642-648 Exam Details

  • Exam Code
    :642-648
  • Exam Name
    :Deploying Cisco ASA VPN Solutions (VPN v2.0)
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :121 Q&As
  • Last Updated
    :Nov 22, 2021

Cisco 642-648 Online Questions & Answers

  • Question 11:

    You are the network security administrator. You receive a call from a user stating that he cannot log onto the network. In the process of troubleshooting, you determine that this user is accessing the network via certificate-based Cisco AnyConnect SSL VPN.

    What is a troubleshooting step that you should perform to determine the cause of the access problem?

    A. Revoke and reissue the certificate, and have the user try again.
    B. Verify that a connection can be made without using certificates.
    C. Ask the user to use IPsec, and test the connection attempts.
    D. Check the WebACLs on the Cisco ASA.

  • Question 12:

    Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?

    A. Single Sign-On
    B. Certificate to Profile Mapping
    C. Double Authentication
    D. RSA OTP

  • Question 13:

    Refer to following Exhibit and answer the following question below:

    Which group policy restricts the VPN user access to VLAN 100?

    A. Employee
    B. Contractor
    C. Management
    D. Engineering

  • Question 14:

    The software-based Cisco IPsec VPN Client solution uses bidirectional authentication, in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based Cisco IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)

    A. Unified Client Certificate authentication
    B. Secure Unit authentication
    C. Hybrid authentication
    D. Certificate authentication
    E. Group authentication

  • Question 15:

    You are the network security administrator troubleshooting a clientless SSL VPN issue. Users can connect using SSL VPN, but they cannot access file folder bookmarks that they need. Which problem could possibly cause this issue?

    A. a name mismatch from the certificate CN and the VPN URL
    B. misconfigured WebType ACLs
    C. disabled content rewriting
    D. disabled portal features

  • Question 16:

    Refer to the exhibit.

    When an SSL VPN user, contractor1, enters https://192.168.4.2 (the outside address of the Cisco ASA appliance) into the browser, an SSL VPN Login screen appears.

    In addition to the information that is contained in the Cisco ASDM configuration screens, what can an administrator determine about the state of the connection after the user clicks the Login button?

    A. The user login will succeed, and an IP address of 10.0.4.120 will be assigned.
    B. The user will be presented with a clientless VPN portal page.
    C. The user login will succeed, but the user will be connected to the "contractor" tunnel group.
    D. The login will fail.

  • Question 17:

    Which three options are characteristics of WebType ACLs? (Choose three.)

    A. They are assigned per-connection profile.
    B. They are assigned per-user or per-group policy.
    C. They can be defined in the Cisco AnyConnect Profile Editor.
    D. They support URL pattern matching.
    E. They support implicit deny all at the end of the ACL.
    F. They support standard and extended WebType ACLs.

  • Question 18:

    When configuring the Cisco ASA for VPN clustering, which IP address or addresses does the end-user device connect to?

    A. It connects to individual device addresses of the cluster as provided in the connection profile.
    B. It connects to the virtual address.
    C. The virtual cluster manager sends the IP address of the least loaded device. The client then connects directly to that device.
    D. The connection IP address is dependent upon whether the initiator is using SSL or IPsec.

  • Question 19:

    Which four parameters must be defined in an ISAKMP policy when you are creating an IPsec site-to-site VPN using the Cisco ASDM? (Choose four.)

    A. encryption algorithm
    B. hash algorithm
    C. authentication method
    D. IP address of remote IPsec peer
    E. D-H group
    F. perfect forward secrecy

  • Question 20:

    Cisco Secure Desktop seeks to minimize the risks that are posed by the use of remote devices in establishing a Cisco clientless SSL VPN or Cisco AnyConnect VPN Client session. Which two statements concerning the Cisco Secure Desktop Host Scan feature are correct? (Choose two.)

    A. It is performed before a user establishes a connection to the Cisco ASA.
    B. It is performed after a user establishes a connection to the Cisco ASA but before logging in.
    C. It is performed after a user logs in but before a group profile is applied.
    D. It is supported on endpoints that run a Windows operating system only.
    E. It is supported on endpoints that run Windows and MAC operating systems only.
    F. It is supported on endpoints that run Windows, MAC, and Linux operating systems.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-648 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.