Welcome to download the newest Pass4itsure 70-470 dumps:
Flydumps.com Cisco 642-511 exam practice questions and answers are ideal for the aspiring candidates to grab exceptional grades in Microsoft exams. The Cisco 642-511 question answers are developed using the latest updated course content and all the answers are verified to ensure phenomenal preparation for the actual exam.
QUESTION 132
What three configuration steps must be completed to create a custom firewall policy when configuring a custom firewall policy in the VPN Concentrator? Choose three.
A. Assign the new rule to Cisco CPP.
B. Associate the new rule with the new policy.
C. Assign the new policy to Cisco CPP
D. Define a rule to restrict traffic.
E. Associate the new policy with a rule.
F. Define a new policy.
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Building custom CPP policies is a four step process on the concentrator.
Step 1: Define rules to restrict traffic Step 2: Add a new policy (called a filter on the VPN concentrator) Step 3: Associate the new rules with the newly created policy Step 4: Assign the new policy to the CPP This is a tricky one. Both F and D can be correct; however, as we can only choose a total of 3, one must go. Because Cisco writes “Add” and not “Define” in step 2, i would go with answer D instead of F Reference: Ciscopress CCSP Self Study, CSVPN Second edition Page: 200
QUESTION 133
What is the function of the auto-initiate retry time?
A. It will specify the waiting period (in minutes) before retrying a failed connection
B. It will specify the number of retries before auto-initiate Are You Thee polling commences
C. It will specify the waiting period (in seconds) before retrying a failed connection
D. It will specify the number of retries before auto-initiate is suspended
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
AutoInitiationRetryInterval-specifies the number of minutes to wait before retrying an auto initiation connection. The range is one to ten minutes. If you don’t include this parameter in the file, the default retry interval is one minute.
QUESTION 134
Which of the following statements regarding VPN client auto-initiate feature is valid?
A. The auto-initiation features is automatically configured in the VPN clinet.ini file but disabled by default.
B. The auto-initiation feature is automatically configured in the VPNclient.pcf file but disabled by default.
C. The auto-initiation feature is not resident in the VPNclient.ini file by default, it must be added.
D. The auto-initiation feature is not resident in the VPNclient
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: When your network administrator has configured your VPN Client for auto initiation (by including it in the vpnclient.ini file), the Options menu includes the option Automatic VPN Initiation. When you select this option, the VPN Dialer displays a dialog box that lets you enable/disable auto initiation and change the setting of the retry interval. Disabling auto initiation in this way does not remove it from your configuration. If you need to enable auto initiation after you have disabled it, you can return to this dialog box and enable it again. The only way you can remove auto initiation from your configuration is through editing the vpnclient.ini file.
QUESTION 135
What does the Auto-Initiation List parameter define under the auto-initiate parameters?
A. list of auto-initiation supported Concentrator addresses
B. list of auto-initiation supported network addresses
C. list of auto-initiation section names within the VPNclient.ini file
D. list of auto-imitation supported host addresses
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Explanation:
To configure auto initiation, you must add the following keywords and values in the [Main] section of the
vpnclient.ini global profile file:
1.
AutoInitiationEnable-enables or disables auto initiation. To enable auto initiation, enter 1. To disable it, enter 0.
2.
AutoInitiationRetryInterval-specifies the number of minutes to wait before retrying an auto initiation connection. The range is 1 to 10 minutes or 5 to 600 seconds. If you do not include this parameter in the file, the default retry interval is one minute.
3.
AutoInitiationRetryIntervalType-specifies whether the retry AutoInitiationRetryInterval parameter is displayed in minutes or seconds. The default is minutes.
4.
AutoInitiationList-provides a series of section names, each of which contains a network address, a subnet mask, a connection entry name, and optionally, a connect flag. You can include a maximum of 64 section (network) entries. *
1.
The section name is the name of an entry in the auto initiation list (within brackets)
2.
The network and subnet mask identify a subnet
3.
The connection entry specifies a connection profile (.pcf file) configured for auto initiation.
4.
The connect flag, if present, indicates the action to take if there is a match. If the Connect parameter is set to 1, the VPN Client should auto initiate; if 0, the VPN Client should not auto initiate. The default setting is 1. This parameter is optional. You can use it to exclude certain network ranges from auto initiation. For example, you might want to address a situation where Mobile IP and VPN software clients co-exist on client PCs and you want the VPN Client to auto initiate when not on a corporate subnet.
