on-screen keyboard is a programmable SSL VPN option. Which three options are keyboard-configurable parameters that the administrator can enable or disable? (Choose three.)
“First Test, First Pass” – www.lead2pass.com 24 Cisco 642-648 Exam
A. Show only if Secure Desktop Vault is disabled.
B. Do not show onscreen keyboard.
C. Show only for the login page.
D. Show for all user input fields.
E. Show for all portal pages that require authentication.
F. Show for all plug-in pages.

Correct Answer: BCE Section: (none) Explanation QUESTION 63
Which three statements concerning keystroke logger detection are correct? (Choose three.)
A. It requires administrative privileges in order to run.
B. It runs on Windows and MAC OS X systems.
C. It detects loggers that run as a process or kernel module.
D. It detects both hardware- and software-based keystroke loggers.
E. It allows the administrator to define “safe” keystroke logger applications.

Correct Answer: ACE Section: (none) Explanation
QUESTION 64
Cisco AnyConnect profiles can be used to set which three options? (Choose three.)
A. Define a list of VPN gateways that are presented to users upon login.
B. Define a quarantine VLAN for remote devices that fail a host scan.
C. Define a guest VLAN to all “noncompany” Cisco IOS WebVPN users.
D. Define a list of backup servers if primary gateways are unavailable.
E. Activate the SSL VPN tunnel as part of the Windows login sequence.
F. Configure the Cisco Secure Desktop vault.

Correct Answer: ADE Section: (none) Explanation
QUESTION 65
Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)
A. LDAP
B. FTP
C. TFTP
D. HTTP
E. SCEP
F. Manual

Correct Answer: EF Section: (none) Explanation
QUESTION 66
Which four parameters must be defined in an ISAKMP policy when you are creating an IPsec site-
“First Test, First Pass” – www.lead2pass.com 25 Cisco 642-648 Exam
to-site VPN using the Cisco ASDM? (Choose four.)
A. encryption algorithm
B. hash algorithm
C. authentication method
D. IP address of remote IPsec peer
E. D-H group
F. perfect forward secrecy

Correct Answer: ABCE Section: (none) Explanation
QUESTION 67
Refer to the exhibit. As the administrator of a Cisco ASA security appliance for remote-access IPsec VPNs,
you are assisting a user who has a digital certificate that is configured for the Cisco VPN Client.
Based on the exhibit, what do you do to find the MD5 thumbprint of the “level_2” certificate?
A. Choose the certificate, then click Status > Certificates from the menu bar.
B. Choose the certificate, then click the View button.
C. Choose the certificate, then click Options > Properties from the menu bar.
D. Choose the certificate, then click the Verify button.

Correct Answer: B Section: (none) Explanation
QUESTION 68
Which two statements about the Cisco ASA cluster load-balancing feature are correct? (Choose two.)
A. The Cisco ASA load-balances both site-to-site and remote-access VPN tunnels.
B. The Cisco ASA load-balances remote-access VPN tunnels only.
C. The Cisco ASA load-balances IPsec VPN tunnels only.
D. The Cisco ASA load-balances IPsec VPN and Cisco AnyConnect SSL VPN tunnels only.
E. The Cisco ASA load-balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels. “First Test, First Pass” – www.lead2pass.com 26 Cisco 642-648 Exam

Correct Answer: BE Section: (none) Explanation
QUESTION 69
Refer to the exhibit. When you are testing SSL VPN in a non-production environment, certain variables in the Cisco ASDM session details can be viewed or changed under Configuration > AnyConnect Connection
Profiles.
Which parameter can be viewed or changed in the AnyConnect Connection Profiles?
A. Assigned IP address 10.0.1.50
B. Client TypE. SSL VPN Client
C. Authentication ModE. Certificate and User Password
D. Client Ver: Cisco AnyConnect VPN Agent for Windows

Correct Answer: C Section: (none) Explanation
QUESTION 70
A Cisco AnyConnect user profile can be pushed to the PC of a remote user from a Cisco ASA. Which three user profile parameters are configurable? (Choose three.)
A. Backup Server list
B. DTLS Override
C. Auto Reconnect D. Simultaneous Tunnels
E. Connection Profile Lock “First Test, First Pass” – www.lead2pass.com 27 Cisco 642-648 Exam
F. Auto Update

Correct Answer: ACF Section: (none) Explanation
QUESTION 71
Lab

“First Test, First Pass” – www.lead2pass.com 28 Cisco 642-648 Exam

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Here is the solution step by step below:
ip local pool contractor 10.1.4.50-10.1.4.70 mask 255.255.255.0 group-policy contractor internal group-policy contractor attributes vpn-tunnel-protocol ssl-clientless ssl-client banner value Welcome Contractors exit tunnel-group contractor type remote-access tunnel-group contractor general-attributes default-group-policy Contractors address-pool contractor tunnel-group contractors webvpn-attributes group-alias contractor enable group-url https://192.168.4.2/Contractor enable username contractor1 password cisco privilege 2 username contractor1 attributes service-type remote-access vpn-group-policy contractors exit
QUESTION 72
Drag and Drop Question.

