Cisco 642-648 Actual Test, Most Popular Cisco 642-648 Exam Demo UP To 50% Off

No doubt, Cisco 642-648 exam is worth challenging task but you should not feel hesitant against the confronting difficulties.Get a complete hold on Cisco 642-648 exam syllabus through Flydumps training and boost up your skills.What’s more,all the brain dumps are the latest.

QUESTION 26
If CRL checking is enabled on the Cisco ASA, where can the Cisco ASA find the CRL?
A. The Cisco ASA polls the CA for an updated list at a predefined rate.
B. The CA sends a CRL to the Cisco ASA directly at least once a week.
C. The CRL distribution point is listed on the identity certificate.
D. The CRL is sent out-of-band to the administrator at a negotiated rate, typically biweekly.
E. The CRL distribution point can be configured in the Connection Profile or Group Policy.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 27
With SCEP enabled in a Cisco AnyConnect Connection Profile, what additional configuration step must you do when using Cisco ASA 8.4 software?
A. Configure local authentication prior to the enrollment process.
B. Configure the client to poll the CA for a response to the certificate request.
C. Configure the location of the CA server.
D. Configure the profile to inherit the SCEP forwarding URL.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 28
After a remote user established a Cisco AnyConnect session from a wireless card through the
Cisco ASA appliance of a partner to a remote server, the user opened the Cisco AnyConnect VPN
Client Statistics Details screen.
What are the two sources of the IP addresses that are marked A and B? (Choose two.)

Exhibit:

A. IP address that is assigned to the wireless Ethernet adapter of the remote user
B. IP address that is assigned to the remote user from the Cisco ASA address pool
C. IP address of the Cisco ASA physical interface of the partner
D. IP address of the Cisco ASA virtual HTTP server of the partner
E. IP address of the default gateway router of the remote user
F. IP address of the default gateway router of the partner
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 29
In Cisco ASA Software Release 8.4.1, which three plug-ins are Cisco ASA-supported plug-ins? (Choose three.)
A. SSH
B. TN3270
C. SCP
D. RDP
E. ICA
F. ARAP
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 30
To enable the Cisco ASA Host Scan with remediation capabilities, an administrator must have which two Cisco ASA licenses enabled on its security appliance? (Choose two.)
A. Cisco AnyConnect Premium license
B. Cisco AnyConnect Essentials license
C. Cisco AnyConnect Mobile license
D. Host Scan license
E. Advanced Endpoint Assessment license
F. Cisco Security Agent license
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 31
An engineer, while working at a home office, wants to launch the Cisco AnyConnect Client to the corporate offices while simultaneously printing network designs on the home network. Without allowing access to the Internet, what are the two best ways for the administrator to configure this application? (Choose two.)
A. Select the Tunnel All Networks policy.
B. Select the Tunnel Network List Below policy.
C. Select the Exclude Network List Below policy.
D. Configure an exempted network list.
E. Configure a standard access list and apply it to the network list.
F. Configure an extended access list and apply it to the network list.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 32
ABC Corporation has hired a temporary worker to help out with a new project. The network
administrator gives you the task of restricting the internal clientless SSL VPN network access of
the temporary worker to one server with the IP address of 172.26.26.50 via HTTP.
Which two actions should you take to complete the assignment? (Choose two.)

A. Configure access-list temp_acl webtype permit url http://172.26.26.50.
B. Configure access-list temp_acl_stand_ACL standard permit host 172.26.26.50.
C. Configure access-list temp_acl_extended extended permit http any host 172.26.26.50.
D. Apply the access list to the temporary worker Group Policy.
E. Apply the access list to the temporary worker Connection Profile.
F. Apply the access list to the outside interface in the inbound direction.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 33
In which three ways can a Cisco ASA security appliance obtain a certificate revocation list? (Choose three.)
A. FTP
B. SCEP
C. TFTP
D. HTTP
E. LDAP
F. SCP
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 34
An IT manager and a Security manager are discussing the deployment options for clientless SSL VPN. They are trying to decide which groups are best suited for this new deployment option. Which two groups are the best candidates for the clientless SSL VPN rollout? (Choose two.)
A. an IT administrator who needs to manage servers from a corporate laptop
B. employees who need occasional access to check their email accounts
C. a vendor who needs access to confidential corporate presentations via Secure FTP
D. customers who need interactive access to the corporate invoice server
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Your corporation has contractors that need remote access to server desktops, in order to diagnose issues and load software during nonbusiness hours. Which three clientless SSL VPN configurations allow these contractors to access the desktops of remote servers? (Choose three.)
A. XWindows bookmark by using the XWindows plug-in
B. RDP bookmark by using the RDP plug-in
C. SCP bookmark by using SCP plug-in
D. VNC bookmark by using the VNC plug-in
E. SSH bookmark by using the SSH plug-in F. Citrix plug-in by using the Citrix plug-in
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which three Host Scan checks on a remote endpoint can you configure Cisco Secure Desktop to perform? (Choose three.)
A. registry checks
B. user rights checks
C. group policy objects checks
D. file checks
E. virus software checks
F. process checks
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Which three statements about clientless SSL VPN are true? (Choose three.)
A. Users are not tied to a particular PC or workstation.
B. Users have full application access to internal corporate resources.
C. Minimal IT support is required.
D. Cisco AnyConnect SSL VPN software is automatically downloaded to the remote user at the start of the clientless session.
E. For security reasons, browser cookies are disabled for clientless SSL VPN sessions.
F. Clientless SSL VPN requires an SSL-enabled web browser.
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 38
A remote user who establishes a clientless SSL VPN session is presented with a web page. The administrator has the option to customize the “look and feel” of the page. What are three components of the VPN Customization Editor? (Choose three.)
A. Application page
B. Logon page
C. Networking page
D. Logout page
E. Home page
F. Portal page
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 39
When establishing a Cisco AnyConnect SSL VPN tunnel, a system administrator wants to restrict
remote home office users to either print to their local printer or send the remaining traffic down the
Cisco AnyConnect SSL VPN tunnel (with restricted Internet access).
Choose both a tunnel policy option and an ACL type to accomplish this design goal. (Choose two.)

