您好,欢迎来到江浙沪招生考试网 !

设为首页|加入收藏|联系我们|网站地图|

江浙沪招生考试网

您现在的位置: test4exam >> 历年真题 >> it认证题库 >> 正文

思科认证Cisco 642-511 题库

日期:2015/8/31 11:40:18 来源:本站原创 访问量:
1. What are three functions of IKE Phase 2? Choose three. 
A. uses aggressive mode 
B. uses main mode 
C. optionally performs an additional DH exchange 
D. verifies the other side's identity 
E. periodically renegotiates IPSec SAs to ensure security 
F. negotiates IPSec SA parameters protected by an existing IKE SA 
Answer: CEF 
2. If the primary role of the VPN product is to perform remote access VPN with a few site-to-site connections,
which product should you choose? 
A. 2900 
B. 3030 
C. 3660 
D. PIX Firewall 515 
Answer: B 
3. For the Cisco VPN Client to interoperate with a PIX Firewall, what is the minimum version of the PIX
Firewall? 
A. 5.2 
B. 5.3 
C. 6.0 
D. 6.1 
Answer: C 
4. What type of keys does RSA use for encryption and decryption? 
A. symmetrical keys 
B. asymmetrical keys 
C. exponentiation keys 
D. elliptical curve keys 
Answer: B
TestInside    642-511
5. Within the Cisco VPN Concentrator series of products, what is the maximum number of simultaneous sessions
supported when doing encryption in hardware? 
A. 100 
B. 1500 
C. 5000 
D. 10000 
Answer: D 
6. With SEP redundancy, if the top SEP fails and the bottom SEP takes over, which statement is true? 
A. all sessions are lost 
B. operator intervention is required 
C. no sessions are lost 
D. only the Cisco VPN 3080 supports SEP redundancy 
Answer: C 
7. When two adjacent Cisco VPN Concentrators are configured for VRRP and the master Cisco VPN
Concentrator fails, which statement is true? 
A. all sessions are lost 
B. only remote access users need to re-establish their tunnels 
C. no sessions are lost 
D. only site-to-site users need to re-establish their tunnels 
Answer: B 
8. Which statement about the Cisco VPN Concentrator load balancing feature is true? 
A. Cisco VPN Concentrators load balance both site-to-site and remote access tunnels. 
B. Cisco VPN Concentrators load balance site-to-site tunnels only. 
C. Cisco VPN Concentrators load balance remote access tunnels only. 
D. Cisco VPN Concentrator load balances administration sessions. 
Answer: C 
9. In the GUI, what happens if you reboot without saving the configuration changes? 
TestInside    642-511
A. configuration changes are lost 
B. configuration changes remain 
C. system does not allow you to reboot without saving 
D. system warns you that the configuration changes will be lost, do you still want to proceed 
Answer: A 
10. When configuring address assignments, which method uses the Cisco VPN 3000 Concentrator to assign IP
addresses from an internal pool? 
A. remote client pool 
B. per-user 
C. configured pool 
D. DHCP pool 
Answer: C 
11. What are two Quick Configuration elements used in the configuration of IPSec groups? Choose two. 
A. password 
B. user name 
C. group priority 
D. group access protocols 
E. group server name 
F. group name 
Answer: AF 
12. How can an administrator accommodate the different access needs in a Cisco VPN Concentrator? 
A. by configuring rights and privileges parameters in the Cisco VPN Concentrator 
B. by configuring user and group parameters in the Cisco VPN Concentrator 
C. by configuring access and usage parameters in the Cisco VPN Concentrator 
D. by configuring rights and privileges in the network authentication server 
Answer: B 
13. What is the effect of enabling transparent tunneling on the Cisco VPN Client? 
TestInside    642-511
A. data packets are wrapped in UDP 
B. encryption is disabled on the Cisco VPN Client 
C. Cisco VPN Client transmits traffic in clear text 
D. split tunneling is enabled on the Cisco VPN Client 
Answer: A 
14. What statement about the Cisco VPN Client local LAN access feature is true? 
A. It enables split tunneling. 
B. It enables Cisco VPN Client to encrypt packets destined for the local LAN. 
C. It enables and disables Cisco VPN Client access to the local LAN. 
D. It enables local LAN users access to the VPN tunnel. 
Answer: C 
15. To pre-configure a Cisco VPN client, what three files are required? Choose three. 
A. unattended_setup.ini 
B. user.pcf 
C. data.ini 
D. oem.ini 
E. vpnclient.ini 
F. client.ini 
Answer: BDE 
16. When configuring remote access protocols under quick configuration, what protocol restrictions does the
Cisco VPN Concentrator impose? 
