Cisco 642-813 Study Material, New Updated Cisco 642-813 Dumps PDF Latest Version PDF&VCE

Free Sharing –How to pass the Cisco 642-813 exam quickly? How to prepare for the changed exam? Free download Cisco 642-813   Exam practice test with all new exam questions.You can also get more new version on Flydumps.com

QUESTION 66
PassGuide is implementing 802.1X in order to increase network security. In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Select three)
A. EAP-over-LAN
B. EAP MD5
C. STP
D. protocols not filtered by an ACL
E. CDP
F. TACACS+

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
VLAN maps have been configured on switch PG1. Which of the following actions are taken in a VLAN map that does not contain a match clause?
A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
A PassGuide switch was configured as shown below:
switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002 switchport port-security violation shutdown
Given the configuration output shown above, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port?
A. The host will be allowed to connect.
B. The port will shut down.
C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.
D. The host will be refused access.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 69
You need to configure port security on switch PG1. Which two statements are true about this technology? (Select two)
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default. C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
C. With port security configured, only one MAC addresses is allowed by default.
D. Port security cannot be configured for ports supporting VoIP.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
The PassGuide is concerned about Layer 2 security threats. Which statement is true about these threats?
A. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
B. Port scanners are the most effective defense against dynamic ARP inspection. C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
C. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
D. DHCP snooping sends unauthorized replies to DHCP queries.
E. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
F. None of the other alternatives apply.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 71
An attacker is launching a DoS attack on the PassGuide network using a hacking tool designed to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack?
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients. F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
F. None of the other alternatives apply
Correct Answer: F Section: (none) Explanation

Explanation/Reference:
QUESTION 72
In order to enhance security on the PassGuide network, users must be authenticated using 802.1X. When authentication is required, where must 802.1X be configured in order to connect a PC to a switch?
A. Switch port and local router port
B. Switch port, client PC, and authentication server
C. Client PC only
D. Switch port only
E. None of the other alternatives apply

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
PassGuide has implemented 802.1X authentication as a security enhancement. Which statement is true about 802.1x port-based authentication?
A. TACACS+ is the only supported authentication server type.
B. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
C. RADIUS is the only supported authentication server type.
D. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
E. Hosts are required to have a 802.1x authentication client or utilize PPPoE.
F. None of the other alternatives apply.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
The DAI feature has been implemented in the PassGuide switched LAN. Which three statements are true about the dynamic ARP inspection (DAI) feature? (Select three)
A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. D. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of hosts in the domain.
D. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
E. DAI is supported on access and trunk ports only.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: QUESTION 75
In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? Select three.
A. STP
B. CDP
C. EAP MD5
D. TACACS+
E. EAP-over-LAN
F. protocols not filtered by an ACL

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 76
As the network technician at PassGuide, you need to configure DHCP snooping on a new switch. Which three steps are required? (Select 3)
A. Configure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.
B. Configure DHCP snooping globally.
C. Configure the switch as a DHCP server.
D. Configure DHCP snooping on an interface.
E. Configure all interfaces as DHCP snooping trusted interfaces.
F. Configure DHCP snooping on a VLAN or range of VLANs.

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 77
On a PassGuide switch named PG1 you configure the following:
ip arp inspection vlan 10-12, 15
What is the purpose of this global configuration command made on PG1?
A. Discards ARP packets with invalid IP-to-MAC address bindings on trusted ports B. Validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15 C. Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings D. Intercepts all ARP requests and responses on trusted ports
B. None of the other alternatives apply

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 78
What is true about access control on bridged and routed VLAN traffic? (Select three)
A. Router ACLs can be applied to the input and output directions of a VLAN interface. B. Bridged ACLs can be applied to the input and output directions of a VLAN interface.
B. Only router ACLs can be applied to a VLAN interface.
C. VLAN maps and router ACLs can be used in combination.
D. VLAN maps can be applied to a VLAN interface

