Limited Time Discount Offer 30% Off - Ends in 02:00:00


Cisco 642-647 Exam - Deploying Cisco ASA VPN Solutions (VPN v1.0)

Questions & Answers for Cisco 642-647

Showing 1-15 of 80 Questions

Question #1

When attempting to tunnel FTP traffic through a stateful firewall that may be performing
NAT or PAT, which type of VPN tunneling should be used to allow the VPN traffic through
the stateful firewall?

A. clientless SSL VPN

B. IPsec over TCP

C. Smart Tunnel

D. SSL VPN plug-ins

Question #2

Refer to the exhibit. A new network engineer configured the ABC adaptive security
appliance with two bookmarks for a new temporary employee. The temporary worker can
connect to the administrator server via the temp_worker_admin bookmark but cannot
connect to the project server via the temp_worker_projects (greyed-out) bookmark. It was
determined that the URL and IP addressing information in the GUI screens is correct.
What is wrong with the configuration?

A. URL Entry should be enabled.

B. The File Server Entry Inherit parameter should be overwritten and set for enabled.

C. The DNS server information is incorrect.

D. File Server Browsing should be enabled

Question #3

After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to
tune the IKE policy parameters. Where is the correct place to tune IKE policy parameters?

A. Cisco IPsec VPN SW Client > Client Profile

B. IPsec User Profile

C. Group Policy

D. IKE Policy

E. Crypto Map

Question #5

Which two statements about the Cisco ASA load balancing feature are correct? (Choose

A. The Cisco ASA load balances both site-to-site and remote-access VPN tunnels.

B. The Cisco ASA load balances remote-access VPN tunnels only.

C. The Cisco ASA load balances IPsec VPN tunnels only.

D. The Cisco ASA load balances IPsec VPN and Cisco AnyConnect SSL VPN tunnels only.

E. The Cisco ASA load balances IPsec VPN, clientless, and Cisco AnyConnect SSL VPN tunnels

Load balancing is effective only on remote sessions initiated with the following clients:
Cisco AnyConnect VPN Client (Release 2.0 and later)
Cisco VPN Client (Release 3.0 and later)
Cisco ASA 5505 Security Appliance (when acting as an Easy VPN client)
Cisco VPN 3002 Hardware Client (Release 3.5 or later)
Cisco PIX 501/506E when acting as an Easy VPN client
IOS EZVPN Client devices supporting IKE-redirect (IOS 831/871)
Clientless SSL VPN (not a client)
Load balancing works with IPsec clients and SSL VPN client and clientless sessions. All
other VPN connection types (L2TP, PPTP, L2TP/IPsec), including LAN-to-LAN, can
connect to an adaptive security appliance on which load balancing is enabled, but they
cannot participate in load balancing.

Question #7

Cisco AnyConnect profiles can be used to set which three options? (Choose three.)

A. define a list of VPN gateways that are presented to users upon login

B. define a quarantine VLAN for remote devices that fail a host scan

C. define a guest VLAN to all "noncompany" Cisco IOS WebVPN users

D. define a list of backup servers if primary gateways are unavailable

E. activate the SSL VPN tunnel as part of the Windows login sequence

F. configure the Cisco Secure Desktop vault

Question #8

Your corporate finance department purchased a new non-web-based TCP application tool
to run on one of its servers. The finance employees need remote access to the software
during non-business hours. The employees do not have "admin" privileges to their PCs.
How would you configure the SSL VPN tunnel to allow this application to run?

A. Configure a smart tunnel for the application.

B. Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal.

C. Configure the plug-in that best fits the application.

D. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN client to the finance employee each time an SSL VPN tunnel is established.

Question #9

When deploying clientless SSL VPN advanced application access, the administrator needs
to collect information on the end-user systems. Which three input parameters about an
end-user system are of major concern for the administrator?

A. Types of applications and application protocols that are supported

B. Types of encryption that are supported on the end-user system

C. The local privilege level of the remote user

D. Types of wireless security that are applied to the end-user tunnel interface

E. Types of operating systems that are supported on the end-user system

F. Type of antivirus software that is supported on the end-user system

Explanation: Refernce:

Question #10

When configured in a remote-access VPN solution, on which device can Dead Peer
Detection be configured?
A. Remote device
B. Headend device
C. Both headend and remote devices
D. Site-to-site VPN only



Question #11

Refer to the exhibit. A network administrator is duplicating a VPN client profile to send out
to all members of the finance group. Three parameters might have been configured
incorrectly. For each three letters, choose the correct answer. (Choose three.)

A. A-Remote Client IP Address

B. A-ASA Outside Interface IP Address

C. B-Pre-Shared Keys Authentication Type

D. B-Digital Certificate Authentication Type

E. C-Save Password enabled

F. C-Save Password disabled

Question #12

ABC Corporation hired a temporary worker to help out with a new project. The network
administrator tasked you with restricting the internal clientless SSL VPN network access of
the temporary worker to one server with the IP address of via HTTP.
Which two statements would complete the assignment? (Choose two.)

A. Configure access-list temp_acl webtype permit url

B. Configure access-list temp_acl_stand_ACL standard permit host

C. Configure access-list temp_acl_extended extended permit http any host

D. Apply the access list to the temporary worker Group Policy.

E. Apply the access list to the temporary worker Connection Profile.

F. Apply the access list to the outside interface in the inbound direction

Question #13

Your IT department needs to run a custom-built TCP application within the clientless SSL
VPN tunnel. The network administrator suggested running the smart-tunnel application.
Which three statements concerning smart-tunnel applications are true? (Choose three.)

A. support active FTP and other RTSP-based applications

B. do not require administrator privileges on the remote system

C. require the enabling of port forwarding

D. are supported on Windows and MAC OS X platforms

E. support native client applications over SSL VPN

F. require the modification of the Host file on the end-user PC

Question #14

While troubleshooting on a remote-access application, a new NOC engineer received the
logging message shown in the exhibit. Which configuration is most likely mismatched?

A. IKE configuration

B. extended authentication configuration

C. IPsec configuration

D. digital certificate configuration

Question #15

Refer to following Exhibit and answer the following question below:

Which connection profile supports SSL VPN Client access only.

A. Employee

B. Contractor

C. Management

D. Engineering

E. New_hire

Explanation: (Answer can change so follow the procedure below)
configuration > network client access > any connect connection profiles >connection
profiles > edit for each profile > general > more options > tunneling protocol > see the
check marks


You save

Enter Your Email Address to Receive Your 30% Discount Code


You save

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from and follow the directions.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

  • Realistic exam simulation and exam editor with preview functions
  • Whole exam in a single file with several different question types
  • Customizable exam-taking mode & detailed score reports