A. tunnel all networks
B. tunnel network list below
C. exclude network list from the tunnel
D. standard ACL
E. web ACL
F. extended ACL
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 40
The LAN-to-LAN tunnel is not established, but an administrator can ping the remote Cisco ASA. Which three IPsec LAN-to-LAN configuration parameters should the administrator verify at both ends of the tunnel? (Choose three.)
A. pre-shared key
B. extended authentication password
C. extended authentication username
D. crypto ACL source IP address
E. crypto ACL destination IP address
F. tunnel connection-typE. originate or answer
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference: Exam C
QUESTION 1
Upon receiving a digital certificate, what are three steps that a Cisco ASA performs to authenticate the digital certificate? (Choose three.)
A. The identity certificate validity period is verified against the system clock of the Cisco ASA.
B. The identity certificate thumbprint is validated using the private key of the stored CA.
C. The identity certificate signature is validated by using the stored root certificate.
D. The signature is validated by using the stored identity certificate.
E. If enabled, the Cisco ASA locates the CRL and validates the identity certificate.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 2
You are configuring bookmarks for the clientless SSL VPN portal without the use of plug-ins. Which three bookmark types are supported? (Choose three.)
A. RDP
B. HTTP
C. FTP
D. CIFS
E. SSH
F. Telnet
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 3
What are three methods for VPN address assignment? (Choose three.)
A. RADIUS authentication server
B. Kerberos server
C. internal address pool
D. RSA SecureID authentication server
E. LDAP server
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues. Choose three characteristics of DTLS. (Choose three.)
A. It uses TLS to negotiate and establish DTLS connections.
B. It uses DTLS to transmit datagrams.
C. It is disabled by default.
D. It uses TLS for data packet retransmission.
E. It replaces underlying transport layer with UDP 443.
F. It uses TLS to provide low-latency video application tunneling.
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which three options are characteristics of WebType ACLs? (Choose three.)
A. They are assigned per-connection profile.
B. They are assigned per-user or per-group policy.
C. They can be defined in the Cisco AnyConnect Profile Editor.
D. They support URL pattern matching.
E. They support implicit deny all at the end of the ACL.
F. They support standard and extended WebType ACLs.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 6
For clientless SSL VPN users, bookmarks can be assigned to their portal. What are three methods for assigning bookmarks? (Choose three.)
A. connection profiles
B. group policies
C. XML profiles
D. LDAP or RADIUS attributes
E. the portal customization tool
F. user policies
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Your IT department needs to run a custom-built TCP application within the clientless SSL VPN tunnel. The network administrator suggests running the smart tunnel application. Which three statements concerning smart tunnel applications are true? (Choose three.)
A. They support active FTP and other RTSP-based applications.
B. They do not require administrator privileges on the remote system.
C. They require the enabling of port forwarding.
D. They are supported on Windows and MAC OS X platforms.
E. They support native client applications over SSL VPN.
F. They require the modification of the Host file on the end-user PC.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When deploying clientless SSL VPN advanced application access, the administrator needs to collect information about the end-user system. Which three input parameters of an end-user system are important for the administrator to identify? (Choose three.)
A. types of applications and application protocols that are supported
B. types of encryption that are supported on the end-user system
C. the local privilege level of the remote user
D. types of wireless security that are applied to the end-user tunnel interface
E. types of operating systems that are supported on the end-user system
F. type of antivirus software that is supported on the end-user system
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Cisco Secure Desktop seeks to minimize the risks that are posed by the use of remote devices in establishing a Cisco clientless SSL VPN or Cisco AnyConnect VPN Client session. Which two statements concerning the Cisco Secure Desktop Host Scan feature are correct? (Choose two.)
A. It is performed before a user establishes a connection to the Cisco ASA.
B. It is performed after a user establishes a connection to the Cisco ASA but before logging in.
C. It is performed after a user logs in but before a group profile is applied.
D. It is supported on endpoints that run a Windows operating system only.
E. It is supported on endpoints that run Windows and MAC operating systems only.
F. It is supported on endpoints that run Windows, MAC, and Linux operating systems.
Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which four statements about the Advanced Endpoint Assessment are correct? (Choose four.)
A. It examines the remote computer for personal firewall applications.
B. It examines the remote computer for antivirus applications.
C. It examines the remote computer for antispyware applications.
D. It examines the remote computer for malware applications.
E. It does not perform any remediation, but it provides input that can be evaluated by DAP records.
F. It performs active remediation by applying rules, activating modules, and providing updates where applicable.
Correct Answer: ABCF Section: (none) Explanation
Explanation/Reference:
QUESTION 11
The software-based Cisco IPsec VPN Client solution uses bidirectional authentication, in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based Cisco IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)
A. Unified Client Certificate authentication
B. Secure Unit authentication
C. Hybrid authentication
D. Certificate authentication
E. Group authentication
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which two options are correct regarding IKE and IPv6 VPN support on the Cisco ASA using version 8.4? (Choose two.)
A. The Cisco ASA supports full IKEv2 IPv6 for site-to-site VPNs only.
B. The Cisco ASA supports full IKEv2 IPv6 for remote-access VPNs.
C. The Cisco ASA supports IKEv1 and IKEv2 configuration on the same crypto map.
D. The Cisco ASA supports negotiation of authentication type using IKEv2 with IPv6.
E. The Cisco ASA supports all types of VPN configurations when using IPv6
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 13
In Cisco ASDM v6.4, what are four ways to implement single sign-on (SSO)? (Choose four.)
A. Use SSO for smart tunnels.
B. Use Kerberos SSO.
C. Use the HTTP Form protocol.
D. Use a dedicated SSO server.
E. Use SSO for application plug-ins.
F. Use auto sign-on for servers that do not require authentication credentials.
Correct Answer: ACDE Section: (none) Explanation Explanation/Reference:
QUESTION 14
An on-screen keyboard is a programmable SSL VPN option. Which three options are keyboard-configurable parameters that the administrator can enable or disable? (Choose three.)
A. Show only if Secure Desktop Vault is disabled.
B. Do not show onscreen keyboard.
C. Show only for the login page.
D. Show for all user input fields.
E. Show for all portal pages that require authentication.
F. Show for all plug-in pages.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which three statements concerning keystroke logger detection are correct? (Choose three.)
A. It requires administrative privileges in order to run.
B. It runs on Windows and MAC OS X systems.
C. It detects loggers that run as a process or kernel module.
D. It detects both hardware- and software-based keystroke loggers.
E. It allows the administrator to define “safe” keystroke logger applications.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Cisco AnyConnect profiles can be used to set which three options? (Choose three.)
A. Define a list of VPN gateways that are presented to users upon login.
B. Define a quarantine VLAN for remote devices that fail a host scan.
C. Define a guest VLAN to all “noncompany” Cisco IOS WebVPN users.
D. Define a list of backup servers if primary gateways are unavailable.
E. Activate the SSL VPN tunnel as part of the Windows login sequence.
F. Configure the Cisco Secure Desktop vault.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.)
A. LDAP
B. FTP
C. TFTP
D. HTTP
E. SCEP
F. Manual
Correct Answer: EF Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which four parameters must be defined in an ISAKMP policy when you are creating an IPsec site-to-site VPN using the Cisco ASDM? (Choose four.)
A. encryption algorithm
B. hash algorithm
C. authentication method
D. IP address of remote IPsec peer
E. D-H group
F. perfect forward secrecy
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which two statements about the Cisco ASA cluster load-balancing feature are correct? (Choose two.)
A. The Cisco ASA load-balances both site-to-site and remote-access VPN tunnels.
B. The Cisco ASA load-balances remote-access VPN tunnels only.
C. The Cisco ASA load-balances IPsec VPN tunnels only.
D. The Cisco ASA load-balances IPsec VPN and Cisco AnyConnect SSL VPN tunnels only.
E. The Cisco ASA load-balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 20
A Cisco AnyConnect user profile can be pushed to the PC of a remote user from a Cisco ASA. Which three user profile parameters are configurable? (Choose three.)
A. Backup Server list
B. DTLS Override
C. Auto Reconnect
D. Simultaneous Tunnels
E. Connection Profile Lock
F. Auto Update Correct Answer: ACF Section: (none)
Explanation Explanation/Reference:
QUESTION 21
Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 22

Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 23

Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 24

Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 25
Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 26

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 28

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 29
The user, contractor1, will receive an IP address when the VPN connection is established. Which statement regarding the IP address is true?
Case Study Title (Case Study):
The user, contractor1, will receive an IP address when the VPN connection is established. Which statement regarding the IP address is true?
1 (exhibit):

2 (exhibit): 3 (exhibit):
A. Is sourced from the contractor pool
B. Is sourced from the employee pool
C. Is sourced from the engineering pool
D. Is sourced from the management pool
E. Is a dedicated address (10.0.4.1 20)

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
first see username in device management >> see its group policythen go to remote access VPN >> connection profiles >> client address pools >> contractor >> select t see the address pool Through MonitoringVPN statistics > session >> see username and its assigned ip address >> then find it out in configuration tab above procedure
QUESTION 30 Case Study Title (Case Study):

Which group policy restricts the VPN user access to VLAN 100?
2 (exhibit): 3 (exhibit):
A. Employee
B. Contractor
C. Management
D. Engineering

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
configuration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > restricted VLAN Monitoring > VPN > VPN statistics Sessions, vlan mapping sessions
QUESTION 31
Case Study Title (Case Study):
Which connection profile supports SSL VPN Client access only.
1 (exhibit):
2 (exhibit): 3 (exhibit):
A. Employee
B. Contractor
C. Management
D. Engineering
E. New_hire

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
onfiguration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > tunneling protocol > see the check marks
QUESTION 32
Case Study Title (Case Study):
After providing the correct VPN login credentials, user, contractor1, is enabled to use which VPN access type?
2 (exhibit): 3 (exhibit):
A. Cisco Any Connect VPN
B. Clientless VPN
C. Cisco Any Connect VPN and clientless VPN
D. Cisco Any Connect VPN, clientless VPN, and IPsec VPN

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: configuration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > tunneling protocol > see the check marks Monitoring > VPN > VPN statistics > sessions filter by >>> choose contractor1
QUESTION 33
Case Study Title (Case Study):
Upon logging in, user, emploeyee1, has two privileges: (Choose two)
A. Cisco ASDM, SSH, Telnet, and console access
B. CLI login prompt for SSH, Telnet, and console only
C. No Cisco ASDM, SSH, or console access
D. Level 15
E. Level 2
F. Level 3

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 34

Case Study Title (Case Study):
The user, contractor1, receives an IP address when the VPN connection is established. Which statement regarding the IP address is true?
A. it is sourced from the contractor pool.
B. it is sourced from the employee pool.
C. it is sourced from the engineering pool.
D. it is sourced from the management pool.
E. it is dedicated address (10.0.4.120)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

The Cisco 642-648 certification can make you a competent person.It may enable a technician to know about the Cisco 642-648 configurations,get information about the Cisco 642-648 data center products and hardware and knowledge about Cisco 642-648 united computing systems.