QUESTION 136
What color is the padlock icon in system tray for the VPN software client, when the client is attempting to Auto Initiate a connection?
A. black
B. yellow
C. red
D. green
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The system tray icon is an open green lock when the client is attempting Auto Initiation.
QUESTION 137
If your VPN software client is Auto-Initiating a connection to a Concentrator, but is cancelled, how long will the client wait before trying to connect again?
A. 5 seconds
B. 30 seconds
C. 2 minutes
D. 5 minutes
E. 10 minutes
F. 1 minute
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation:
The default frequency is 1 minute.
http://www.cisco.com/en/US/products/sw/secursw/ps2308/
products_administration_guide_chapter09186a00802
QUESTION 138
The Certkiller CEO is curious as to what the function of the auto-initiate retry timer is. What can you tell her?
A. specifies the time (in minutes) to wait before retrying a failed connection
B. specifies the number of retries before auto-initiate is suspended
C. specifies the number of retries before auto-initiate Are You There polling commences
D. specifies the time (in seconds to wait before retrying a failed connection
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
To configure auto initiation, you must add the following keywords and values in the [Main] section of the
vpnclient.ini global profile file:
1.
AutoInitiationEnable-enables or disables auto initiation. To enable auto initiation, enter 1. To disable it, enter 0.
2.
AutoInitiationRetryInterval-specifies the number of minutes to wait before retrying an auto initiation connection. The range is 1 to 10 minutes or 5 to 600 seconds. If you do not include this parameter in the file, the default retry interval is one minute.
3.
AutoInitiationRetryIntervalType-specifies whether the retry AutoInitiationRetryInterval parameter is displayed in minutes or seconds. The default is minutes.
4.
AutoInitiationList-provides a series of section names, each of which contains a network address, a subnet mask, a connection entry name, and optionally, a connect flag. You can include a maximum of 64 section (network) entries. *
1.
The section name is the name of an entry in the auto initiation list (within brackets)
2.
The network and subnet mask identify a subnet
3.
The connection entry specifies a connection profile (.pcf file) configured for auto initiation.
4.
The connect flag, if present, indicates the action to take if there is a match. If the Connect parameter is set to 1, the VPN Client should auto initiate; if 0, the VPN Client should not auto initiate. The default setting is 1. This parameter is optional. You can use it to exclude certain network ranges from auto initiation. For example, you might want to address a situation where Mobile IP and VPN software clients co-exist on client PCs and you want the VPN Client to auto initiate when not on a corporate subnet.
QUESTION 139
At what stage is the auto VPN initiation menu item available from the VPN client GUI?
A. It is available by default.
B. after auto-initiate dll is added to the Cisco Systems VPN Client folder
C. after AutoInitiateEnable=1 line is added to VPNclient.ini file
D. after AutoInitiateEnable=1 line is added to VPNclient.pcf file
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: To configure auto initiation for users on the network, you add parameters to the VPN Client’s global profile (vpnclient.ini). For information on how to create or use a global profile, see “Creating a Global Profile.” The only configurable features available to the user through the VPN Client GUI application are the ability to disable auto initiation and the ability to change the retry interval. These features are available through the Options menu when auto initiation has been configured through the global profile. If auto initiation is not configured, these options do not appear in the Options menu. When auto initiation is configured, some VPN Client status displays and dialog boxes differ slightly from standard connection dialog boxes to indicate to the user that auto initiation is occurring. For a complete explanation of how auto initiation appears to the VPN Client user, see Cisco VPN Client User Guide for Windows, “Using Automatic VPN Initiation.” To configure auto initiation, you must add the following keywords and values in the [Main]
section of the vpnclient.ini global profile file:
AutoInitiationEnable-enables or disables auto initiation. To enable auto initiation, enter
1. To disable it, enter 0.
QUESTION 140
Which of the following is specified by the AutoInitiationList parameter?
A. Section names
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
AutoInitiationList – A list of auto-initiation related section names within the INI file.
QUESTION 141
Which of the following files will you advice the new Certkiller trainee technician to modify to enable the Cisco VPN Software Client Auto-Initiation feature?
