642-647 Exam Details

  • Exam Code
    :642-647
  • Exam Name
    :Deploying Cisco ASA VPN Solutions (VPN v1.0)
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :121 Q&As
  • Last Updated
    :Dec 09, 2021

Cisco 642-647 Online Questions & Answers

  • Question 81:

    A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are the network engineer who is responsible for the network access of the temporary user.

    What should you do to restrict SSH access to the one projects.xyz.com server?

    A. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.
    B. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.
    C. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.
    D. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

  • Question 82:

    When deploying clientless SSL VPNs, what should you do to support external unmanaged VPN clients?

    A. Deploy a private PKI service.
    B. Issue self-signed identity certificates for the external clients that you wish to provide with access to your enterprise.
    C. Configure policies specifically for the clients that have a group userID and password.
    D. Implement a global PKI service.

  • Question 83:

    SSL server-side authentication is used for a client to verify the identity of a server. This type of authentication is commonly used for servers that require secured transactions to protect user data or account information for online purchases. Which one of these steps is not a step in the authentication process?

    A. The client sends Hello to the server, listing all of its supported cipher suites.
    B. The server sends Hello to the client, listing all of its supported cipher suites.
    C. The server sends its certificate to the client.
    D. The client generates, encrypts, and sends a session key.
    E. The server sends Change Cipher Spec to indicate a shift to encrypted mode.

  • Question 84:

    Refer to the exhibit.

    The "level_2" digital certificate was installed on a laptop. What can cause an "invalid not active" status message?

    A. On first use, a CA server-supplied passphrase is entered to validate the certificate.
    B. A "newly installed" digital certificate does not become active until it is validated by the peer device upon its first usage.
    C. The user has not clicked the Verify button within the Cisco VPN Client.
    D. The CA server and laptop PC clocks are out of sync.

  • Question 85:

    Refer to the exhibit.

    You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication. Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?

    A. FTP
    B. LDAP
    C. HTTPS
    D. SCEP
    E. OCSP

  • Question 86:

    After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?

    A. IPsec user profile
    B. Crypto Map
    C. Group Policy
    D. IPsec Policy
    E. IKE Policy

  • Question 87:

    Refer to the exhibit.

    In the Edit Certificate Matching Rule Criterion window, you want to change the Mapped to Connection Profile. However, you cannot perform that action from this window.

    Where should you navigate to and what should you do, in order to perform this change?

    A. Edit the entry in the Certificate Management window.
    B. Edit the entry in the Connection Profiles window.
    C. Edit the entry in the Certificate to Connection Profile Maps window.
    D. Edit the entry in IKE Policies window.
    E. Delete this entry in the Mapping Criteria window, and add a new entry in the same location.

  • Question 88:

    Refer to following Exhibit and answer the following question below:

    Upon logging in, user, emploeyee1, gets two sets of privileges. Choose the two options that show the privileges that are held by employee1.(Choose two)

    A. Cisco ASDM, SSH, Telnet, and console access
    B. CLI login prompt for SSH, Telnet, and console only
    C. No Cisco ASDM, SSH, or console access
    D. Level 15
    E. Level 2
    F. Level 3

  • Question 89:

    What is a valid reason for configuring a list of backup servers on the Cisco AnyConnect VPN Client profile?

    A. to access a backup authentication server
    B. to access a backup DHCP server
    C. to access a backup VPN server
    D. to access a backup CA server

  • Question 90:

    Match the characteristic on the left with the correct IKE Mode on the right.

    Select and Place:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-647 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.