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Switch PG1 has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured?
A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous
F. None of the other alternatives apply

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 80
PassGuide has implemented numerous multilayer switches that utilize FIB tables. Which statement is true about the Forward Information Base (FIB) table?
A. The FIB is derived from the IP routing table and is optimized for maximum lookup throughput.
B. The FIB table is derived from the Address Resolution Protocol table, and it contains Layer 2 rewrite (MAC) information for the next hop.
C. When the FIB table is full, a wildcard entry redirects traffic to the Layer 3 engine.
D. The FIB lookup is based on the Layer 2 destination MAC address.
E. None of the other alternatives apply

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
The PassGuide network needs to pass traffic between VLANs. Which device should be used to accomplish this?
A. Hub
B. Switch
C. Router
D. Bridge
E. None of the other alternatives apply

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Inter-VLAN routing has been implemented in the PassGuide network. In VLAN routing, what are some of the disadvantages of designing a router-on-stick configuration? (Select three)
A. InterVLAN routing cannot be filtered by the router.
B. The router becomes a single point of failure for the network.
C. Routers will not route STP BPDUs.
D. There is a possibility of inadequate bandwidth for each VLAN.
E. Additional overhead on the router can occur.
F. NetFlow Switching is required for InterVLAN accounting.

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which of the following could be used to provide a Layer 3 data path between separate VLANs? (Choose two.)
A. VLAN trunking
B. An external router
C. An internal route processor
D. VLAN capable bridge
E. EtherChannel

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 84
You are configuring a Cisco multilayer switch for the PassGuide network. Which command would you use to configure a port to act as a routed interface?
A. ip routing
B. switchport mode trunk
C. no switchport
D. switchport trunk native vlan 1
E. None of the other alternatives apply

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 85
The PassGuide security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? (Select two)
A. Attacks are prevented by utilizing the port-security feature.
B. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
C. Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
D. An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
E. Configuring an interface with the “switchport mode access” command will prevent VLAN hopping.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:

Flydumps.com will provide you with the most updates material to prepare for the tests all the Cisco 642-813 torrent are available at the site. Studying with dumps makes it much easier to pass the certification. Number of networking downloads including the Cisco 642-813 download are available on the website. Various websites offering such information have information in various formats you can easily download the format that is suitable for you it can be in Cisco 642-813  Testing Engine or in html.

New Dumps- Free Download Of Cisco 642-511 VCE And PDF Dumps

Good News!The Flydumps Cisco 642-511 exam questions and answers covers all the knowledge points of the real exam. With our Cisco 642-511 practice test, you will never worry about the exam.Recently the new version with all new updated Cisco 642-511 exam dumps can free download on the site Flydumps.com.Visit the site to get more exam information.

Exam A
QUESTION 1
What is the maximum number of simultaneous sessions that can be supported when doing encryption in hardware within the Cisco VPN Concentrator series of products?
A. 100
B. 1500
C. 5000
D. 10000
E. infinite
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco VPN 3000 Series Concentrator comes in a variety of models that can support small offices of 100 of fewer VPN connections to large enterprises of 10,000 or more simultaneous VPN connections. Redundant and nonredundant configuration are available to help ensure the high reliability of these devices. Reference: Cisco Press CCSP Cisco Secure VPN (Roland, Newcomb) p.30
QUESTION 2
Which of the following operating systems can run the software VPN client? Choose all that apply.
A. linux
B. mac
C. windows
D. solaris
Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
Explanation:
There are VPN software clients available for Windows, Solaris, Linux, and Macintosh.

