Welcome to download the newest Dumpsoon MB2-703 VCE dumps: http://www.dumpsoon.com/MB2-703.html
Flydumps is providing complete solutions for Cisco 642-825 that will help the candidates learn extensively and score exceptional in the Cisco 642-825 exam. Passing the Microsoft is not a dream anymore as our user friendly learning resources ensure guaranteed success.
QUESTION 51
True or false: There is an out-of-band management channel?
A. True
B. False
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Yes there is an RJ-45 console port with full RS-232 signals. The unit comes with cables and adapters for
DB-25 and DB-9.
QUESTION 52
What is the default username and password on a 3000 series Concentrator?
A. user, password
B. admin, password
C. it, login
D. admin, admin
Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation:
The 3000 series Concentrator default login is username admin, password admin.
QUESTION 53
Which method uses the Cisco VPN 3000 Concentrator to assign IP addresses from an internal pool when you have been asked to configure address assignments?
A. remote client pool
B. per-user
C. configured pool
D. DHCP pool
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: After you have selected the protocol to use, you must select the method the VPN concentrator is to use to assign an address to client as they establish tunnels with the concentrator. you could select multipule methods; the concentrator tries each method in order until it is successful in assigning an address to the client. The methods are tried in the order listed: 1) Client Specified 2) Per User 3) DHCP 4) Configured Pool Reference: CCSP VPN Ciscopress p.148
QUESTION 54
Greg the security administrator at Certkiller Inc. is working on configuring the group VPN Client attributes in the VPN Concentrator. He needs to know which three are the VPN Client firewall settings. (Choose three)
A. Click the radio button to select enable content filtering
B. Click the radio button to select enable CBAC
C. Click the radio button to select no firewall
D. Click the radio button to select enable authentication proxy
E. Click the radio button to select firewall required
F. Click the radio button to select firewall optional
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
Explanation:
Click the radio button to select a firewall setting:
No Firewall = No firewall is required for remote users in this group.
Firewall Required = All remote users in this group must use a specific firewall. Only those users with the
designated firewall can connect.
Firewall Optional = All remote users in this group can connect. Those that have the designated firewall can
use it. Those who do not have a firewall receive a warning message.
Note If you require a firewall for a group, make sure the group does not include any clients other than
Windows
VPN Clients. Any other clients in the group (including VPN 3002 Hardware Clients) are unable to connect.
Reference: VPN 3000 Series Concentrator Reference Volume I: Configuration
QUESTION 55
When logged into your 3000 series Concentrator via a web browser, what are the three main tabs?
A. administration
B. settings
C. protocols
D. monitoring
E. configuration
F. ipsec
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
There are three main tabs of your 3000 series Concentrator when logged in via a web browser.
Configuration, Administration, and Monitoring.
QUESTION 56
Jane the newly hired security administrator at Certkiller Inc. is working on setting up the Cisco VPN Client.
Which statement about the Cisco VPN Client local LAN access feature is true?
A. The Cisco VPN Client local LAN access feature enables split tunneling.
B. The Cisco VPN Client local LAN access feature enables local LAN users access to the VPN tunnel.
C. The Cisco VPN Client local LAN access feature enables Cisco VPN Client to encrypt packets destined for the local LAN.
D. The Cisco VPN Client local LAN access feature enables and disables Cisco VPN Client access to the local LAN.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Johnand Kathy the security team at Certkiller Inc. is working on Cisco VPN. They need to choose three parameters sent from the Cisco VPN Concentrator to the remote Cisco VPN Client during tunnel establishment.
Which are the three parameters? (Choose three)
A. Access priority
B. Split tunnel policy
C. Group name
D. Primary DNS address
E. Access priority level
F. Cisco VPN Client IP address
Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
Explanation:
During IKE tunnel establishment, the peer provides its identity: either an IP address, a fully qualified
domain name (FQDN), or a distinguished name (DN). It also presents a certificate, which contains none, some, or all of these fields. If IKE peer identity validation is enabled, the VPN Concentrator compares the peer’s identity to the like field in the certificate to see if the information matches. If the information matches, then the peer’s identity is validated and the VPN Concentrator establishes the tunnel. If the information does not match, the VPN Concentrator drops the tunnel. This feature provides an additional level of security. Reference: VPN 3000 Concentrator Ref Volume 1. Configuration 4.0.pdf
QUESTION 58
Kathy is the security administrator at Certkiller Inc. is working on the Cisco VPN Concentrator. How can Kathy accommodate the different access needs in a Cisco VPN Concentrator?
