Share your VPN Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the VPN exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the VPN 642-647 exam, your materials, the way you learned, your recommendations…
The question that was on the exam it is not in the dumps. Let’s answer it:
.”ASA-5-722006: Group (contractor) User (vpnuser) IP (172.16.1.20) Invalid address (0.0.0.0)” assigned to SVC connection.
While troubleshooting on a remote-access VPN application, a new OC engineer received the message shown in the exhibit. What could be causing the problem?
a. The IP address that is assigned to the PC of the VPN is not within the range of addresses that are assigned to the SVC connection.
b. The IP address that is assigned to the PC of the VPN is in use. The remote user needs to select a different host address within the range.
c. The IP address that is assigned to the PC of the VPN is in the wrong subnet. The remote user needs to select a different host number.
d. The IP address pool for contractor was not applied to the connection profile.
.”ASA-5-722006: Group (contractor) User (vpnuser) IP (172.16.1.20) Invalid address (0.0.0.0)” assigned to SVC connection.
While troubleshooting on a remote-access VPN application, a new OC engineer received the message shown in the exhibit. What could be causing the problem?
a. The IP address that is assigned to the PC of the VPN is not within the range of addresses that are assigned to the SVC connection. <<<<<<<<<<< answer
b. The IP address that is assigned to the PC of the VPN is in use. The remote user needs to select a different host address within the range.
c. The IP address that is assigned to the PC of the VPN is in the wrong subnet. The remote user needs to select a different host number.
d. The IP address pool for contractor was not applied to the connection profile.
source
http://kb.prismmicrosys.com/evtpass/evtPages/MessageCode_ASA-5-722006_55814.asp
hi kds
please post more questions and the ADSM sim questions if possible
thanks kds
The question that was on the exam it is not in the dumps. Let’s answer it:
Which statement regarding hashing is correct?
a. MD5 produces a 64-bit message digest
b. SHA-1 produces a 160-bit message digest?
c. MD5 takes more CPU cycles to compute than SHA-1.
d. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.
When deploying clientless SSL VPN advanced application access, the administrator needs to collect information on the end-user systems. Which three input parameters about an end-user system are of major concern for the administrator?
a. Types of applications and application protocols that are supported
b. Types of encryption that are supported on the end-user system
c. The local privilege level of the remote user
d. Types of wireless security that are applied to the end-user tunnel interface
e. Types of operating systems that are supported on the end-user system
f. Type of antivirus software that is supported on the end-user system
The question that was on the exam it is not in the dumps. Let’s answer it:
Which three Host Scan checks on a remote endpoint can Cisco Secure Desktop be configured to perform? (Choose three)
a. Registry checks.
b. User rights checks
c. Group Policy Objects checks
d. File checks
e. Virus Software checks
f. Process checks
The question that was on the exam it is not in the dumps. Let’s answer it:
Which three Host Scan checks on a remote endpoint can Cisco Secure Desktop be configured to perform? (Choose three)
a. Registry checks<<<<<<<
b. User rights checks
c. Group Policy Objects checks
d. File checks<<<<<<<<<<<
e. Virus Software checks
f. Process checks<<<<<<<<<<<
Please check, Gaurav.
The question that was on the exam it is not in the dumps. Let’s answer it:
Which statement regarding hashing is correct?
a. MD5 produces a 64-bit message digest
b. SHA-1 produces a 160-bit message digest?<<<<<<<<<<<<
c. MD5 takes more CPU cycles to compute than SHA-1.
d. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.
Please check, Gaurav.
Which three Host Scan checks on a remote endpoint can Cisco Secure Desktop be configured to perform? (Choose three)
a. Registry checks<<<<<<<
b. User rights checks
c. Group Policy Objects checks
d. File checks<<<<<<<<<<<
e. Virus Software checks
f. Process checks<<<<<<<<<<<
Please check, Gaurav.