A. no protocol restrictions 
B. only one access protocol per group 
C. any two access protocols per group 
D. IPSec plus one other access protocol 
Answer: A 
17. Under the IKE active proposal list, the certicom client supports which IKE proposal? 
TestInside    642-511
A. IKE-3DES-MD5-RSA 
B. IKE-3DES-MD5-DH7 
C. CiscoVPNClient-3DES-MD5 
D. IKE-3DES-MD5 
Answer: B 
18. Choose three parameters sent from the Cisco VPN Concentrator to the remote Cisco VPN Client during tunnel
establishment. Choose three. 
A. group name 
B. primary DNS address 
C. access priority 
D. split tunnel policy 
E. Cisco VPN Client IP address 
F. access priority level 
Answer: BDE 
19. Which three are supported user authentication types? Choose three. 
A. NT Domain 
B. Radius 
C. AES 
D. SDI 
E. TACACS+ 
F. Entrust 
Answer: ABD 
20. Which three responsibilities does a CA have? Choose three. 
A. revokes valid certificates 
B. creates certificates 
C. decrypts digital certificate 
D. administers certificates 
E. issues equipment certificates 
TestInside    642-511
F. revokes invalid certificates 
Answer: BDF 
21. Which digital signature process statement is true? 
A. The hash is encrypted with the public key and decrypted with the private key. 
B. The hash is encrypted and decrypted with a shared secret key. 
C. The hash is encrypted and decrypted with a symmetric key. 
D. The hash is encrypted with the private key and decrypted with the public key. 
Answer: D 
22. Which information is included in the PKCS#10 request message? Choose two. 
A. encryption algorithm 
B. authentication algorithm 
C. key size 
D. validity dates 
E. user information 
F. private key 
Answer: CE 
23. When issuing a digital certificate, which information does the CA supply? Choose three. 
A. user name 
B. validity dates 
C. private key 
D. issuer's name 
E. CA signature algorithm 
F. user's private key information 
Answer: BDE 
24. What are two purposes of the X.509 Certificate Serial Number? Choose two. 
A. It specifies the subject's public key and hashing algorithm. 
B. It specifies the start and expiration dates for the certificate. 
TestInside    642-511
C. It is a unique certificate numerical identifier in the CA domain. 
D. It is the certificate number that is listed on the CRL when the certificate is revoked. 
E. It identifies the CA's public key and hashing algorithm. 
F. It is used to identify the certificate during the IKE peer authentication process. 
Answer: CD 
25. During IKE negotiations, when an identity certificate is received from an IKE peer, which three things does
the Cisco VPN 3000 Concentrator check? Choose three. 
A. Is the certificate still valid? 
B. Has the CA expired? 
C. Has the CA been revoked? 
D. Is the certificate signed by a trusted CA? 
E. Is the certificate FQDN valid? 
F. Is the certificate in the CRL? 
Answer: ADF 
26. What are the two types of certificates in a central CA environment? Choose two. 
A. public key certificate 
B. root certificate 
C. private key certificate 
D. certificate of authority 
E. identity certificate 
F. signature certificate 
Answer: BE 
27. If CRL checking is enabled on the Cisco VPN Concentrator, where can the Cisco VPN Concentrator find the
CRL? 
