Deploying Cisco ASA VPN Solutions

Be

IT C er
Total Questions:

tif ie d

Cisco EXAM 642-647

.c o

m
50

Question: 1
Which four advanced endpoint assessment statements are correct? (Choose four.) A. examine the remote computer for personnel firewalls applications B. examine the remote computer for antispyware applications C. examine the remote computer for malware applications D. examine the remote computer for antivirus applications E. performs active remediation by applying rules, activating modules, and providing updates where applicable F. does not perform any remediation but provides input that can be evaluated by DAP records

Question: 2

You work as network technician at Company.com you study the exhibit carefully.Exhibit:

Be

IT C er

tif ie d

.c o

Answer: A,B,D,E

Cisco AnyConnect profiles can be used to set which three options? (Choose three.) A. define a list of VPN gateways that are presented to users upon login B. define a list of backup servers if primary gateways are unavailable C. define a quarantine VLAN for remote devices that fail a host scan D. activate the SSL VPN tunnel as part of the Windows login sequence E. define a guest VLAN to allnoncompany Cisco IOS Web VPN users F. configure the Cisco Secure Desktop vault Answer: B,D,F

Question: 3
The administrator configured a Cisco ASA 5505 as a Cisco Easy VPN hardware client and also defined a list of Cisco Easy VPN backup servers in the Cisco ASA 5505.After an outage of the primary VPN hardware client has reconnected via a backup server that eas not defined within the original Cisco Easy VPN backup servers list. Where did your Cisco Easy VPN hardware client get this backup server? A. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client queried the load balance server for a newbackup server address. B. The backup servers that you listed were no longer available, so the Cisco Easy VNP hardware client queried and recevied from a predefined LDAP server a new backup server address. C. The backup servers that you listed were no longer available, so the Cisco Easy VNP hardware client queried the primary VPN server via RADIUS protocol for a new backup server address. D. The backup servers that you listed were no longer available ,so a Group Policy that was configured on the primary VPN server pushed new backup server addresses to your client.

IT C er

tif ie d

Question: 4

You work as network technician at Company.com..You study the exhibit carefully.Exhibit:

When the user a Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?

Be

.c o

Answer: D

A. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only) B. full restrictions (no Cisco ASDM, no CLI, no console access) C. full access with no restrictions D. full restricyions (no resd,no write, no execute permissions) Answer: C

Question: 5
For clientless SSL VPN users, bookmarks can be assigned to their portal. What are three methods for assigning bookmarks? (Choosw three.) A. User Policies B. the portal customization tool C. LDAP or RADIUS attributes D. Connection Profiles E. XML profiles F. Group Policies

tif ie d

Question: 6

Be

A. Group Policy B. IKE Policy C. Ipsec User profile D. Crypto Map E. Cisco Ipsec VPN SW Client > Client Profile

IT C er

After adding a remote-access Ipsec tunel VPN wizard, an administrator needs to ture the IKE policy parameters. Where is the correct place to ture IKE policy parameters?

Question: 7
An engineer, while working at the home office, wants to launch Cisco AnyConnect VPN Client to the corporate offices while simultaneously printing network designs on the home network. Without allowing access to the Internet, what are the two best ways for the administrator to configure this application to configure this application to make it happen? (Choose two.) A. Configure an exempted network list. B. Configure a standard access list and apply it to the network list. C. Select the tunnel network list below poliy. D. Select the exclude network list below policy. E. Select the tunnel all networks policy. F. Configure an extended access list and apply it to the network list Answer: D,F

.c o
Answer: A,C,F Answer: B