That is correct.
http://www.cisco.com/en/US/docs/security/csd/csd341/configuration/guide/CSDhscan.html
The question that was on the exam it is not in the dumps. Let’s answer it:
Which statement regarding hashing is correct?
a. MD5 produces a 64-bit message digest
b. SHA-1 produces a 160-bit message digest?<<<<<<<<<<<< This is right answer
c. MD5 takes more CPU cycles to compute than SHA-1.
d. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.
thanks kd,
please if you have screenshot or anything which can give the idea of adsm question about SSL VPN
thankas for the effor kds
Regards
Gaurav
Hello If any one can complete the Lab simulation exercise
New connection profile
Name contractor
AAA server group : local
Default Group Policy : contractor
connection Alias : contractor
Group URL : hhtps://192.168.4.2/contractor
name IP address pool
name contractor
ip address range:10.0.4.50 – 10.0.4.70/24
new internal group policy
name contractor
only permitted these two tunneling protocols: client and client less SSL VPN
add a new banner ” Welcome contractors”
Local user
Name contractor1
password Cisco
contractor1 access restrictions no ASDM, ssh,telnet or console access
lock contractor1 user to the contractor connection profile
….
whats below this i am not able to see can anyone give me the idea
thanks
Gaurav
any one given the exam recently please discuss the questions…
thanks
Gaurav
Hi! How can I attach a screenshot here?
you can give the link people can view the link from website and you can mark as fig 1, fig 2 i know it will be complicated but we can try atleast.
kds can you remember if you got any question on crl nat0
is 66 questions dumps still valid
when did you gave test and how much was the score
thanks kds
I took the test the 12th. scored 825 points. the exam was 75 questions.
hi kds
the dumps now we all have 66 question , you discussed nearly 7 questions with us, thanks for that, can you share remaining 3 questions, plus was there any hotspot question as per blog, also do you faced any questions about crl/nat0/ troubleshooting IPSec ?
what do you say dumps are still valid
the person in blog pd said
“Took 642-647 last week, AT is about 40% valid.. had roughly 30 new questions. I had q’s on +-/CRL, CA, nat 0, troubleshooting IPSec. Good luck! Don’t rely on AT!”
what do you say
thanks kd
looking forward for your reply
Hi Gaurav!
Dumps is valid at 85 percent.
That this question somebody knows the correct answer?
When deploying clientless SSL VPN advanced application access, the administrator needs to collect information on the end-user systems. Which three input parameters about an end-user system are of major concern for the administrator?
a. Types of applications and application protocols that are supported
b. Types of encryption that are supported on the end-user system
c. The local privilege level of the remote user
d. Types of wireless security that are applied to the end-user tunnel interface
e. Types of operating systems that are supported on the end-user system
f. Type of antivirus software that is supported on the end-user system
Thx for this great information that you are sharing with us!!!
The question that was on the exam it is not in the dumps. Let’s answer it:
When deploying clientless SSL VPN advanced application access, the administrator needs to collect information on the end-user systems.
Which three input parameters about an end-user system are of major concern for the administrator?
a. Types of applications and application protocols that are supported >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
b. Types of encryption that are supported on the end-user system
c. The local privilege level of the remote user >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
d. Types of wireless security that are applied to the end-user tunnel interface
e. Types of operating systems that are supported on the end-user system >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
f. Type of antivirus software that is supported on the end-user system
a,c,e
http://ptgmedia.pearsoncmg.com/images/9781587052422/samplepages/1587052423_Sample.pdf
Does anyone know what version of ASDM is used on the scenario question?
What is the NAT0 question?
HI!
Questions posted no pictures, may be someone who remembers the true test response squeezed exam. Later’ll post pictures.
Refer to the exhibit. While configuring a site to site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?
a. The local Cisco ASA will advertise its default routes to the distant end of the site-to-site VPN tunnel.
b. The local Cisco ASA will advertise routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
c. The local Cisco ASA will advertise routes that are at the distant end of the site-to-site VPN tunnel
d. The local Cisco ASA will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel
Refer to the exhibit. A network architect designed a redundant site-to-site IPsec VPN. In this site-to-site IPsec VPN solution are two standalone Cisco ASA appliances that are deployed at the headquarters office site. A site-to-site VPN tunnel is established between the remote office and online peer (192.168.4.1).
To enable the remote office devices to be advertised correctly at headquarters, select the three Cisco ASA parameters and the ends in which they should be applied. R=remote end; H=headquarters end. (Choose three)
a. R-Configure Originate-Only
b. H-Configure Originate-Only
c. R-Configure Answer-Only
d. H-Configure Answer-Only
e. R-Enable RRI
f. H-Enable RRI
Refer to the exhibit. You have configured two SSL VPN Certificate to Connection Profile Maps for all employee and management users. The Connection Profiles for the management users are not being applied when the “management” users connect. Based on the configuration that is shown, what would cause this issue?
a. The rule priority of the employee mapping is not low enough, and it needs to be lowered to 1.
b. The priority of the employee mapping is too low, and it needs to be increased but not more than the rule priority of the management mapping.
c. The priority of the management mapping is too high and needs to be lower than the rule priority of the employee mapping.
d. The matching criteria for the management mapping is too specific, and the CN matching parameter should be removed.