A. By having Kathy configure rights and privileges parameters in the Cisco VPN Concentrator.
B. By having Kathy configure access and usage parameters in the Cisco VPN Concentrator.
C. By having Kathy configure rights and privileges in the network authentication server.
D. By having Kathy configure user and group parameters in the Cisco VPN Concentrator.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Configure groups and users with attributes that determine their access to and use of the VPN. Configuring
groups and users correctly is essential for managing the security of your VPN.
Reference: VPN 3000 Concentrator Ref Volume 1. Configuration 4.0.pdf
QUESTION 59
A Certkiller trainee wants to know what is the type of authentication makes use of groups value in the Configuration | Quick | IPSec window. What will your reply be?
A. user
B. Cisco VPN Concentrator
C. NT Domain
D. RADIUS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Configuring the IPSec Group The Manager displays the Configuration | Quick | IPSec Group screen. This screen appears only when you select the IPSec tunneling protocol, and you must configure these parameters to complete quick configuration.
The remote-access IPSec client connects to the VPN Concentrator using this group name and password, which are automatically configured on the internal authentication server. This is the IPSec group that creates the tunnel. Users then log in, and are authenticated, through their usernames and passwords. (See Figure 3-14.)
QUESTION 60
During tunnel establishment, during tunnel establishment, the Cisco VPN Client receives a list of split DNS names and a primary DNS server address from the Concentrator when working in a VPN Concentrator release 3.6 environment.
After the tunnel is established, when the VPN Client receives a DNS query, the query is compared with the split DNS names.
How will the VPN Client react to the results of the comparison?
A. A matching query will be encrypted then transmitted to the primary DNS server for address resolution.
B. A matching query will be transmitted in clear text to the ISP DNS server for address resolution.
C. A matching query will be transmitted in clear text to the primary DNS server for address resolution.
D. A matching query will be encrypted then transmitted to the ISP DNS server for address resolution.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
…Query packets passing the comparison will have their destination IP address rewritten and tunneled
using the primary DNS IP address configured on the concentrator…
QUESTION 61
The newly appointed Certkiller trainee technician wants to know which of the following Quick Configuration elements can be used in the configuration of IPSec group. What will your reply be? Choose two.
A. group access protocols
B. group server name
C. password
D. user name
E. group priority
F. group name
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
Explanation:
Configuring IPSec
The VPN 3002 connects to the remote VPN Concentrator using the IPSec remote server address, group
name and password, and username and password. Note that these are the same group and usernames
and passwords that you configure on the central-site VPN Concentrator for this VPN 3002.If you are using
digital certificates, the group name and group password are not required.
0
4-12
Step 1 In the IPSec Remote Server parameter, enter the IP address or hostname of the VPN Concentrator
to which this VPN 3002 hardware client connects. Note that to enter a hostname, a DNS server must be
configured.
> IPSec Remote Server
Quick -> [ 130.0.0.1 ]
Step 2 The system prompts you to enable or disable IPSec over TCP.
1) Enable IPSec over TCP
2) Disable IPSec over TCP
Quick -> [ 2 ]
At the cursor, enter 1 to enable IPSec over TCP, or accept the default, 2, to disable IPSec over TCP.
Step 3 The system prompts you to enter the IPSec group name.
> IPSec Group Name
Quick -> _
at the cursor, enter a unique name for this group. Maximum is 32 characters, case-sensitive; for example,
Group1.
Step 4 The system prompts you to enter the group password.
> IPSec Group Password
Quick -> _
At the cursor, enter a unique password for this group. Minimum is 4, maximum is 32 characters, case-
sensitive. The system displays only asterisks.
Step 5 The system prompts you to reenter the group password to verify it.
Verify -> _
At the cursor, reenter the group password. The system displays only asterisks.
Step 6 The system prompts you to enter a username.
> IPSec User Name
Quick -> _
Enter a unique name within the group for this user. Maximum is 32 characters, case-sensitive.
Step 7 The system prompts you to enter the user password. Minimum is 4, maximum is 32 characters,
case-sensitive. The system displays only asterisks.
> IPSec User P0assword
Quick -> _
Step 8 The system prompts you to reenter the user password.
