Welcome to download the newest Flydumps C4040-108 VCE dumps: http://www.flydumps.com/C4040-108.html

100% Valid Cisco 642-647 exam questions and answers are tested and approved by Microsoft experts. Furthermore, we are constantly updating our Cisco 642-647 exam dumps,100% guarantee in quality and reliability.

QUESTION 37
Which three webtype ACL statements are correct? (Choose three.)
A. are assigned per-Connection Profile
B. are assigned per-user or per-Group Policy
C. can be defined in the CiscoAnyConnect Profile Editor
D. supports URL pattern matching
E. supports implicit deny all at the end of the ACL
F. supports standard and extendedwebtype ACLs

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 38
The LAN-to-LAN tunnel is not established, but an administrator can ping the remote Cisco ASA. Which three IPsec LAN-to-LAN configuration parameters should the administrator verify at both ends of the tunnel? (Choose three.) ActualTests.com
A. Pre-shared key
B. Extended Authentication password
C. Extended Authentication username
D. Crypto ACL source IP address
E. Crypto ACL destination IP address
F. Tunnel connection type-originate or answer

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 39
“Pass Any Exam. Any Time.” – www.actualtests.com 19 Cisco 642-647: Practice Exam Refer to the exhibit. The ABC Corporation has a Cisco ASA in its test bed. A new network administrator is tasked with adding a smart-tunnel application to the existing configuration. The configuration will enable a “temp_worker” who is using Microsoft native RDP to have RDP access to server 10.0.4.4 only. Which statement is correct concerning the smart-tunnel configuration?

ActualTests.com
A. Thewebtype access list is misconfigured.
B. The smart-tunnel list parameter ismisconfigured.
C. The smart-tunnel group-policy parameters aremisconfigured.
D. The smart-tunnel configuration is configured correctly

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 40
DRAG DROP
“Pass Any Exam. Any Time.” – www.actualtests.com 20 Cisco 642-647: Practice Exam

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: D-H group 2 D-H group 7 D-H group 5 D-H group 3
QUESTION 41
ActualTests.com Your corporation has contractors that need remote access to server desktops to diagnose issues and load software during nonbusiness hours. Which three clientless SSL VPN configurations would enable these contractors to access the desktop of remote servers? (Choose three.)
A. Xwindows bookmark by using the Xwindows plug-in
B. RDP bookmark by using the RDP plug-in
C. SCP bookmark by using SCP plug-in
D. VNC bookmark by using the VNC plug-in
E. SSH bookmark by using the SSH plug-in
F. Citrix plug-in by using the Citrix plug-in

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 21 Cisco 642-647: Practice Exam
QUESTION 42
Which four advanced endpoint assessment statements are correct? (Choose four.)
A. examines the remote computer for personnel firewalls applications
B. examines the remote computer for antivirus applications
C. examines the remote computer for antispyware applications
D. examines the remote computer for malware applications
E. does not perform any remediation but provides input that can be evaluated by DAP records
F. performs active remediation by applying rules, activating modules, and providing updates where applicable

Correct Answer: ABCF Section: (none) Explanation
Explanation/Reference:
QUESTION 43
A Unified Client Certificate will be used on the Cisco ASA to support what?
A. certificate + double AAA authentication
B. certificate + AAA authentication
C. certificate maps
D. Cisco ASA VPN clustering

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 44
ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 22 Cisco 642-647: Practice Exam

Refer to the exhibit. After a remote user established a Cisco AnyConnect session from a wireless card
through the Cisco ASA appliance of a partner to a remote server, the user opened the Cisco AnyConnect
VPN Client Statistics Details screen. Identify the two sources of the two IP addresses.
(Choose two.)

A. IP address that is assigned to the wireless Ethernet adapter of the remote user
B. IP address that is assigned to the remote user from the Cisco ASA address pool
C. IP address of the Cisco ASA physical interface of the partner
D. IP address of the Cisco ASA virtual http server of the partner
E. IP address of the default gateway router of the remote user ActualTests.com
F. IP address of the default gateway router of the partner

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which statement about plug-ins is false?
A. Plug-insdo not require any installation on the remote system.
B. Plug-ins require administrator privileges on the remote system
C. Plug-ins support interactive terminal access.
D. Plug-insare not supported on the Windows Mobile platform. “Pass Any Exam. Any Time.” – www.actualtests.com 23 Cisco 642-647: Practice Exam