A. The main.ini file
B. The user.ini file
C. The client.ini file
D. The vpclinet.ini file
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: When your network administrator has configured your VPN Client for auto initiation (by including it in the vpnclient.ini file), the Options menu includes the option Automatic VPN Initiation When you select this option, the VPN Dialer displays a dialog box that lets you enable/disable auto initiation and change the setting of the retry interval. Disabling auto initiation in this way does not remove it from your configuration. If you need to enable auto initiation after you have disabled it, you can return to this dialog box and enable it again. The only way you can remove auto initiation from your configuration is through editing the vpnclient.ini file.
QUESTION 142
On your VPN software client, how do you change the Auto-Initiate retry interval?
A. options, settings, auto initiate
B. options, automatic vpn initiation
C. options, auto initiate setup
D. options, initiation timer interval
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
You can change the timer of the Auto-Initiation timer on your VPN software client from options, automatic
vpn initiation.
QUESTION 143
Johnthe I.T administrator at Certkiller Inc. is working on the Monitoring Sessions screen. He needs to know which data is shown on the Monitor Sessions screen. (Choose three)
A. The screen shows Tunnel summary
B. The screen shows Session summary
C. The screen shows LAN-to-LAN sessions
D. The screen shows Client tunnels
E. The screen shows Remote access sessions
F. The screen shows Site-to-site tunnels
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation:
Session Summary TableThis table shows summary totals for LAN-to-LAN, remote access, and
management sessions.
A session is a VPN tunnel established with a specific peer. In most cases, one user connection = one
tunnel = one session. However, one IPSec LAN-to-LAN tunnel counts as one session, but it allows many
host-to-host connections through the tunnel.
* Active LAN-to-LAN Sessions – The number of IPSec LAN-to-LAN sessions that are currently active.* Active Remote Access Sessions – The number of PPTP, L2TP, IPSec remote-access user, L2TP over IPSec, and IPSec through NAT sessions that are currently active.* Active Management Sessions – The number of administrator management sessions that are currently active.* Total Active Sessions – The total number of sessions of all types that are currently active.* Peak Concurrent Sessions – The highest number of sessions of all types that were concurrently active since the VPN Concentrator was last booted or reset.* Concurrent Sessions Limit – The maximum number of concurrently active sessions permitted on this VPN Concentrator. This number is model-dependent, for example, model 3060 = 5000 sessions.* Total Cumulative Sessions – The total cumulative number of sessions of all types since the VPN Concentrator was last booted or reset.
QUESTION 144
The administrator would like to verify that the proper orgid was entered in the configuration. However, the
Cisco IOS IDS is not communicating with its Postoffice group.
What command should he be running to see the orgid on the router?
A. show ip audit statistics
B. show ip audit interface
C. show ip audit detail
D. show ip audit configuration
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Use the show ip audit configuration EXEC command to display additional configuration information, including default values that may not be displayed using the show run command. The following example displays the output of the show ip audit configuration command: Event notification through syslog is enabled Event notification through Net Director is enabled Default action(s) for info signatures is alarm Default action(s) for attack signatures is alarm Default threshold of recipients for spam signature is 25 PostOffice:HostID:5 OrgID:100 Addr:10.2.7.3 Msg dropped:0 HID:1000 OID:100 S:218 A:3 H:14092 HA:7118 DA:0 R:0 CID:1 IP:172.21.160.20 P:45000 S:ESTAB (Curr Conn) Audit Rule Configuration Audit name AUDIT.1 info actions alarm
QUESTION 145
Study the Exhibit below carefully: Certkiller 2(config)#ipaudit po protected 10.10.10.1 to 10.10.10.254 Certkiller 2(config)#ip audit po protected 10.10.20.1 to 10.10.20.254 Will the IOS IDS Firewall still offer IDS functionality to each network after the commands shown above are entered when all the interfaces of Certkiller 2 has IDS rules applied to it?
A. No, the ip audit po protected command can only be entered once. The range should be 10.10.0.0 to
10.10.20.255.
B. No, the 10.10.10.0 network must be entered with the ipaudit po protected command to be protected.
C. Yes, the ip audit po protected command affects logging records only, not IDS security functionality.
D. Yes, entering the mandatory ip audit po protected command for any network enables protection for all networks on the router.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The commands only affect the logging behavior.
Each Answers in Cisco 642-511 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.
Welcome to download the newest Pass4itsure 70-470 dumps: http://www.pass4itsure.com/70-470.html