A. The Cisco VPN Concentrator polls the CA for an updated list at a pre-defined rate. 
B. The CA sends a CRL to the Cisco VPN Concentrator directly at least once a week. 
C. The CRL distribution point is listed on the identity certificate. 
D. The CRL is sent, out-of-band, to the administrator biweekly. 
TestInside    642-511
Answer: C 
28. What are three steps in the IKE certificate authentication process? Choose three. 
A. The identity certificate validity period is verified against the system clock of the Cisco VPN Concentrator. 
B. The root certificate is not in the Cisco VPN Concentrator. 
C. Identity certificates are exchanged during IPSec negotiations. 
D. The identity certificate signature is validated using the stored root certificate. 
E. The signature is validated using the stored identity certificate. 
F. If enabled, the Cisco VPN Concentrator locates the CRL and validates the identity certificate. 
Answer: ADF 
29. When configuring IPSec client-to-LAN, the Cisco VPN Concentrator and the PC need which two certificates?
Choose two. 
A. private certificate 
B. root certificate 
C. CA 
D. identity certificate 
E. public certificate 
F. DSA certificate 
Answer: BD 
30. For the Cisco VPN Concentrator, what are the two types of certificate enrollment? Choose two. 
A. file-based enrollment process 
B. SCEP 
C. PKCS#15 enrollment process 
D. automated enrollment process 
E. out-of-band enrollment process 
F. certified enrollment process 
Answer: AB 
31. What are three steps in the file-based certificate enrollment process? Choose three. 
TestInside    642-511
A. The identity certificate is loaded into the Cisco VPN Concentrator first. 
B. The CA generates the root and identity certificates. 
C. The root certificate is loaded into the Cisco VPN Concentrator second. 
D. The root certificate is loaded into the Cisco VPN Concentrator first. 
E. Cisco VPN Concentrator generates a PKCS#7. 
F. The Cisco VPN Concentrator generates a PKCS#10. 
Answer: BDF 
32. When completing an enrollment request form, which enrollment request field must match a group name
configured in the remote Cisco VPN Concentrator? 
A. common name 
B. organizational unit 
C. organization 
D. subject alternative name 
Answer: B 
33. When the IPSec client-to-LAN applications are changed from pre-shared keys to digital certificates, what is
true about the IPSec SA? 
A. SA IKE authentication method should be changed 
B. SA IPSec authentication method should be changed 
C. when the digital certificate is validated, the IPSec SA template automatically is updated 
D. when the digital certificate is activated, the IPSec SA template is automatically updated 
Answer: A 
34. Which two certificates need to be installed in the Cisco VPN 3000 Concentrator? Choose two. 
A. SSL certificate 
B. root certificate 
C. public certificate 
D. private certificate 
E. trusted certificate 
F. identity certificate 
TestInside    642-511
Answer: BF 
35. Which three are Cisco VPN Client firewall features? Choose three. 
A. are you there 
B. authentication proxy 
C. stateful firewall (always on) 
D. content filtering 
E. central protection policy 
F. stateful failover 
Answer: ACE 
36. Which of the firewalls supports Cisco Central Policy Protection? 
A. Symantec 
B. Zone Labs 
C. Cyberguard 
D. Network Ice BlackICE defender 
Answer: B 
37. Which of the following filters are part of the Cisco CPP default policy? 
A. blocks all inbound tunnel traffic not related to an outbound session 
B. blocks all inbound Internet traffic not related to an outbound session 
C. blocks all outbound tunnel traffic 
D. blocks all outbound Internet traffic 
Answer: B 
38. When configuring CPP, which statement is true? 
A. CPP is enabled in both the Cisco VPN Client and Cisco VPN Concentrator 
B. CPP is enabled in the Cisco VPN Client, Cisco VPN Concentrator, and firewall 
C. CPP is enabled on the Cisco VPN Concentrator only 
D. CPP is enabled in the Cisco VPN Concentrator and firewall 
Answer: C
TestInside    642-511
39. How do you activate a Cisco CPP custom policy? 
A. enable custom CPP in the Cisco VPN Concentrator only 
B. enable custom CPP in the client and Cisco VPN Concentrator 
C. enable CPP in the Cisco VPN Concentrator and select the custom policy under policy management 
D. enable CPP in the Cisco VPN Concentrator and select the custom policy under the pushed policy drop-down
menu 
Answer: D 
40. Which data is shown on the Monitor Sessions screen? Choose three. 
A. session summary 
B. LAN-to-LAN sessions 
C. tunnel summary 
D. client tunnels 
E. site-to-site tunnels 
F. remote access sessions 
Answer: ABF 
41. What happens if no systems are on the ACL of the Cisco 3000 VPN? 
A. No access or rights are issued. 
B. No management rights are invoked. 
C. Anyone who knows the Cisco VPN 3000 Concentrator IP address and the administrator username and
password combination can gain access. 