“First Test, First Pass” – www.lead2pass.com 29 Cisco 642-648 Exam
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

QUESTION 73
Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates
for authentication.
Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?
A. FTP
B. LDAP
C. HTTPS
D. SCEP
E. OCSP

Correct Answer: D Section: (none) Explanation
QUESTION 74
Which statement is correct concerning the trusted network detection (TND) feature?
“First Test, First Pass” – www.lead2pass.com 30 Cisco 642-648 Exam
A. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms.
B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network.
C. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client.
D. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session.

Correct Answer: D Section: (none) Explanation
QUESTION 75
When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use?
A. Configure the Cisco ASA appliance for split tunneling.
B. Configure network access exceptions in the SSL VPN customization editor.
C. Configure the Cisco ASA appliance to disable content rewriting.
D. Configure the Cisco ASA appliance to enable URL Entry bypass.
E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function.

Correct Answer: C Section: (none) Explanation
QUESTION 76
Refer to the exhibit. The “level_2” digital certificate was installed on a laptop. What can cause an “invaliD. not active” status message?

A. On first use, a CA server-supplied passphrase is entered to validate the certificate.
B. A “newly installed” digital certificate does not become active until it is validated by the peer device upon its first usage.
C. The user has not clicked the Verify button within the Cisco VPN Client.
D. The CA server and laptop PC clocks are out of sync. “First Test, First Pass” – www.lead2pass.com 31 Cisco 642-648 Exam

Correct Answer: D Section: (none) Explanation
QUESTION 77
Refer to the exhibit. A NOC engineer is in the process of entering information into the Create New VPN
Connection Entry fields.
Which statement correctly describes how to do this?
A. In the Connection Entry field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.
B. In the Host field, enter the IP address of the remote client device.
C. In the Authentication tab, click the Group Authentication or Mutual Group Authentication radio button to enable symmetrical pre-shared key authentication.
D. In the Name field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.

Correct Answer: D Section: (none) Explanation
QUESTION 78
An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do?
“First Test, First Pass” – www.lead2pass.com 32 Cisco 642-648 Exam
A. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.
B. Enable the local LAN access option on the IPsec client.
C. Enable the IPsec over TCP option on the IPsec client.
D. Enable the clientless SSL VPN option on the PC.

Correct Answer: C Section: (none) Explanation QUESTION 79
Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct?

A. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.
B. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2.
C. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.
D. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.
E. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets.

Correct Answer: B Section: (none) Explanation
QUESTION 80
Refer to the exhibit. While configuring a site-to-site VPN tunnel, a new NOC engineer encounters the
Reverse Route Injection parameter.
Assuming that static routes are redistributed by the Cisco ASA to the IGP, what effect does enabling
Reverse Route Injection on the local Cisco ASA have on a configuration?

“First Test, First Pass” – www.lead2pass.com 33
Cisco 642-648 Exam
A. The local Cisco ASA advertises its default routes to the distant end of the site-to-site VPN tunnel.
B. The local Cisco ASA advertises routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
C. The local Cisco ASA advertises routes that are at the distant end of the site-to-site VPN tunnel.
D. The local Cisco ASA advertises routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.

Correct Answer: C Section: (none) Explanation
QUESTION 81
Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes?
“First Test, First Pass” – www.lead2pass.com 34 Cisco 642-648 Exam

A. “engineering” Group Policy
B. “contractor” Connection Profile
C. “engineer1” AAA/Local Users
D. DfltGrpPolicy Group Policy

Correct Answer: B Section: (none) Explanation

Together with FLYDUMPS Cisco 642-648 exam sample questions, you may successfully pass quality inside initially look at. You’ll be able to get a hold of free of charge Cisco 642-648 certification books demo through yourself from web site immediately. Cisco 642-648 exam sample questions queries excellent and usablity individuals perform review prior to deciding to buy the idea. Cisco 642-648 exam sample questions is among the greatest qualification by CIW thus your competitors are actually difficult. FLYDUMPS gives you respond to. Growing Cisco 642-648 Other Certification review is difficult.Cisco 642-648 Other Certification good results are only able to become guaranteed by using proper training.

Welcome to download the newest Dumpsoon 642-883 VCE dumps: http://www.dumpsoon.com/642-883.html

SAP C-TADM51-70 Dumps, Sale Best SAP C-TADM51-70 Practice Test Sale