QUESTION 3
DRAG DROP Jason from the security department was given the assignment to match the Cisco VPN key with its description.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: The Diffie-Hellman (D-H) key agreement is a public key encryption method that provides a way for two IPSec peers to establish a shared secret key that only they know, although they communicating over an insecure channel. With D-H, each peer generates a public and private key pair. The private key generated by each peer is kept secret and never shared. The public key is calculated from the private key by each peer and is exchanged over the insecure channel. Each peer combines the other’s public key with its own private and computes the shared secret key number exchanged over the insecure channel. Reference: Cisco Secure Virtual Private Network (Ciscopress) page 18-20
QUESTION 4
Johnasked Kathy from the security department about authentication and encryption. John wants to know when both authentication and encryption are selected in the virtual IP address, which is performed first at the originating end. What was Kathy’s answer?
A. Encryption was Kathy’s answer
B. Tunnel was Kathy’s answer.
C. Transport was Kathy’s answer
D. Authentication was Kathy’s answer
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
When both encryption and authentication are selected, encryption is performed frist, before authentication.
One reason for this order of processing is that it facilitates rapid detection and rejection of replayed or
bogus packets by the receiving node. Reference: Cisco Secure Virtual Private Networks (Ciscopress) page

QUESTION 5
James the security administrator at Certkiller Inc. is working on encryption. He needs to know what type of keys does DES and 3DES require for encryption and decryption.
A. DES and 3DES require Elliptical curve keys for encryption and decryption
B. DES and 3DES require Exponentiation keys for encryption and decryption
C. DES and 3DES require Symmetrical keys for encryption and decryption
D. DES and 3DES require Asymmetrical keys for encryption and decryption
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: des 3des Specifies the symmetric encryption algorithm used to protect user data transmitted between two IPSec peers. The default is 56-bit DES-CBC, which is less secure and faster than the alternative.
QUESTION 6
Which of the following are the types of keys RSA use for encryption and decryption?
A. exponentiation keys
B. symmetrical keys
C. asymmetrical keys
D. elliptical curve keys
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: There are two types of cryptographic keys; public keys — sometimes called asymmetric key –and symmetric keys. RSA and Diffie-Hellman are common public key algorithms and RC4, DES and IDEA common symmetric key algorithms. You cannot directly compare public key lengths (for example RSA keys) with symmetric key lengths (DES, RC4); this is an important point which confuses many people
QUESTION 7
Which Cisco VPN feature will permit the sender to encrypt packets before transmitting them across a network?
A. The anti-replay feature
B. The data confidentially feature
C. The data integrity feature
D. The data original authentication feature
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Data Confidentiality.The IPSec sender can encrypt packets before transmitting them across a network.

*
Data Integrity-The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission.

*
Data Origin Authentication-The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service.

*
Anti-Replay-The IPSec receiver can detect and reject replayed packets. With IPSec, data
QUESTION 8
What AES encryption bits lengths can you use on your Concentrator ESP IPSEC VPN? Choose all that apply.
A. 56
B. 128
C. 192
D. 256
E. 1024
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
Advanced Encryption Standard (AES) can be used in 128, 192, and 256 bit encryption lengths in ESP
when using IPSEC on your Concentrator.

QUESTION 9
Which of the following are ISAKMP hash protocols? Choose all that apply.
A. NAT
B. IKE
C. DES
D. SHA
E. MD5
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
You can use SHA and MD5 for HMAC authentication.

QUESTION 10
Which of the following can be IPSEC termination endpoints? Choose all that apply.
A. IOS Router
B. PIX Firewall
C. Concentrator
D. IDS Sensor
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Explanation:
These Cisco products can all terminate IPSEC, meaning they are actually involved in the IPSEC
encryption/decryption process, not just passing VPN encrypted traffic.

QUESTION 11
What size is the encryption key used in 3DES?
A. 128 bits
B. 168 bits
C. 128 bytes
D. 168 bytes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
3DES uses a 56 bit key, 3 times, for an effective throughput of 168 bits encryption.

QUESTION 12
Which of the following has the lowest encryption bit length?
A. SHA
B. MD5
C. DES
D. AES
E. ESP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Data Encryption Standard (DES) uses only a 56 bit key to encrypt data, and is easily broken.

