Cisco Secure Virtual Private Networks

Retired February 1, 2008
Exam Number: 642-511
Associated Certifications: CCSP, Cisco VPN Specialist
Duration: 75 minutes (55-65 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Cisco Secure Virtual Private Networks exam (CSVPN 642-511) is one of the exams associated with the Cisco Certified Security Professional and the Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the CSVPN v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify, and manage the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set. CCNA or CCDA recertification candidates who pass the 642-511 CSVPN exam will be considered recertified at the CCNA or CCDA level.

Exam Topics
The following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Overview of Virtual Private Networks and IPSec Technologies
Cisco products enable a secure VPN
IPSec overview
IPSec protocol framework
How IPSec works

Cisco Virtual Private Network 3000 Concentrator Series Hardware
Overview of the Cisco VPN 3000 Concentrator Series
Cisco VPN 3000 Concentrator
Cisco VPN 3000 Concentrator Series Client support

Configuring the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-shared Keys
Overview of remote access using pre-shared keys
Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access
Browser configuration of the Cisco VPN 3000 Series Concentrator
Configure users and groups
More in-depth configuration information
Configure the Cisco Windows VPN Software Client

Configure Cisco Virtual Private Network 3000 Series Concentrator for Remote Access Using Digital Certificates
CA support overview
Certificate generation
Validating certificates
Configuring the Cisco VPN 3000 Concentrator Series for CA support

Configure the Cisco Virtual Private Network Firewall Feature for IPSec Software Client
Overview of software client’s firewall feature
Software Client’s Are You There feature
Software Client’s Central Policy Protection feature
Software Client’s firewall statistics
Customizing firewall policy

Configure the Cisco Virtual Private Network Client Auto-Initiation Feature
Overview of the Cisco VPN Software Client auto-initiation
Configure the Cisco VPN Software Client auto-initiation

Monitor and Administer Cisco VPN 3000 Remote Access Networks
Monitoring
Administration
Bandwidth Management

Configure the Cisco VPN 3002 Hardware Client for Remote Access
Cisco VPN 3002 Hardware client remote access with pre-shared keys

Configure the Cisco Virtual Private Network 3002 Hardware Client
Overview of the Hardware Client interactive unit and user authentication features
Configuring the Hardware Client interactive unit authentication feature
Configuring the Hardware Client user authentication feature
Monitoring the Hardware Client user statistics

Configure the Cisco Virtual Private Network Client Backup Server and Load Balancing
Configuring the Cisco VPN Client backup server feature
Configuring the Cisco VPN Client load balancing feature
Overview of the Cisco VPN Client Reverse Route Injection feature

Configure the Virtual Private Network 3002 Hardware Client for Software Auto-Update
Overview and configuration of the VPN 3002 Hardware Client software auto-update feature
Monitoring the Cisco VPN 3002 Hardware Client software auto-update feature

Configure the Cisco Virtual Private Network 3000 Series Concentrator for the IPSec Over UDP and IPSec Over TCP
Overview of Port Address Translation
Configuring IPSec over UDP
Configuring NAT-Transversal
Configuring IPSec over TCP

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys
Cisco VPN 3000 Series Concentrator IPSec LAN-to-LAN
LAN-to-LAN configuration

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with NAT
LAN-to-LAN overview
Configuring the Concentrator LAN-LAN NAT feature

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN using Digital Certificates
Root certificate installation
Identify certificate installation
Recommended Training
Cisco Secure Virtual Private Networks (CSVPN) is the recommended training for the Cisco Secure Virtual Private Networks Exam.

PassGuide offers free demo for Certification Exams You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products. Download links:http://demo.passguide.com/download

Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner near you.

Additional Resources
A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

TestInside 642-511

Cisco 642-511

VPN and Security Cisco Secure Virtual Private Networks

(CSVPN)

Q&A DEMO

English: www.TestInside.com BIG5: www.Testinside.net GB: www.testking.name

TestInside,help you pass any IT exam!

