Cisco 642-647 VCE , Latest Cisco 642-647 PDF Download Covers All Key Points
ATTENTION : Because Cisco 642-647 exam has change recently,Flydumps has updated the Cisco 642-647 exam dumps with all new Cisco 642-971 exam questions and answers, visit flydumps.com to get free Cisco 642-647 PDF and VCE dumps.
QUESTION 26
Which three statements are Cisco AnyConnect VPN Client deployment options? (Choose three.)
A. Configure the CiscoAnyConnect profile to automatically launch client or clientless SSL VPN upon discovering a trusted network.
B. Automatically download the CiscoAnyConnect VPN Client upon Cisco IOS WebVPN login.
C. Prompt user upon Cisco IOSWebVPN login to select client or clientless SSL VPN within X seconds.
D. Configure the CiscoAnyConnect profile to automatically disconnect the client or clientless SSL VPN tunnel upon discovering an untrusted network.
E. User manually launches client from SSL VPN clientless portal.
Correct Answer: BCE Explanation
Explanation/Reference:
QUESTION 27
An on-screen keyboard is a programmable SSL VPN option. Which three options are keyboard- configurable parameters that the administrator can enable or disable? (Choose three.)
A. Show only if Secure Desktop Vault is disabled.
B. Do not show onscreen keyboard.
C. Show only for the login page.
D. Show for all user input fields.
E. Show for all portal pages that require authentication.
F. Show for all plug-in pages.
Correct Answer: BCE Explanation
Explanation/Reference:
QUESTION 28
Which three statements concerning keystroke logger detection are correct? (Choose three.)
A. requires administrative privileges in order to run
B. runs on Windows and MAC OS X systems
C. detects loggers that run as a process or kernel module
D. detects both hardware- and software-based keystroke loggers
E. allows the administrator to define “safe” keystroke logger applications
Correct Answer: ACE Explanation
Explanation/Reference:
QUESTION 29
Which statement is correct concerning the trusted network detection (TND) feature?
A. The Cisco AnyConnect VPN Client v2.4 supports TND on Windows, Mac, and Linux platforms.
B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network.
C. If enabled and a Cisco Secure Desktop advanced endpoint scan determines that a host is a member of anuntrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client.
D. When the user is inside the corporate network, TND can be configured to automatically disconnect a CiscoAnyConnect session.
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 30
Refer to the exhibit. When the user acecontractora Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?
A. full restrictions (no Cisco ASDM, no CLI, no console access)
B. full restrictions (no read, no write, no execute permissions)
C. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only)
D. full access with no restrictions
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 31
For clientless SSL VPN users, bookmarks can be assigned to their portal. What are three methods for assigning bookmarks? (Choose three.)
A. Connection Profiles
B. Group Policies
C. XML profiles
D. LDAP or RADIUS attributes
E. the portal customization tool
F. User Policies
Correct Answer: BDF Explanation
Explanation/Reference:
QUESTION 32
While a Cisco AnyConnect SSL VPN tunnel is established, a system administrator wants to restrict remote home office users to either print to their local printer or send the remaining traffic down the Cisco AnyConnect SSL VPN tunnel (with restricted Internet access). Choose both a tunnel policy option and an ACL type to accomplish this design goal. (Choose two.)
A. Tunnel all networks
B. Tunnel network list below
C. Exclude network list from the tunnel
D. Standard ACL
E. Web ACL
F. Extended ACL
Correct Answer: CF Explanation
Explanation/Reference:
QUESTION 33
Which three webtype ACL statements are correct? (Choose three.)