QUESTION 13
What is the key size of Diffie-Hellman group 2?
A. 128 bits
B. 256 bits
C. 512 bits
D. 1024 bits
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Diffie-Hellman is used to create a completely secure secret key, over a completely insecure link, using highly complex mathematical algorithms safe from brute force even if sniffers are on the line
QUESTION 14
What benefit does ESP have, that AH does not?
A. authentication
B. encryption
C. tunnel mode
D. md5 hash
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Authentication Header does not have any way of
encrypting data, ESP does.

QUESTION 15
Using which of the following protocols with AH will cause packet failure?
A. AYT
B. VRRP
C. NAT
D. CDP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
You cannot translate an IP address in AH authenticated packet because AH uses that field when
calculating authentication. This will cause then other end of the VPN tunnel to drop all packets because
they will not authenticate properly.

QUESTION 16
How big is the SPI field in an IPSEC header?
A. 2 bytes
B. 4 bytes
C. 8 bytes
D. 24 bytes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Security Parameter Index (SPI) field identifies a Security Association between two IPSEC endpoints.
The field is 32 bits long (4 bytes).

QUESTION 17
Which of the following peer authentication methods scales the worst?
A. digital certificates
B. SCEP
C. preshared keys
D. encrypted nonces
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A preshared key peer authentication method does not scale well because each key needs to be entered
manually at each peer participating in the VPN.

QUESTION 18
What is the protocol number that denotes AH is in use?
B. 51
C. 89
D. 123

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Authentication Header protocol is protocol number 51.

QUESTION 19
DRAG DROP
Jason the security administrator at Certkiller Inc. was given the assignment to match the following order.
In IPSec main mode, match the two-way exchange between the initiator and receiver with their
descriptions.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: Main ModeMain mode provides a way to establish the first phase of an IKE SA, which is then used to negotiate future communications. The first step, securing an IKE SA, occurs in three two-way exchanges between the sender and the receiver. In the first exchange, the sender and receiver agree on basic algorithms and hashes. In the second exchange, public keys are sent for a Diffie-Hellman exchange. Nonces (random numbers each party must sign and return to prove their identities) are then exchanged. In the third exchange, identities are verified, and each party is assured that the exchange has been completed. Reference: Reference: Cisco Secure Virtual Private Network (Ciscopress) page 27
QUESTION 20
James the security administrator for Certkiller Inc. is working with IKE. His job is to know what the three functions of IKE Phase 2 are. (Choose three)
A. IKE uses aggressive mode.
B. IKE can optionally performs an additional DH exchange.
C. IKE periodically renegotiates IPSec SAs to ensure security.
D. IKE Negotiates IPSec SA parameter protected by an existing IKE SA.
E. IKE verifies the other side’s identity.
F. IKE uses main mode.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation:
Step 2 Determine IPSec (IKE Phase Two) Policy

*
Negotiates IPSec SA parameters protected by an existing IKE SA

*
Establishes IPSec security associations

*
Periodically renegotiates IPSec SAa to ensure security

*
Optionally performs an additional Diffie-Hellman Reference: Cisco Secure Virtual Private Networks (Ciscopress) page 28
QUESTION 21
Jane is the security administrator at Certkiller Inc. and is working on understanding more about IPSec. Jane wants to know what IPSec does at the network layer?
A. IPSec at the network layer enables Cisco VPN.
B. IPSec at the network layer generates a private DH key.
C. IPSec at the network layer encrypts traffic between secure IPSec gateways.
D. IPSec at the network layer protects and authenticates IP packets between IPSec devices.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
IPSec protects sensitive data that travels across unprotected networks. IPSec security services are
provided at the network layer, so you do not have to configure individual workstations, PCs, or
applications.