Verify ->
QUESTION 62
The newly appointed Certkiller trainee wants to know which IKE proposal is supported by the certicom client when under the IKE active proposal list. What will your reply be?
A. IKE-3DES-MD5-RSA
B. IKE-3DES-MD5-DH7
C. CiscoVPNClient-3DES-MD5
D. IKE-3DES-MD5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Certicom client uses elliptical curve cryptography (ecc) for small processor devices.
QUESTION 63
Which of the following group attributes are configurable in an environment where group attributes are being configured in the Cisco VPN Concentrator? (Select three options.)
A. access hours
B. idle timeout
C. connection priority
D. maximum connect time
E. access level
F. TACACS+ server IP address
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Source: Configuration | User Management | Groups | Modify a Group | General Tab Access hours Idle Timeout Maximum Connect Time
QUESTION 64
Which of the following IP addresses should go in the remote server field in the Configuration | Quick | IPSec windows?
A. DCHP server
B. authentication server
C. central site Cisco VPN Concentrator
D. accounting server
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: In the Remote Server field, enter the IP address or hostname of the VPN Concentrator to which this VPN 3002 hardware client connects. Note that to enter a hostname, a DNS server must be configured.
QUESTION 65
The Certkiller trainee technician wants to know which of the following IKE proposals can be used with digital certificates. What will your reply be?
A. IKE-3DES-MD5
B. IKE-3DES-MD5-DH7
C. IKE-3DES-MD5-RSA
D. IKE-AES-128-SHA
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Source: Cisco Press CCSP Cisco Secure VPN (Roland, Newcomb) p.240
QUESTION 66
What is the 3000 series Concentrator group configuration screen tab that you enable split tunneling on?
A. client config
B. general
C. identity
D. setup
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Split Tunneling configuration for a group is set under the client config tab from the 3000 series
Concentrator configuration, user management, groups configuration screen.
QUESTION 67
Which 3000 series Concentrator group configuration tab allows you to enable Interactive Hardware Authentication for remote 3002 Hardware Clients?
A. authentication
B. clients
C. hardware
D. hw client
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The hw client tab under group configuration (configuration, user management, groups) allows enabling of
Interactive Hardware Authentication. This essentially provides an extra level of security between the 3002
Hardware Client and the Head End Concentrator.
QUESTION 68
What is the maximum combined number of users and groups that can be configured on a Concentrator?
A. 100
B. 200
C. 750
D. 1000
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
A Concentrator will allow a combined total of 1000 users and groups to be defined.
QUESTION 69
DRAG DROP Jason the security administrator at Certkiller Inc. was given the assignment to match the severity level with the alarm level.
Explanation:
Table9-2: Event Severity Levels
Level Category Description
1 Fault A crash or non-recoverable error.
2 Warning A pending crash or severe problem that requires user intervention.
3 Warning A potentially serious problem that may require user action.
4 Information An information-only event with few details.
5 Information An information-only event with moderate detail.
6 Information An information-only event with greatest detail.
7 Debug Least amount of debugging detail.
8 Debug Moderate amount of debugging detail.
9 Debug Greatest amount of debugging detail.
10 Packet Decode High-level packet header decoding.
11 Packet Decode Low-level packet header decoding.
12 Packet Decode Hex dump of header.
13 Packet Decode Hex dump of packet.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Johnis the security administrator at Certkiller Inc. and he is troubleshooting the Cisco VPN Concentrator. The problem is a remote user exceeds the configured policing rate. What will the VPN Concentrator do when this happens?
A. The VPN Concentrator will allow exceeds of traffic to pass up to the configured normal burst size.
B. The VPN Concentrator logs the event, set the DE bit, and allow the traffic to pass.
C. All packets marked high priority are passed and all packets marked low priority are dropped on the VPN Concentrator
D. The VPN Concentrator will allow excess traffic to pass up to 1/8th of the CIR.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Bandwidth policing sets a maximum limit, a cap, on the rate of tunneled traffic. The VPN Concentrator Because traffic is bursty, some flexibility is built into policing. Policing involves two thresholds: the policing rate and the burst size. The policing rate is the maximum limit on the rate of sustained tunneled traffic. The burst size indicates the maximum size of an instantaneous burst of bytes allowed before traffic is capped back to the policing rate. The VPN Concentrator allows for instantaneous bursts of traffic greater than the policing rate up to the burst rate. But should traffic bursts consistently exceed the burst rate, the VPN Concentrator enforces the policing rate threshold. Reference: VPN 3000 Concentrator Ref Volume 1. Configuration 4.0.pdf
QUESTION 71
At which particular level in the Concentrator is NAT applied after NAT-transparency is configured on the Concentrator?
