Cisco 642-647 Online Practice
Questions and Exam Preparation
642-647 Exam Details
Exam Code
:642-647
Exam Name
:Deploying Cisco ASA VPN Solutions (VPN v1.0)
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:121 Q&As
Last Updated
:Dec 09, 2021
Cisco 642-647 Online Questions &
Answers
Question 21:
Which three Host Scan checks on a remote endpoint can you configure Cisco Secure Desktop to perform? (Choose three.)
A. registry checks B. user rights checks C. group policy objects checks D. file checks E. virus software checks F. process checks
A. registry checks D. file checks
http://www.cisco.com/en/US/docs/security/csd/csd341/configuration/guide/CSDhscan.html You can specify a set of registry entries, filenames, and process names, which form a part of Basic Host Scan. Host Scan, which includes Basic Host Scan and Endpoint Assessment, or Advanced Endpoint Assessment; occurs after the prelogin assessment but before the assignment of a DAP. Following the Basic Host Scan, the security appliance uses the login credentials, the host scan results, prelogin policy, and other criteria you configure to assign a DAP. See the sections that name the types of Basic Host Scan entries you would like to configure:稟dding a File Check稟dding a Registry Key Check稟dding a Process Check
Question 22:
You are the network security administrator. You receive a call from a user stating that he cannot log onto the network. In the process of troubleshooting, you determine that this user is accessing the network via certificate-based Cisco AnyConnect SSL VPN.
What is a troubleshooting step that you should perform to determine the cause of the access problem?
A. Revoke and reissue the certificate, and have the user try again. B. Verify that a connection can be made without using certificates. C. Ask the user to use IPsec, and test the connection attempts. D. Check the WebACLs on the Cisco ASA.
B. Verify that a connection can be made without using certificates.
Question 23:
A Cisco AnyConnect user profile can be pushed to the PC of a remote user from a Cisco ASA. Which three user profile parameters are configurable? (Choose three.)
A. Backup Server list B. DTLS Override C. Auto Reconnect D. Simultaneous Tunnels E. Connection Profile Lock F. Auto Update
A. Backup Server list C. Auto Reconnect F. Auto Update
Which three statements about clientless SSL VPN are true? (Choose three.)
A. Users are not tied to a particular PC or workstation. B. Users have full application access to internal corporate resources. C. Minimal IT support is required. D. Cisco AnyConnect SSL VPN software is automatically downloaded to the remote user at the start of the clientless session. E. For security reasons, browser cookies are disabled for clientless SSL VPN sessions. F. Clientless SSL VPN requires an SSL-enabled web browser.
A. Users are not tied to a particular PC or workstation. C. Minimal IT support is required. F. Clientless SSL VPN requires an SSL-enabled web browser.
Question 25:
Refer to the exhibit.
The ABC Corporation has a Cisco ASA in its test bed. A new network administrator is instructed to add a smart tunnel application to the existing configuration. The configuration will enable a "temp_worker" who is using Microsoft native RDP to have RDP access to server 10.0.4.4 only.
Which statement is correct concerning the smart-tunnel configuration?
A. The WebType access list is misconfigured. B. The smart tunnel list parameter is misconfigured. C. The smart tunnel group policy parameters are misconfigured. D. The smart tunnel configuration is configured correctly.
D. The smart tunnel configuration is configured correctly.
Question 26:
If CRL checking is enabled on the Cisco ASA, where can the Cisco ASA find the CRL?
A. The Cisco ASA polls the CA for an updated list at a predefined rate. B. The CA sends a CRL to the Cisco ASA directly at least once a week. C. The CRL distribution point is listed on the identity certificate. D. The CRL is sent out-of-band to the administrator at a negotiated rate, typically biweekly. E. The CRL distribution point can be configured in the Connection Profile or Group Policy.
C. The CRL distribution point is listed on the identity certificate.
Question 27:
Refer to the exhibit.
A new network engineer configured the ABC adaptive security appliance with two bookmarks for a new temporary worker. The temporary worker can connect to the administrator server via the temp_worker_admin bookmark but cannot
connect to the project server via the temp_worker_projects bookmark (which is grayed out). It was determined that the URL and IP addressing information in the GUI screens is correct.
What is wrong with the configuration?
A. URL Entry should be enabled. B. The File Server Entry Inherit parameter should be overwritten and set for enabled. C. The DNS server information is incorrect. D. File Server Browsing should be enabled.
C. The DNS server information is incorrect.
Question 28:
When configuring dead peer detection for remote-access VPN, what does the confidence level parameter represent?
A. It specifies the number of seconds the adaptive security appliance should allow a peer to idle before beginning keepalive monitoring. B. It specifies the number of seconds to wait between IKE keepalive retries. C. The higher the number, the more reliable the link is. D. It is determined dynamically based on reliability, uptime, and load.
A. It specifies the number of seconds the adaptive security appliance should allow a peer to idle before beginning keepalive monitoring.
Question 29:
Which four statements about the Advanced Endpoint Assessment are correct? (Choose four.)
A. It examines the remote computer for personal firewall applications. B. It examines the remote computer for antivirus applications. C. It examines the remote computer for antispyware applications. D. It examines the remote computer for malware applications. E. It does not perform any remediation, but it provides input that can be evaluated by DAP records. F. It performs active remediation by applying rules, activating modules, and providing updates where applicable.
A. It examines the remote computer for personal firewall applications. B. It examines the remote computer for antivirus applications. C. It examines the remote computer for antispyware applications. F. It performs active remediation by applying rules, activating modules, and providing updates where applicable.
Question 30:
Refer to the exhibit.
When the user "contractor" Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?
A. full restrictions (no Cisco ASDM, no CLI, no console access) B. full restrictions (no read, no write, no execute permissions) C. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only) D. full access with no restrictions
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 642-647 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.