Deploying Cisco ASA VPN Solutions

  • Published on
    28-Mar-2016

  • View
    213

  • Download
    0

Embed Size (px)

DESCRIPTION

http://www.testsexpert.com/642-647.html Deploying Cisco ASA VPN Solutions

Transcript

  • 642647 Deploying Cisco ASA VPN Solutions http://www.testsexpert.com/642-647.html

  • www.testsexpert.com 2

    Question:1TheadministratorconfiguredaCiscoASA5505asaCiscoEasyVPNhardwareclientandalsodefinedalistofCiscoEasyVPNbackupserversintheCiscoASA5505.AfteranoutageoftheprimaryVPNserver,younoticethatyourCiscoEasyVPNhardwareclienthasnowreconnectedviaabackupserverthatwasnotdefinedwithintheoriginalCiscoEasyVPNbackupserverslist.WheredidyourCiscoEasyVPNhardwareclientgetthisbackupserver?A.Thebackupserversthatyoulistedwerenolongeravailable,sotheCiscoEasyVPNhardwareclientqueriedtheloadbalanceserverfora"new"backupserveraddress.B.Thebackupserversthatyoulistedwerenolongeravailable,soaGroupPolicythatwasconfiguredontheprimaryVPNserverpushed"new"backupserveraddressestoyourclient.C.Thebackupserversthatyoulistedwerenolongeravailable,sotheCiscoEasyVPNhardwareclientqueriedtheprimaryVPNserverviaRADIUSprotocolfora"new"backupserveraddress.D.Thebackupserversthatyoulistedwerenolongeravailable,sotheCiscoEasyVPNhardwareclientqueriedandreceivedfromapredefinedLDAPservera"new"backupserveraddress.

    Answer:B

    Question:2AnXYZCorporationsystemsengineer,whilemakingasalescallontheABCCorporationheadquarters,triedtoaccesstheXYZsalesdemonstrationfoldertotransferademonstrationviaFTPfromanABCconferenceroombehindthefirewall.TheengineercouldnotreachXYZthroughtheremoteaccessVPNtunnel.Fromhomethepreviousday,however,theengineerconnectedtotheXYZsalesdemonstrationfolderandtransferredthedemonstrationviaIPsecoverDSL.Togettheconnectiontoworkandtransferthedemonstration,whatcanyousuggest?A.ChangetheMTUsizeontheIPsecclienttoaccountforthechangefromDSLtocabletransmission.B.EnablethelocalLANaccessoptionontheIPsecclient.C.EnabletheIPsecoverTCPoptionontheIPsecclient.D.EnabletheclientlessSSLVPNoptiononthePC

    Answer:A

    Question:3Refertotheexhibit.

  • www.testsexpert.com

    FortheABCCorporation,membersoftheNOCneedtheabilitytoselecttunnelgroupsfromadropdownmenuontheCiscoIOSWebVPNloginpage.AstheCiscoASAadministrator,howwouldyouaccomplishthistask?A.DefineaspecialidentitycertificatewithmultiplegroupsthataredefinedinthecertificateOUfieldthatwillgrantthecertificateholderaccesstothenamedgroupsontheloginpage.B.UnderGroupPolicies,defineadefaultgroupthatencompassestherequiredindividualgroupsthatwouldappearontheloginpage.C.UnderConnectionProfiles,defineaNOCprofilethatencompassestherequiredindividualprofilesthatwouldappearontheloginpage.D.UnderConnectionProfiles,enablegroupselectionfromtheloginpage.

    Answer:D

    3

  • www.testsexpert.com

    Question:4

    WhichfourparametersmustbedefinedinanISAKMPpolicywhencreatinganIPsecsitetositeVPNusingtheCiscoASDM?(Choosefour.)A.encryptionalgorithmB.hashalgorithmC.authenticationmethodD.IPaddressofremoteIPsecpeerE.DHgroupF.perfectforwardsecrecy

    Answer:A,B,C,E

    Question:5AnadministratorhaspreconfiguredtheCiscoASA5505usersettingswithausernameandapassword.WhenthetelecommuterfirstturnsontheCiscoASA5505andattemptstoestablishaVPNtunnel,theuserispromptedforausernameandpassword.WhichtwoCiscoASA5505GroupPolicyfeaturesrequirethisextralevelofauthentication?(Choosetwo.)

    4

  • www.testsexpert.com

    A.NewUnitAuthenticationB.ExtendedGroupAuthenticationC.SecureUnitAuthenticationD.RoleBasedAccessControlAuthenticationE.CompartmentedModeAuthenticationF.IndividualUserAuthentication

    Answer:C,F

    Question:6Refertotheexhibit.