TestInside 642-511

1.Drag Drop question

Drag and drop question. Drag the items to the proper locations.

Correct Answers:

2.Which feature will not allow the Cisco VPN Client to connect without a firewall running?

A: AYT

B: Connectionless Firewall

C: Stateful Firewall

D: CIC Firewall

Correct Answers: A

3.Which information is included in the PKCS#10 request message? Choose two. A:encryption algorithm
B:authentication algorithm

C:key size D:validity dates E:user information F:private key
Correct Answers: C, E

4.In the diagram, the firewall feature was enabled on the VPN Client. By clicking on the Firewall tab of the VPN Client connection status window, you can view the VPN Client’s firewall policy for the four connection types, labeled 1 through 4
in the diagram. In the bottom half of the diagram, Connection 4 displays the default policy applied to traffic which did not match the preceding three policy statements, connection 1-3. For the default policy, any inbound traffic from source address X and any local outbound traffic returning to its destination address X will have action Y applied to this traffic. Select the correct action, source and destination address for this policy.

TestInside 642-511

A: action forward, source and destination address, any

B: action forward, source and destination address, www.cisco.com

C: action drop, source and destination address, any

D: action drop, source and destination address, www.cisco.com

Correct Answers: C

5.The network auto-discovery feature enables the Cisco VPN Concentrator to learn automatically which networks are reachable at both ends of a LAN-to-LAN tunnel. From which routing protocols can the Cisco VPN Concentrator learn these networks?
A: EIGRP B: OSPF C: RIP
D: RIP and OSPF

Correct Answers: C

6.What are two purposes of the X.509 Certificate Serial Number? Choose two. A:It specifies the subject’s public key and hashing algorithm.
B:It specifies the start and expiration dates for the certificate.

C:It is a unique certificate numerical identifier in the CA domain.

D:It is the certificate number that is listed on the CRL when the certificate is revoked. E:It identifies the CA’s public key and hashing algorithm.
F:It is used to identify the certificate during the IKE peer authentication process.

Correct Answers: C, D

7.Which of the following operating systems support the Cisco VPN Client Virtual Adapter? (Choose two) A:Windows 98

TestInside 642-511

B:Windows NT 4.0

C:Windows 2000

D:Windows XP

E:Mac OS X version 10.1.0 or higher

F:Solaris 2.6 or higher

Correct Answers: C, D

8.What does the bandwidth policing feature provide to a remote user? A: a minimum and maximum data transfer rate
B: a maximum data transfer rate

C: a minimum and maximum data transfer rate with an excess burst size

D: a maximum data transfer rate with a maximum burst size

Correct Answers: D

9.Which data is shown on the Monitor Sessions screen? Choose three. A:session summary
B:LAN-to-LAN sessions C:tunnel summary D:client tunnels
E:site-to-site tunnels F:remote access sessions Correct Answers: A, B, F

10.What happens if both NAT-T and IPSec over UDP are enabled on the Concentrator and Client? A: IPSec over UDP takes precedence.
B: NAT-T takes precedence.

C: User chooses which protocol takes precedence.

D: An election occurs between the negotiating peers for which protocol takes precedence.

Correct Answers: B
Exam 642-511: Cisco Secure Virtual Private Networks (CSVPN)
Related Certifications: CCSP, Cisco VPN Specialist
Number of Questions: 55-65
Duration: 75 minutes

Exam Topics Include:

High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.www.freepassguide.co.uk

Dowload PassGuide Practice Test Questions

• Testking Actualtests cisco vce dumps
• Testking Cisco ccsp 642-545
• Testking cisco ccsp 642-504
• Testking Cisco CCSP 642-542 CSI
• Testking CCSP Dumps
• CISCO CCSP 642-524
• Cisco CCSP 642-515 SNAA Exam
• cisco 642-591 CANAC
• cisco 642-551 SND
• cisco 642-541 CSI
• cisco 642-533 IPS
• cisco 642-532 IPS
• CISCO 642-522 SNPA
• cisco 642-521 CSPFA
• CISCO 642-502 SNRS