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 46
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: To access plug-in applications ActualTests.com To access files in your network to which you have been granted access To access smart tunnels To access the Cisco AnyConnect client To access only administrator defined corporate resources
QUESTION 47
Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSLVPN session. Which statement is correct concerning the SSLVPN authorization process?
A. Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server. “Pass Any Exam. Any Time.” – www.actualtests.com 24 Cisco 642-647: Practice Exam
B. Remote clients can be authorized externally by applying group parameters from an external database.
C. Remote client authorization is supported by RADIUS and TACACS+ protocols.
D. Remote clients can be authorized by selecting a clientless SSLVPN profile-based Group Policy name and applying the parameters of the named group from a local database.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Cisco AnyConnect Essentials is a separately licensed SSL VPN client feature set. When compared to the Cisco AnyConnect Premium license, Cisco AnyConnect Essentials does not provide all of the same feature functionality. Which three AnyConnect Essentials functionality statements are correct? (Choose three.)
A. CiscoAnyConnect Essentials supports Cisco Secure Desktop.
B. CiscoAnyConnect Essentials does not support Cisco Secure Desktop.
C. CiscoAnyConnect Essentials supports clientless SSL VPN.
D. CiscoAnyConnect Essentials does not support clientless SSL VPN.
E. CiscoAnyConnect Essentials optionally supports Windows Mobile.
F. CiscoAnyConnect Essentials does not support Windows Mobile

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 49

ActualTests.com
Refer to the exhibit. The “level_2” digital certificate was installed on a laptop. What can cause an “invalid:not active” status message?
A. On first use, a CA server-supplied passphrase is entered to validate the certificate.
B. A “newly installed” digital certificate does not become active until it is validated by the peer device upon its first usage. “Pass Any Exam. Any Time.” – www.actualtests.com 25 Cisco 642-647: Practice Exam
C. The user has not clicked the Verify button within the Cisco VPN Client.
D. The CA server and laptop PC clocks are out of sync.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: ActualTests.com UDP Port 4500 UDP Port 500 IP Protocol 50 TCP Port 10000
QUESTION 51
A temporary worker must use clientless SSL VPN with an SSH plug-in to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user be restricted to the one internal corporate server, 10.0.4.18. As the network engineer that is responsible for the network access of the temporary user, how can you restrict SSH access to the one projects.xyz.com server?
“Pass Any Exam. Any Time.” – www.actualtests.com 26 Cisco 642-647: Practice Exam
A. Configure access-listtemp_user_acl extended permit TCP any host 10.0.4.18 eq22.
B. Configure access-listtemp_user_acl standard permit host 10.0.4.18 eq 22
C. Configure access-listtemp_acl webtype permit url ssh://10.0.4.18.
D. Configure a plug-in SSH bookmark for host 10.0.4.18 and disable network browsing on the clientless SSL VPN portal of the temporary worker.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 52
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

ActualTests.com
Explanation: TLS Used to tunnel traffic over TCP 443 Requires retransmission of lost packets Used to negotiate control messages
DTLS replaced underlying transport layer with UDP 443 enabled by default
“Pass Any Exam. Any Time.” – www.actualtests.com 27 Cisco 642-647: Practice Exam
used to transmit datagrams
QUESTION 53

While troubleshooting on a remote-access application, a new NOC engineer received the logging message shown in the exhibit. Which configuration is most likely mismatched?
A. IKE configuration
B. extended authentication configuration
C. IPsec configuration
D. digital certificate configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 28 Cisco 642-647: Practice Exam
Cisco AnyConnect profiles can be used to set which three options? (Choose three.)
A. define a list of VPN gateways that are presented to users upon login
B. define a quarantine VLAN for remote devices that fail a host scan
C. define a guest VLAN to all “noncompany” Cisco IOS WebVPN users
D. define a list of backup servers if primary gateways are unavailable
E. activate the SSL VPN tunnel as part of the Windows login sequence
F. configure the Cisco Secure Desktop vault

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 55
The software-based Cisco IPsec VPN Client solution uses bidirectional authentication in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based IPsec VPN Client to Cisco ASA authentication methods? (Choose three.)
A. Unified Client Certificate authentication
B. Secure Unit authentication
C. Hybrid authentication
D. Certificate authentication
E. Group authentication

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 56
ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 29 Cisco 642-647: Practice Exam

Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the VPN Client Statistics screen is correct?
A. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.
B. The IP address of the security appliance to which the VPN client is connected is 192.168.1.2.
C. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.
D. The ability of the client to send packets transparently, unencrypted, through the tunnel for test purposes is turned off.
E. With split tunneling enabled, the VPN client registers no decrypted packets.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 57
In Cisco ASA 5505 Software Release 8.2.2, which three plug-ins are supported by the Cisco ASA? (Choose three.)
A. SSH
B. TN3270
C. SCP
D. RDP
E. ICA
F. ARAP

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 30 Cisco 642-647: Practice Exam
QUESTION 58
When initiating a new SSL or TLS session, the client receives the server SSL certificate and validates it. After validating the server certificate, what does the client use the certificate for?
A. The client and server use the server public key to encrypt the SSL session data.
B. The server creates a separate session key and sends it to the client. The client decrypts the session key by using the server public key.
C. The client and server switch to a DH key exchange to establish a session key.
D. The client generates a random session key, encrypts it with the server public key, and then sends it to the server.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59
An engineer, while working at the home office, wants to launch the Cisco AnyConnect VPN Client to the corporate offices while simultaneously printing network designs on the home network. Without allowing access to the Internet, what are the two best ways for the administrator to configure this application to make it happen? (Choose two.)
A. Select the tunnel all networks policy.
B. Select the tunnel network list below policy.
C. Select the exclude network list below policy.
D. Configure an exempted network list.
E. Configure a standard access list and apply it to the network list.
F. Configure an extended access list and apply it to the network list ActualTests.com