    WhichtwostatementsarecorrectregardingthesetwoCiscoASAclientlessSSLVPNbookmarks?(Choosetwo.)A.CSCO_WEBVPN_USERNAMEisauserattribute.B.CSCO_WEBVPN_USERNAMEisaCiscopredefinedvariablethatisusedformacrosubstitution.C.TheCSCO_WEBVPN_USERNAMEvariableisenabledbyusingthePostSSOplugin.D.CSCO_SSOisaCiscopredefinedvariablethatisusedformacrosubstitution.E.TheCSCO_SSO=1parameterenablesSSOfortheSSHplugin.F.TheCSCO_SSOvariableisenabledbyusingthePostSSOplugin.

    Answer:B,E

    Question:7WhichCiscoASASSLVPNfeatureprovidessupportforPCIcompliancebyallowingforthevalidationoftwosetsofusernameandpasswordcredentialsontheSSLVPNloginpage?A.SingleSignOnB.CertificatetoProfileMappingC.DoubleAuthenticationD.RSAOTP

    Answer:D

    5

  • www.testsexpert.com 6

    Question:8WhichtwotypesofdigitalcertificateenrollmentprocessesareavailablefortheCiscoASAsecurityappliance?(Choosetwo.)A.LDAPB.FTPC.TFTPD.HTTPE.SCEPF.Manual

    Answer:E,F

    Question:9YourcorporatefinancedepartmentpurchasedanewnonwebbasedTCPapplicationtooltorunononeofitsservers.Thefinanceemployeesneedremoteaccesstothesoftwareduringnonbusinesshours.Theemployeesdonothave"admin"privilegestotheirPCs.HowwouldyouconfiguretheSSLVPNtunneltoallowthisapplicationtorun?A.Configureasmarttunnelfortheapplication.B.Configurea"financetool"VNCbookmarkontheemployeeclientlessSSLVPNportal.C.Configurethepluginthatbestfitstheapplication.D.ConfiguretheCiscoASAappliancetodownloadtheCiscoAnyConnectSSLVPNclienttothefinanceemployeeeachtimeanSSLVPNtunnelisestablished.

    Answer:A

    Question:10Refertotheexhibit.

  • www.testsexpert.com

    AnewnetworkengineerconfiguredtheABCadaptivesecurityappliancewithtwobookmarksforanewtemporaryemployee.Thetemporaryworkercanconnecttotheadministratorserverviathetemp_worker_adminbookmarkbutcannotconnecttotheprojectserverviathetemp_worker_projects(greyedout)bookmark.ItwasdeterminedthattheURLandIPaddressinginformationintheGUIscreensiscorrect.Whatiswrongwiththeconfiguration?A.URLEntryshouldbeenabled.B.TheFileServerEntryInheritparametershouldbeoverwrittenandsetforenabled.C.TheDNSserverinformationisincorrect.D.FileServerBrowsingshouldbeenabled

    Answer:C

    7

  • www.testsexpert.com 8

    YouwillnotfindbetterpracticematerialthantestsexpertPDfquestionswithanswersonthewebbecauseitprovidesrealexamspreparationenvironment.OurpracticetestsandPDFquestion,answersaredevelopedbyindustryleadingexpertsaccordingtotherealexamscenario.Atthemomentweprovidesonlyquestionwithdetailedanswersataffordablecost.Youwillnotfindcomparativematerialelsewhereonthewebatthisprice.WeofferCisco,Microsoft,HP,IBM,Adobe,Comptia,Oracleexamstrainingmaterialandmanymore.

    We also provide PDF Training Material for: Cisco Microsoft HP IBM Adobe Comptia OracleCCNA MCTS AIS Lotus CS4 A+ 11gDBACCNP MCSE APC WebSphere CS3 Security+ 10gDBACCIP MCITP APS Mastery ACE Server+ OSA10gCCIE MBS ASE SOA CS5 Network+ OCA9iCCVP MCPD CSA Storage CS2 Linux+ 11iCCSP MCAD MASE Rational Captivate iNet+ 9iFormsCXFF MCAS APP Tivoli Flex Project+ WeblogicCCENT MCSA CSD IBMDB2 CSM RFID+ Oracle8iCCDE MCDBA CSE IBMXML MX7 HTI+ PTADCE

    Weprovidelatestexamspreparationmaterialonly.

    Contact US at: support@testsexpert.com

    Join Us at

    Twitter: www.twitter.com/testsexpert

    FaceBook: www.facebook.com/testsexpert

    http://www.testsexpert.com/642-647.html

Recommended

View more >