1.The administrator configured a Cisco ASA 5505 as a Cisco Easy VPN hardware client and also defined
a list of Cisco Easy VPN backup servers in the Cisco ASA 5505. After an outage of the primary VPN
server, you notice that your Cisco Easy VPN hardware client has now reconnected via a backup server
that was not defined within the original Cisco Easy VPN backup servers list. Where did your Cisco Easy
VPN hardware client get this backup server?
A. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client
queried the load balance server for a "new" backup server address.
B. The backup servers that you listed were no longer available, so a Group Policy that was configured on
the primary VPN server pushed "new" backup server addresses to your client.
C. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client
queried the primary VPN server via RADIUS protocol for a "new" backup server address.
D. The backup servers that you listed were no longer available, so the Cisco Easy VPN hardware client
queried and received from a predefined LDAP server a "new" backup server address.
Answer: B
2.An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters,
tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC
conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN
tunnel. From home the previous day, however, the engineer connected to the XYZ sales demonstration
folder and transferred the demonstration via IPsec over DSL.
To get the connection to work and transfer the demonstration, what can you suggest?
A. Change the MTU size on theIPsec client to account for the change from DSL to cable transmission.
B. Enable the local LAN access option on theIPsec client.
C. Enable theIPsec over TCP option on the IPsec client.
D. Enable the clientless SSL VPN option on the PC
Answer: A
3.Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel
groups from a drop-down menu on the Cisco IOS WebVPN login page. As the Cisco ASA administrator,
how would you accomplish this task?
A. Define a special identity certificate with multiple groups that are defined in the certificate OU field that
will grant the certificate holder access to the named groups on the login page.
B. Under Group Policies, define a default group that encompasses the required individual groups that
would appear on the login page.
C. Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that
would appear on the login page.
D. Under Connection Profiles, enable group selection from the login page.
Answer: D
4.VPN using the Cisco ASDM? (Choose four.)
A. encryption algorithm
B. hash algorithm
C. authentication method
D. IP address of remoteIPsec peer
E. D-H group
F. perfect forward secrecy
Answer: A,B,C,E
5.An administrator has preconfigured the Cisco ASA 5505 user settings with a username and a password.
When the telecommuter first turns on the Cisco ASA 5505 and attempts to establish a VPN tunnel, the
user is prompted for a username and password. Which two Cisco ASA 5505
Group Policy features require this extra level of authentication? (Choose two.)
A. New Unit Authentication
B. Extended Group Authentication
C. Secure Unit Authentication
D. Role-Based Access Control Authentication
E. Compartmented Mode Authentication
F. Individual User Authentication
Answer: C,F
6.
Refer to the exhibit. Which two statements are correct regarding these two Cisco ASA clientless SSL VPN
bookmarks? (Choose two.)
A. CSCO_WEBVPN_USERNAME is a user attribute.
B. CSCO_WEBVPN_USERNAME is a Cisco predefined variable that is used for macro substitution.
C. The CSCO_WEBVPN_USERNAME variable is enabled by using the Post SSO plug-in.
D. CSCO_SSO is a Cisco predefined variable that is used for macro substitution.
E. The CSCO_SSO=1 parameter enables SSO for the SSH plug-in.
F. The CSCO_SSO variable is enabled by using the Post SSO plug-in.
Answer: B,E
7.Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation
of two sets of username and password credentials on the SSL VPN login page?
A. Single Sign-On
B. Certificate to Profile Mapping
C. Double Authentication
D. RSA OTP
Answer: D
8.Which two types of digital certificate enrollment processes are available for the Cisco ASA security
appliance? (Choose two.)
The safer , easier way to help you pass any IT exams.
6 / 7
A. LDAP
B. FTP
C. TFTP
D. HTTP
E. SCEP
F. Manual
Answer: E,F
9.Your corporate finance department purchased a new non-web-based TCP application tool to run on one
of its servers. The finance employees need remote access to the software during non-business hours.
The employees do not have "admin" privileges to their PCs. How would you configure the SSL VPN
tunnel to allow this application to run?
A. Configure a smart tunnel for the application.
B. Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal.
C. Configure the plug-in that best fits the application.
D. Configure the Cisco ASA appliance to download the CiscoAnyConnect SSL VPN client to the finance
employee each time an SSL VPN tunnel is established.
Answer: A
10.Refer to the exhibit. A new network engineer configured the ABC adaptive security appliance with two
bookmarks for a new temporary employee. The temporary worker can connect to the administrator server
via the temp_worker_admin bookmark but cannot connect to the project server via the
temp_worker_projects (greyed-out) bookmark. It was determined that the URL and IP addressing
information in the GUI screens is correct.
What is wrong with the configuration?
A. URL Entry should be enabled.
B. The File Server Entry Inherit parameter should be overwritten and set for enabled.
C. The DNS server information is incorrect.
D. File Server Browsing should be enabled
Answer: C
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment