Free P4S Cisco VPN and Security Exam 642-511 v2.93 Download

VPN and Security Cisco Secure Virtual Private Networks (CSVPN) : 642-511 Exam The Cisco Secure Virtual Private Networks exam (CSVPN 642-511) is one of the exams associated with the Cisco Certified Security Professional and the Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the CSVPN v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify, and manage the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set. CCNA or CCDA recertification candidates who pass the 642-511 CSVPN exam will be considered recertified at the CCNA or CCDA level.

Exam Number/Code: 642-511
Exam Name: VPN and Security Cisco Secure Virtual Private Networks (CSVPN)
VUE Code: 642-511
Questions Type: Single choice, Multiple choice, Simulate,
Real Exam Question Numbers: 55-65 questions
Exam Language(s): English

Exam Description Introduction
The Cisco Secure Virtual Private Networks exam (CSVPN 642-511) is one of the exams associated with the Cisco Certified Security Professional and the Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the CSVPN v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify, and manage the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set. CCNA or CCDA recertification candidates who pass the 642-511 CSVPN exam will be considered recertified at the CCNA or CCDA level.

Exam Topics
The following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Overview of Virtual Private Networks and IPSec Technologies
Cisco products enable a secure VPN
IPSec overview
IPSec protocol framework
How IPSec works

Cisco Virtual Private Network 3000 Concentrator Series Hardware
Overview of the Cisco VPN 3000 Concentrator Series
Cisco VPN 3000 Concentrator
Cisco VPN 3000 Concentrator Series Client support

Configuring the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-shared Keys
Overview of remote access using pre-shared keys
Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access
Browser configuration of the Cisco VPN 3000 Series Concentrator
Configure users and groups
More in-depth configuration information
Configure the Cisco Windows VPN Software Client

Configure Cisco Virtual Private Network 3000 Series Concentrator for Remote Access Using Digital Certificates
CA support overview
Certificate generation
Validating certificates
Configuring the Cisco VPN 3000 Concentrator Series for CA support

Configure the Cisco Virtual Private Network Firewall Feature for IPSec Software Client
Overview of software client’s firewall feature
Software Client’s Are You There feature
Software Client’s Central Policy Protection feature
Software Client’s firewall statistics
Customizing firewall policy

Configure the Cisco Virtual Private Network Client Auto-Initiation Feature
Overview of the Cisco VPN Software Client auto-initiation
Configure the Cisco VPN Software Client auto-initiation

Monitor and Administer Cisco VPN 3000 Remote Access Networks
Monitoring
Administration
Bandwidth Management

Configure the Cisco VPN 3002 Hardware Client for Remote Access
Cisco VPN 3002 Hardware client remote access with pre-shared keys

Configure the Cisco Virtual Private Network 3002 Hardware Client
Overview of the Hardware Client interactive unit and user authentication features
Configuring the Hardware Client interactive unit authentication feature
Configuring the Hardware Client user authentication feature
Monitoring the Hardware Client user statistics

Configure the Cisco Virtual Private Network Client Backup Server and Load Balancing
Configuring the Cisco VPN Client backup server feature
Configuring the Cisco VPN Client load balancing feature
Overview of the Cisco VPN Client Reverse Route Injection feature

Configure the Virtual Private Network 3002 Hardware Client for Software Auto-Update
Overview and configuration of the VPN 3002 Hardware Client software auto-update feature
Monitoring the Cisco VPN 3002 Hardware Client software auto-update feature

Configure the Cisco Virtual Private Network 3000 Series Concentrator for the IPSec Over UDP and IPSec Over TCP
Overview of Port Address Translation
Configuring IPSec over UDP
Configuring NAT-Transversal
Configuring IPSec over TCP

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys
Cisco VPN 3000 Series Concentrator IPSec LAN-to-LAN
LAN-to-LAN configuration

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with NAT
LAN-to-LAN overview
Configuring the Concentrator LAN-LAN NAT feature

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN using Digital Certificates
Root certificate installation
Identify certificate installation

“VPN and Security Cisco Secure Virtual Private Networks (CSVPN)”, also known as 642-511 exam, is a Cisco certification.
Preparing for the 642-511 exam Searching 642-511 Test Questions, 642-511 Exam, 642-511 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 174 questions to your 642-511 Exam preparation. In the 642-511 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

QUESTION 16:
How big is the SPI field in an IPSEC header?
A. 2 bytes
B. 4 bytes
C. 8 bytes
D. 24 bytes
Answer: B
Explanation:
The Security Parameter Index (SPI) field identifies a
Security Association between two IPSEC endpoints. The
field is 32 bits long (4 bytes).
QUESTION 17:
Which of the following peer authentication methods
scales the worst?
A. digital certificates
B. SCEP
C. preshared keys
D. encrypted nonces
Answer: C
642-511
www.actualtest.org – The Power of Knowing
Explanation:
A preshared key peer authentication method does not scale
well because each key needs to be entered manually at each
peer participating in the VPN.
QUESTION 18:
What is the protocol number that denotes AH is in use?
A. 17
B. 51
C. 89
D. 123
Answer: B
Explanation:
The Authentication Header protocol is protocol number 51.
QUESTION 19:
DRAG DROP
Jason the security administrator at PassGuide Inc. was given the assignment to match
the following order.
In IPSec main mode, match the two-way exchange between the initiator and
receiver with their descriptions.
Answer:
Explanation:
Main ModeMain mode provides a way to establish the first phase of an IKE SA, which
is then used to negotiate future communications. The first step, securing an IKE SA,
642-511
www.actualtest.org – The Power of Knowing
occurs in three two-way exchanges between the sender and the receiver. In the first
exchange, the sender and receiver agree on basic algorithms and hashes. In the second
exchange, public keys are sent for a Diffie-Hellman exchange. Nonces (random numbers
each party must sign and return to prove their identities) are then exchanged. In the third
exchange, identities are verified, and each party is assured that the exchange has been
completed.
Reference: Reference: Cisco Secure Virtual Private Network (Ciscopress) page 27
QUESTION 20:
James the security administrator for PassGuide Inc. is working with IKE. His job is to
know what the three functions of IKE Phase 2 are. (Choose three)
A. IKE uses aggressive mode.
B. IKE can optionally performs an additional DH exchange.
C. IKE periodically renegotiates IPSec SAs to ensure security.
D. IKE Negotiates IPSec SA parameter protected by an existing IKE SA.
E. IKE verifies the other side’s identity.
F. IKE uses main mode.
Answer: B C D