D. No one who knows the Cisco VPN 3000 Concentrator IP address and the administrator username and password
combination can gain access. 
Answer: C 
42. When doing swap configuration, how do you load the boot configuration file and make it the active
configuration? 
A. reboot the system 
B. write to the config file 
C. save the Config.bak file and reboot the system 
TestInside    642-511
D. update the Cisco VPN executable system software 
Answer: A 
43. When there are multiple concurrent Cisco VPN Concentrator administration sessions, what configuration
privileges does each additional administrator have? 
A. read and write privileges 
B. monitor only 
C. read only 
D. all administrators have the same privileges 
Answer: C 
44. What is the maximum number of users the Cisco VPN 3002 can support? 
A. 1 
B. 8 
C. 32 
D. 253 
Answer: D 
45. What is the default configuration of the Cisco VPN 3002 private interface? 
A. DHCP server is enabled 
B. DHCP client is enabled 
C. static IP address of 192.168.10.1 
D. enabled with an IP address of 0.0.0.0 
Answer: C 
46. What is the default configuration of the Cisco VPN 3002 public interface? 
A. DHCP server is enabled 
B. DHCP client is enabled 
C. static IP address of 192.168.10.1 
D. no configuration 
Answer: B
TestInside    642-511
47. When the Cisco VPN 3002 is fully configured in client mode, what is the default status of the VPN tunnel? 
A. The tunnel is up automatically. 
B. The tunnel must be manually initiated via the Monitoring-tunnel status screen. 
C. The tunnel must be manually initiated via the Monitoring-system status screen. 
D. The manual and automatic modes are defined on the Cisco VPN Concentrator and then pushed to the Cisco
VPN 3002 during tunnel establishment. 
Answer: C 
48. What are the two steps in configuring network extension mode? Choose two. 
A. Change the default address on the Cisco VPN 3002 private interface. 
B. Enable network extension mode on the Cisco VPN Concentrator and push it down to the Cisco VPN 3002
during tunnel establishment. 
C. Change the default address on the Cisco VPN 3002 public interface. 
D. Enable network extension mode on the private interface. 
E. Enable network extension mode on the public interface. 
F. Answer No when the Cisco VPN 3002 prompts you to use PAT mode. 
Answer: AF 
49. Using the default Cisco VPN 3002 unit authentication, what happens to the unit password? 
A. pushed down to the Cisco VPN 3002 the first time the tunnel is established 
B. authenticated via a TACACS+ server 
C. stored permanently in Cisco VPN 3002 memory 
D. authenticated via a NT Domain server 
Answer: C 
50. How is interactive unit authentication enabled on the Cisco VPN 3002? 
A. Interactive unit authentication is checked on the Cisco VPN Concentrator and pushed down to the Cisco VPN
3002. 
B. Unit authentication is unchecked on the Cisco VPN Concentrator and pushed down to the Cisco VPN 3002. 
C. Interactive unit authentication is checked on the Cisco VPN 3002. 
D. Unit authentication is unchecked on the Cisco VPN 3002. 
TestInside    642-511
Answer: A 
51. What are the two RRI features supported by the Cisco VPN Concentrator? Choose two. 
A. tunnel mode RRI 
B. transport mode RRI 
C. client RRI 
D. network extension RRI 
E. LAN extension RRI 
F. Cisco VPN Concentrator RRI 
Answer: CD 
相关阅读
·推荐文章

Copyright ©2013-2015 江浙沪招生考试网 All Rights Reserved.
地址: 苏州市姑苏区阊胥路483号(工投创业园)  电话:0512-85551931 邮编: 214000
邮箱: [email protected] 版权所有:苏州迈峰教育科技有限公司 苏ICP备15050684号-2