A. port level
B. group level
C. user level
D. system-wide level
E. none of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The functions that fall under the Configuration | System section have to do with configuring parameters for
system-wide functions in the VPN concentrator. Configure | Policy Management is its subcategorie.
One of the Sections of Configure | Policy Management is NAT.
-NAT- The Cisco VPN 3000 Concentrators can perform Network Address Translation, which you would
configure in this section.
Reference: CCSP VPN Ciscopress p.169-173
QUESTION 72
Which of the following protocols can be used to download the event log file from a Concentrator? Choose
2.
A. http
B. smtp
C. ftp
D. scep
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Download the event log file on a Concentrator with HTTP or FTP.
QUESTION 73
Where can you configure your Concentrators hostname?
A. configuration, system, ip routing, setup
B. configuration, system, ip routing, identification
C. configuration, system, general, setup
D. configuration, system, general, identification
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the configuration, system, general, identification Concentrator screen to set the hostname.
QUESTION 74
Where is an SMTP server added to your Concentrator configuration?
A. configuration, policy management, traffic management, smtp servers
B. configuration, policy management, traffic management, servers
C. configuration, system, general, smtp servers
D. configuration, system, events, smtp servers
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
SMTP servers can be configured on your Concentrator from configuration, system, events, smtp servers.
QUESTION 75
Where do you access DNS server configuration parameters on your Concentrator?
A. configuration, system, tunneling protocols, dns
B. configuration, system, servers, dns
C. configuration, system, ip routing, dns
D. configuration, system, management protocols, dns
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
DNS server configuration is set from the configuration, system, servers,
dns screen.
QUESTION 76
On a Concentrator, where is the default gateway ip address entered?
A. configuration, system, ip routing, default gateways
B. configuration, system, tunneling protocols, default gateways
C. configuration, system, servers, default gateways
D. configuration, system, general, default gateways
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The Concentrators default gateway can be configured from configuration, system, ip routing, default
gateways.
QUESTION 77
Which three files is necessary when pre-configuring a Cisco VPN client? (Select three options.)
A. unattended_setup.ini
B. user.pcf
C. data.ini
D. oem.ini
E. vpnclient.ini
F. client.ini
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 78
In Cisco VPN 3000 releases 3.7, in the Cisco VPN client GUI is supported on which two operating systems. Select two.
A. Windows
B. Linux
C. Macintosh
D. Solaris
E. HP-UX
F. IBM AIX
G. C
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which of the following statements regarding Cisco VPN client software update is valid?
A. As a remote Cisco VPN Client connects to the Cisco VPN Concentrator, the remote Cisco VPN Client automatically downloads a new version of code from a configurable web site.
B. As a remote Cisco VPN Client connects to the Cisco VPN Concentrator, the remote Cisco VPN Client automatically downloads a new version of code from a configurable TFTP server.
C. As a remote Cisco VPN Client connects to the Cisco VPN Concentrator, the r Cisco VPN Concentrator automatically downloads a new version of the software.
D. As a remote Cisco VPN Client connects to the Cisco VPN Concentrator, the Cisco VPN Concentrator only sends an update notification to the remote Cisco VPN Client.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
When you use the update software feature it will notify your client that they need to update their software,
QUESTION 80
Jacob the security administrator for Certkiller Inc. is exchanging certificates between a Cisco VPN client and a Cisco VPN Concentrator, the group information on Cicso VPN client and Cisco VPN Concentrator must match.
Because there is no group field listed on the VPN client certificate manager enrollment form, which enrollment field will double as a group field?
A. Common name enrollment field
B. IP address enrollment field
C. Organization enrollment field
D. Department name enrollment field
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Department-The name of the department to which you belong; for example, international studies. this field
correlates to the Organizational Unit (OU). The OU is the same as the Group Name configured in a VPN
3000 Series Concentrator, for example.
Get certified Cisco 642-825 is a guaranteed way to succeed with IT careers.We help you do exactly that with our high quality Cisco 642-825 Certification Certified Information Systems Security Professional training materials.
Dumpsoon MB2-703 dumps with PDF + Premium VCE + VCE Simulator: http://www.dumpsoon.com/MB2-703.html