QUESTION 22
Which of the following functions are fulfilled by IPSec at the network layer?
A. enables Cisco VPN
B. generates a private DH key
C. encrypts traffic between secure IPSec gateways
D. protects and authenticates IP packets between IPSec devices
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Once the IPSec SAs have been established , secured traffic can be exchanged over the connection. IP packets across this IPSec tunnel are authenticated and/or encrypted, depending on the transform set selected. Reference: Cisco Press CCSP Cisco Secure VPN (Roland, Newcomb) p.371
QUESTION 23
What protocol number indicates ESP?
A. 50
B. 145
C. 429
D. 500
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Encapsulating Security Payload uses protocol number 50.

QUESTION 24
What is the UDP port used for ISAKMP?
A. 50
B. 51
C. 500
D. 510
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
ISAKMP uses UDP port 500.

QUESTION 25
James the security administrator for Certkiller Inc. is working on VPNs. IF the VPN is owned and managed by the Certkiller Inc. corporate security, which product would he choose?
A. 2900
B. 3030
C. 3660
D. PIX Firewall 500
E. PIX Firewall 515
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
A is clearly incorrect because the 2900 is a Catalyst Switch (Layer 2) and cannot offer any VPN

functionality. B and E are the only options available, and D just refers to the 500 PIX, when there are different flavors of the 500, like the retired 520, 501, 506E, 515E, 525 and 535.
QUESTION 26
James the security administrator for Certkiller Inc. is working on the Cisco VPN 3005. His job is to know the hardware and which feature is supported on the Cisco VPN 3005.
A. Cisco VPN 3005 supports up to 3 network ports.
B. Cisco VPN 3005 hardware is upgradeable.
C. Cisco VPN 3005 supports up to 100 sessions.
D. Cisco VPN 3005 64 MB of memory is standard.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Model 3005
*
Software-based encryption
*
Single power supply
*
Expansion capabilities:
—–Optional WAN interface module with dual T1/E1 ports All systems feature:
*
10/100Base-T Ethernet interfaces (autosensing) —–Model 3005: Two interfaces
—–Models 3015-3080: Three interfaces
*
Motorola(r) PowerPC CPU
*
SDRAM memory for normal operation
*
Nonvolatile memory for critical system parameters
*
Flash memory for file management

QUESTION 27
Jason the security administrator at Certkiller Inc. is working on the Cisco VPN Concentrator. His job is to know the Cisco VPN Concentrator series of products. He needs to know what is the maximum number of site-to-site tunnels supported.
A. 1500 site-to-site tunnels
B. 1000 site-to-site tunnels
C. 500 site-to-site tunnels
D. 100 site-to-site tunnels
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Cisco Cisco Cisco Cisco VPN VPN VPN VPN VPN 3005 3015 3030 3060 3080
100 100 500 1000 1000 Maximum LAN-to-LAN Sessions
QUESTION 28
James the security administrator at Certkiller Inc. is working on knowing the Cisco security products. He must choose what product fits best for Certkiller Inc. network. If the primary role of the VPN product is to perform remote access VPN with a few site-site connections, which product should James choose?
A. James will choose the PIX Firewall 515
B. James will choose the 2900
C. James will choose the 3030
D. James will choose the 3660
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: PIX Firewall 515
1.
Supports IKE and IPsec VPN standards
2.
Ensures data privacy/integrity and strong authentication to remote networks and remote users over the
Internet
3.
Supports 56-bit DES, 168-bit 3DES, and up to 256-bit AES data encryption to ensure dataprivacy
This is the best answer. You would want to use a dedicated Firewall with VPN capabilities as the
secondary use.
Note: If security manages the VPN, the PIX Firewall may be the solution of choice.