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 60
A remote user who establishes a clientless SSL VPN session is presented with a web page. The administrator has the option to customize the “look and feel” of the page. What are three components of the VPN Customization Editor? (Choose three.)
A. Application page
B. Logon page
C. Networking page
D. Logout page “Pass Any Exam. Any Time.” – www.actualtests.com 31 Cisco 642-647: Practice Exam
E. Home page
F. Portal page

Correct Answer: BEF Section: (none) Explanation
Explanation/Reference:
QUESTION 61

Refer to the exhibit. A network administrator is duplicating a VPN client profile to send out to all members of the finance group. Three parameters might have been configured incorrectly. For each three letters, choose the correct answer. (Choose three.)
A. A-Remote Client IP Address
B. A-ASAOutside Interface IP Address
C. B-Pre-Shared Keys Authentication Type
D. B-Digital Certificate Authentication Type
E. C-Save Password enabled
F. C-Save Password disabled ActualTests.com

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 62
“Pass Any Exam. Any Time.” – www.actualtests.com 32 Cisco 642-647: Practice Exam Refer to the exhibit. An administrator configured the employee and new hire SSL VPN client profiles to automatically establish an SSL VPN client session when they log on. The administrator also configured the contractor SSL VPN client profile to disable the Auto Connect feature and force all contractors to manually establish SSL VPN sessions when needed. Unfortunately, when user contractor1 logged in, the SSL VPN tunnel of contractor1 was automatically established.

Why did the contractor1 SSL VPN become established automatically?
A. ThedefaultRAGroup policy is set to launch all SSL VPN clients automatically.
B. The contractor connection profile parameters are set incorrectly to allow Auto Connect.
C. The contractor group parameters are set incorrectly to allow Auto Connect.
D. The contractor1 user parameters are set incorrectly to allow Auto Connect

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 63
DRAG DROP
“Pass Any Exam. Any Time.” – www.actualtests.com 33 Cisco 642-647: Practice Exam A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: Protects Peer Identity D-H group 1-Default Supports dynamically addressed peers using PSK D-H Group 2-Default ActualTests.com IPSec Session Keys IPSec SA
QUESTION 64
Your IT department needs to run a custom-built TCP application within the clientless SSL VPN tunnel. The network administrator suggested running the smart-tunnel application. Which three statements concerning smart-tunnel applications are true? (Choose three.)
A. support active FTP and other RTSP-based applications
B. do not require administrator privileges on the remote system
C. require the enabling of port forwarding “Pass Any Exam. Any Time.” – www.actualtests.com 34 Cisco 642-647: Practice Exam
D. are supported on Windows and MAC OS X platforms
E. support native client applications over SSL VPN
F. require the modification of the Host file on the end-user PC

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 65
While configuring a new clientless SSL VPN group in Cisco ASDM, the administrator chooses to accept a number of the default parameter values. If the administrator decides to view the actual value for the parameter, rather than just checking the inherit box, the administrator can verify the default value for the group parameter under which default group?
A. DefaultRAGroup
B. DefaultWEBVPNGroup
C. DfltGrpPolicy
D. DefaultSVCGroup

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Datagram Transport Layer Security (DTLS) was introduced to solve performance issues. Which three statements are characteristics of DTLS? (Choose three.)
A. uses TLS to negotiate and establish DTLS connections
B. uses DTLS to transmitdatagrams
C. disabled by default
D. uses TLS for data packet retransmission ActualTests.com
E. replaces underlying transport layer with UDP 443
F. uses TLS to provide low-latency video application tunneling

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
The administrator configured a Cisco ASA 5505 as a Cisco Easy VPN hardware client and also defined a list of Cisco Easy VPN backup servers in the Cisco ASA 5505. After an outage of the primary VPN server, you notice that your Cisco Easy VPN hardware client has now reconnected via a backup server that was not defined within the original Cisco Easy VPN backup servers list. Where did your Cisco Easy VPN hardware client get this backup server?
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Cisco 642-647: Practice Exam
A. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client queried the load balance server for a “new” backup server address.
B. The backup servers that you listed were no longer available, so a Group Policy that was configured on the primary VPN server pushed “new” backup server addresses to your client.
C. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client queried the primary VPN server via RADIUS protocol for a “new” backup server address.
D. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client queried and received from a predefined LDAP server a “new” backup server address.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Flydumps.com New Cisco 642-647 Dumps are designed to help you to out in a short time. You can get Flydumps Cisco 642-647 dumps to pass your exam. To be a Microsoft professional makes you a better future.

Flydumps C4040-108 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/C4040-108.html