642-647 - Deploying Cisco ASA VPN Solutions (VPN v1.0)

Go back to Cisco

Example Questions

An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer connected to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what can you suggest? Which two statements about the Cisco ASA load balancing feature are correct? (Choose two.) Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page? Which statement regarding hashing is correct? A Unified Client Certificate will be used on the Cisco ASA to support what? An IT manager and a security manager are discussing the deployment options for clientless SSL VPN. They are trying to decide which groups are best suited for this new deployment option. Which two groups are the best candidates for the upcoming clientless SSL VPN rollout? (Choose two.) While configuring a new clientless SSL VPN group in Cisco ASDM, the administrator chooses to accept a number of the default parameter values. If the administrator decides to view the actual value for the parameter, rather than just checking the inherit box, the administrator can verify the default value for the group parameter under which default group? The administrator configured a Cisco ASA 5505 as a Cisco Easy VPN hardware client and also defined a list of Cisco Easy VPN backup servers in the Cisco ASA 5505. After an outage of the primary VPN server, you notice that your Cisco Easy VPN hardware client has now reconnected via a backup server that was not defined within the original Cisco Easy VPN backup servers list. Where did your Cisco Easy VPN hardware client get this backup server? Which statement about plug-ins is false? Which three statements are Cisco AnyConnect VPN Client deployment options? (Choose three.) When attempting to tunnel FTP traffic through a stateful firewall that may be performing NAT or PAT, which type of VPN tunneling should be used to allow the VPN traffic through the stateful firewall? Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. The finance employees need remote access to the software during non- business hours. The employees do not have "admin" privileges to their PCs. How would you configure the SSL VPN tunnel to allow this application to run? When initiating a new SSL or TLS session, the client receives the server SSL certificate and validates it. After validating the server certificate, what does the client use the certificate for? After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM? Upon receiving a digital certificate, what are three steps that a Cisco ASA will perform to authenticate the digital certificate? (Choose three.) Which statement is correct concerning the trusted network detection (TND) feature? Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSLVPN session. Which statement is correct concerning the SSLVPN authorization process? You have been using pre-shared keys for IKE authentication on your VPN. Your network has grown rapidly, and now you need to create VPNs with numerous IPsec peers. How can you enable scaling to numerous IPsec peers? The software-based Cisco IPsec VPN Client solution uses bidirectional authentication in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based IPsec VPN Client to Cisco ASA authentication methods? (Choose three.) After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IKE policy parameters. Where is the correct place to tune IKE policy parameters? In clientless SSL VPN, administrators can control user access to the internal network or resources of a company, based on what? Which three statements concerning keystroke logger detection are correct? (Choose three.) A temporary worker must use clientless SSL VPN with an SSH plug-in to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user be restricted to the one internal corporate server, 10.0.4.18. As the network engineer that is responsible for the network access of the temporary user, how can you restrict SSH access to the one projects.xyz.com server? An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer connected to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL.To get the connection to work and transfer the demonstration, what can you suggest? Which statement about Certificate Revocation List configuration is correct ?

Study Guides