QUESTION 29
How many connections can a Cisco VPN 3060 support simultaneously?
A. 100
B. 1000
C. 1500
D. 5000
E. none of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
*
VPN 3030 is for medium- to large-sized organizations with bandwidth requirements from full T1/E1 through T3/E3 (50 Mbps max. performance) and up to 1500 simultaneous sessions; field-upgradeable to the Cisco VPN 3060

*
VPN 3060 is for large organizations, with high-performance, high-bandwidth requirements from fractional T3 through full T3/E3 or greater (100 Mbps max. performance) and up to 5000 simultaneous remote access sessions

*
Both have specialized SEP modules to perform hardware-based acceleration
QUESTION 30
What 3000 Series Concentrators are sold with unlimited VPN software client licenses? Choose all that apply.
A. 3015
B. 3030
C. 3060
D. 3080

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
Explanation: As long as you use the Cisco VPN client to connect to Cisco products, you can install it on an unlimited number of computers.
Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2308/ products_user_guide_book09186a00800e6e04.html
QUESTION 31
Which of the following is not a 3000 series Concentrator?
A. 3005
B. 3015
C. 3030
D. 3050
E. 3080

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The five 3000 series Concentrator models are the 3005, 3015, 3030, 3060, and the 3080.

QUESTION 32
Which of the following are NOT tabs under the 3000 series Concentrator Administration screen? Choose all that apply.
A. events
B. access rights
C. system reboot
D. encryption
E. logs
F. ping
G. software update

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
There are 8 tabs under the Administration screen. They are Administer Sessions, Software Update,
System Reboot, Ping, Monitoring Refresh, Access Rights, File
Management, and Certificate Management.

QUESTION 33
Which of the following are Ethernet ports on a Concentrator? Choose all that apply.
A. Inside
B. Outside
C. Default
D. Internal
E. External
F. Public
G. Private
Correct Answer: EFG Section: (none) Explanation

Explanation/Reference:
Explanation:
The three 10/100 mb Ethernet ports on a 3000 series Concentrator are Public, Private, and External.

The Cisco 642-511 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-511.We provide our customers with the excellent 7×24 hours customer service. We have the most professional Cisco 642-511 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-511 free pdf

2016 New Updated — Latest Cisco 642-511 Exam Questions with PDF and VCE 100% Pass Gurantee

100% Valid! Flydumps Cisco 642-511 exam questions and answers are tested and approved by Microsoft experts.Furthermore, we are constantly updating our Cisco 642-511 exam dumps,100% guarantee in quality and reliability.

Exam A
QUESTION 1
Which of the following are valid authentication options for the Hardware Client? (Choose two)
A. User Authentication
B. Unit Authentication
C. IP Address Authentication
D. Interactive Group Authentication
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What is the default configuration of the Cisco VPN 3002 public interface?
A. DHCP server is enabled
B. DHCP client is enabled
C. static IP address of 192.168.10.1
D. no configuration
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 3
For network extension RRI, which IP address does the Cisco VPN Concentrator advertise?
A. Cisco VPN Client NIC IP address
B. Cisco VPN 3002 assigned IP address
C. Cisco VPN 3002 public interface IP address
D. Cisco VPN 3002 private interface network address
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
When configuring group attributes in the Cisco VPN Concentrator, which three parameters are configurable group attributes? Choose three.
A. access hours
B. idle timeout
C. connection priority
D. maximum connect time
E. access level
F. TACACS+ server IP address
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 5
To troubleshoot SCEP enrollment, the administrator should scrutinize what event class in the event log?
A. IKE
B. IPSec
C. SCEP
D. Cert
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
For the Cisco VPN Concentrator, what are the two types of certificate enrollment? Choose two.
A. file-based enrollment process
B. SCEP
C. PKCS#15 enrollment process
D. automated enrollment process
E. out-of-band enrollment process
F. certified enrollment process
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 7
LAB A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 8
Which of the following predefined administrators allows the administrator all rights except SNMP access?
A. User
B. MIS
C. Config
D. ISP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
In the GUI, what happens if you reboot without saving the configuration changes?
A. configuration changes are lost
B. configuration changes remain
C. system does not allow you to reboot without saving
D. system warns you that the configuration changes will be lost, do you still want to proceed
Correct Answer: A Section: (none) Explanation Explanation/Reference:

The Cisco 642-511 training is a vital way of becoming the best.This Cisco 642-511 certification has helped the candidates to enhance their capabilities by providing a great learning platform to them so that they can polish their skills.