A. are assigned per-Connection Profile
B. are assigned per-user or per-Group Policy
C. can be defined in the CiscoAnyConnect Profile Editor
D. supports URL pattern matching
E. supports implicit deny all at the end of the ACL
F. supports standard and extendedwebtype ACLs
Correct Answer: BDE Explanation
Explanation/Reference:
QUESTION 34
The LAN-to-LAN tunnel is not established, but an administrator can ping the remote Cisco ASA. Which three IPsec LAN-to-LAN configuration parameters should the administrator verify at both ends of the tunnel? (Choose three.) ActualTests.com
A. Pre-shared key
B. Extended Authentication password
C. Extended Authentication username
D. Crypto ACL source IP address
E. Crypto ACL destination IP address
F. Tunnel connection type-originate or answer
Correct Answer: ADE Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit. The ABC Corporation has a Cisco ASA in its test bed. A new network administrator is tasked with adding a smart-tunnel application to the existing configuration. The configuration will enable a “temp_worker” who is using Microsoft native RDP to have RDP access to server 10.0.4.4 only. Which statement is correct concerning the smart-tunnel configuration?
A. Thewebtype access list is misconfigured.
B. The smart-tunnel list parameter ismisconfigured.
C. The smart-tunnel group-policy parameters aremisconfigured.
D. The smart-tunnel configuration is configured correctly
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 36
Your corporation has contractors that need remote access to server desktops to diagnose issues and load software during nonbusiness hours. Which three clientless SSL VPN configurations would enable these contractors to access the desktop of remote servers? (Choose three.)
A. Xwindows bookmark by using the Xwindows plug-in
B. RDP bookmark by using the RDP plug-in
C. SCP bookmark by using SCP plug-in
D. VNC bookmark by using the VNC plug-in
E. SSH bookmark by using the SSH plug-in
F. Citrix plug-in by using the Citrix plug-in
Correct Answer: BDF Explanation
Explanation/Reference:
QUESTION 37
Which four advanced endpoint assessment statements are correct? (Choose four.)
A. examines the remote computer for personnel firewalls applications
B. examines the remote computer for antivirus applications
C. examines the remote computer for antispyware applications
D. examines the remote computer for malware applications
E. does not perform any remediation but provides input that can be evaluated by DAP records
F. performs active remediation by applying rules, activating modules, and providing updates where applicable
Correct Answer: ABCF Explanation
Explanation/Reference: QUESTION 38
A Unified Client Certificate will be used on the Cisco ASA to support what?
A. certificate + double AAA authentication
B. certificate + AAA authentication
C. certificate maps
D. Cisco ASA VPN clustering
Correct Answer: D Explanation Explanation/Reference:
QUESTION 39
ActualTests.com
Refer to the exhibit. After a remote user established a Cisco AnyConnect session from a wireless card through the Cisco ASA appliance of a partner to a remote
server, the user opened the Cisco AnyConnect VPN Client Statistics Details screen. Identify the two sources of the two IP addresses.
(Choose two.)
A. IP address that is assigned to the wireless Ethernet adapter of the remote user
B. IP address that is assigned to the remote user from the Cisco ASA address pool
C. IP address of the Cisco ASA physical interface of the partner
D. IP address of the Cisco ASA virtual http server of the partner
E. IP address of the default gateway router of the remote user ActualTests.com
F. IP address of the default gateway router of the partner
Correct Answer: BC Explanation
Explanation/Reference:
QUESTION 40
Which statement about plug-ins is false?
A. Plug-insdo not require any installation on the remote system.
B. Plug-ins require administrator privileges on the remote system
C. Plug-ins support interactive terminal access.
D. Plug-insare not supported on the Windows Mobile platform.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 41
Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSLVPN session. Which statement is correct concerning the SSLVPN authorization process?
A. Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server.
B. Remote clients can be authorized externally by applying group parameters from an external database.
C. Remote client authorization is supported by RADIUS and TACACS+ protocols.
D. Remote clients can be authorized by selecting a clientless SSLVPN profile-based Group Policy name and applying the parameters of the named group from a local database.
Correct Answer: D
Cisco 642-647 Testing Engine is an engine that can be downloaded and installed on your PC. This Cisco 642-647 engine is not only advanced and equipped with much more features, it is also not internet dependent, once installed. It enables you to see questions and answers in a simulated Cisco 642-647 exam environment. Working with Cisco 642-647 Testing Engine is like passing an actual Cisco 642-647 exam.