|
I can provide you Q that will come word to word same on your actual exam , even the sequence of the options will be same and all this with 0% risk
|
Question 1. Which statement is correct concerning the trusted network detection (TND) feature? A. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms. B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network. C. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client. D. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session. Answer: D Explanation: Question 2. Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication. Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server? A. FTP B. LDAP C. HTTPS D. SCEP E. OCSP Answer: D Explanation: Question 3. When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use? A. Configure the Cisco ASA appliance for split tunneling. B. Configure network access exceptions in the SSL VPN customization editor. C. Configure the Cisco ASA appliance to disable content rewriting. D. Configure the Cisco ASA appliance to enable URL Entry bypass. E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function. Answer: C Explanation: Question 4. Refer to the exhibit. The "level_2" digital certificate was installed on a laptop. What can cause an "invaliD. not active" status message? A. On first use, a CA server-supplied passphrase is entered to validate the certificate. B. A "newly installed" digital certificate does not become active until it is validated by the peer device upon its first usage. C. The user has not clicked the Verify button within the Cisco VPN Client. D. The CA server and laptop PC clocks are out of sync. Answer: D Explanation: Question 5. Refer to the exhibit. A NOC engineer is in the process of entering information into the Create New VPN Connection Entry fields. Which statement correctly describes how to do this? A. In the Connection Entry field, enter the name of the connection profile as it is specified on the Cisco ASA appliance. B. In the Host field, enter the IP address of the remote client device. C. In the Authentication tab, click the Group Authentication or Mutual Group Authentication radio button to enable symmetrical pre-shared key authentication. D. In the Name field, enter the name of the connection profile as it is specified on the Cisco ASA appliance. Answer: D Explanation: Question 6. Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct? A. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC. B. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2. C. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using. D. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off. E. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets. Answer: B Explanation: Question 7. An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do? A. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission. B. Enable the local LAN access option on the IPsec client. C. Enable the IPsec over TCP option on the IPsec client. D. Enable the clientless SSL VPN option on the PC. Answer: C Explanation: Question 8. Refer to the exhibit. While configuring a site-to-site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static routes are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration? A. The local Cisco ASA advertises its default routes to the distant end of the site-to-site VPN tunnel. B. The local Cisco ASA advertises routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel. C. The local Cisco ASA advertises routes that are at the distant end of the site-to-site VPN tunnel. D. The local Cisco ASA advertises routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel. Answer: C Explanation: Question 9. Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes? A. "engineering" Group Policy B. "contractor" Connection Profile C. "engineer1" AAA/Local Users D. DfltGrpPolicy Group Policy Answer: B Explanation: Question 10. Refer to the exhibit. A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters? A. "engineering" Group Policy B. "contractor" Connection Profile C. DefaultWEBVPNGroup Group Policy D. DefaultRAGroup Group Policy E. "engineer1" AAA/Local Users Answer: A Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.