HI!
Q.23 .Refer to the exhibit. While configuring a site to site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?
a. The local Cisco ASA will advertise its default routes to the distant end of the site-to-site VPN tunnel.
b. The local Cisco ASA will advertise routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
c. The local Cisco ASA will advertise routes that are at the distant end of the site-to-site VPN tunnel
d. The local Cisco ASA will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel
The picture can look by clicking the link: http://www.MegaShare.com/3613777.
Q 24. Refer to the exhibit. You have configured two SSL VPN Certificate to Connection Profile Maps for all employee and management users. The Connection Profiles for the management users are not being applied when the “management” users connect. Based on the configuration that is shown, what would cause this issue?
a. The rule priority of the employee mapping is not low enough, and it needs to be lowered to 1.
b. The priority of the employee mapping is too low, and it needs to be increased but not more than the rule priority of the management mapping.
c. The priority of the management mapping is too high and needs to be lower than the rule priority of the employee mapping.
d. The matching criteria for the management mapping is too specific, and the CN matching parameter should be removed.
The picture can look by clicking the link:http://www.MegaShare.com/3613781
HI!
Q.23 .Refer to the exhibit. While configuring a site to site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?
a. The local Cisco ASA will advertise its default routes to the distant end of the site-to-site VPN tunnel.
b. The local Cisco ASA will advertise routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
c. The local Cisco ASA will advertise routes that are at the distant end of the site-to-site VPN tunnel<<<<<<<<<<<<<<<<<<<<<<<<<<
d. The local Cisco ASA will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel
The picture can look by clicking the link: http://www.MegaShare.com/3613777.
Q 24. Refer to the exhibit. You have configured two SSL VPN Certificate to Connection Profile Maps for all employee and management users. The Connection Profiles for the management users are not being applied when the “management” users connect. Based on the configuration that is shown, what would cause this issue?
a. The rule priority of the employee mapping is not low enough, and it needs to be lowered to 1.
b. The priority of the employee mapping is too low, and it needs to be increased but not more than the rule priority of the management mapping.
c. The priority of the management mapping is too high and needs to be lower than the rule priority of the employee mapping.<<<<<<<<<<<<<<<<<<<<
d. The matching criteria for the management mapping is too specific, and the CN matching parameter should be removed.
The picture can look by clicking the link:http://www.MegaShare.com/3613781
Please check, Gaurav.
hi kds i am not able to open the megashare link, can you please post in on mediafire.com/wupload.com
Thanks
Gaurav
HI!
Q.23 .Refer to the exhibit. While configuring a site to site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?
The picture can look by clicking the link: http://www.mediafire.com/i/?mim738cfv5d8d21
Q 24. Refer to the exhibit. You have configured two SSL VPN Certificate to Connection Profile Maps for all employee and management users. The Connection Profiles for the management users are not being applied when the “management” users connect. Based on the configuration that is shown, what would cause this issue?
The picture can look by clicking the link:http://www.mediafire.com/i/?b7r9xn5jf0ybws4
Please check, Gaurav.
Gurav tell your E-mail.
Hi kds
My email id is gchauhan.ebay@gmail.com.
The answer to the below
Question 2. Refer to the exhibit. A network architect designed a redundant site-to-site IPsec VPN. In this site-to-site IPsec VPN solution are two standalone Cisco ASA appliances that are deployed at the headquarters office site.
A site-to-site VPN tunnel is established between the remote office and online peer (192.168.4.1).
To enable the remote office devices to be advertised correctly at headquarters, select the three Cisco ASA parameters and the ends in which they should be applied. R=remote end; H=headquarters end. (Choose three)
a. R-Configure Originate-Only
b. H-Configure Originate-Only<<<<<<<<<<<<<<<<<
c. R-Configure Answer-Only
d. H-Configure Answer-Only<<<<<<<<<<<<<<<<<<<
e. R-Enable RRI
f. H-Enable RRI<<<<<<<<<<<<<<<<<<<<<<<<<<<<
B,D,F
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809d07de.shtml
Hi kds i got the image from the mediafire links at gchauhan.ebay
gmail.com
I have posted some answers
Refer to the exhibit. While configuring a site to site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?
a. The local Cisco ASA will advertise its default routes to the distant end of the site-to-site VPN tunnel.
b. The local Cisco ASA will advertise routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.
c. The local Cisco ASA will advertise routes that are at the distant end of the site-to-site VPN tunnel<<<<<<<<<<<<<<<<<<<<<<<<<<
d. The local Cisco ASA will advertise routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel
yes kds this is right
Can you post the hotspot sim of VPN if you remebr, you can give the links
thanks
Gaurav
HI!
Questions(Hotspot) posted no pictures, may be someone who remembers the true test response squeezed exam
1. The user, contractor1, will receive an IP address when the VPN connection is established. Which statement regarding the IP address is true?
a. Is sourced from the contractor pool
b. Is sourced from the employee pool
c. Is sourced from the engineering pool
d. Is sourced from the management pool
e. Is a dedicated address (10.0.4.1 20)
2. Which group policy restricts the VPN user access to VLAN 100?
a. Employee
b. Contractor
c. Management
d. Engineering
3. Which connection profile supports SSL VPN Client access only.
a. Employee
b. Contractor
c. Management
d. Engineering
e. New_hire
4. After providing the correct VPN login credentials, user, contractor1, is enabled to use which VPN access type?
a. Cisco Any Connect VPN
b. Clientless VPN
c. Cisco Any Connect VPN and clientless VPN
d. Cisco Any Connect VPN, clientless VPN, and IPsec VPN
5. Upon logging in, user, emploeyee1, has two privileges: (Choose two)
a. Cisco ASDM, SSH, Telnet, and console access
b. CLI login prompt for SSH, Telnet, and console only
c. No Cisco ASDM, SSH, or console access
d. Level 15
e. Level 2
f. Level 3
hi kds
is Monitoring tab or configuration tab is there in hot spot questions or both were there
thanks kds
Hi, Gaurav can you answer
Refer to the exhibit. A network architect designed a redundant site-to-site IPsec VPN. In this site-to-site IPsec VPN solution are two standalone Cisco ASA appliances that are deployed at the headquarters office site. A site-to-site VPN tunnel is established between the remote office and online peer (192.168.4.1).
To enable the remote office devices to be advertised correctly at headquarters, select the three Cisco ASA parameters and the ends in which they should be applied. R=remote end; H=headquarters end. (Choose three)
a. R-Configure Originate-Only
b. H-Configure Originate-Only
c. R-Configure Answer-Only
d. H-Configure Answer-Only
e. R-Enable RRI
f. H-Enable RRI
Hi kds i have answer this with the supported references
Question 2. Refer to the exhibit. A network architect designed a redundant site-to-site IPsec VPN. In this site-to-site IPsec VPN solution are two standalone Cisco ASA appliances that are deployed at the headquarters office site.
A site-to-site VPN tunnel is established between the remote office and online peer (192.168.4.1).
To enable the remote office devices to be advertised correctly at headquarters, select the three Cisco ASA parameters and the ends in which they should be applied. R=remote end;
H=headquarters end. (Choose three)
a. R-Configure Originate-Only
b. H-Configure Originate-Only<<<<<<<<<<<<<<<<<
c. R-Configure Answer-Only
d. H-Configure Answer-Only<<<<<<<<<<<<<<<<<<<
e. R-Enable RRI
f. H-Enable RRI<<<<<<<<<<<<<<<<<<<<<<<<<<<<
B,D,F
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809d07de.shtml
Hi kds,
can you please tell me if any other question other than 10 questions we discussed on this blog
also if you can please tell me in hot spot sim which navigation tab was available , configuration, monitoring or both
thanks kds
Gaurav
was available , configuration and monitoring
it link for hotspot screenshot
http://www.mediafire.com/i/?iww613pxozc86wh
Hello kds
If possible please provide the complete view of the Lab simulation exercise
New connection profile
Name contractor
AAA server group : local
Default Group Policy : contractor
connection Alias : contractor
Group URL : hhtps://192.168.4.2/contractor
name IP address pool
name contractor
ip address range:10.0.4.50 – 10.0.4.70/24
new internal group policy
name contractor
only permitted these two tunneling protocols: client and client less SSL VPN
add a new banner ” Welcome contractors”
Local user
Name contractor1
password Cisco
contractor1 access restrictions no ASDM, ssh,telnet or console access
lock contractor1 user to the contractor connection profile
….
whats below this i am not able to see can anyone give me the idea
thanks
Gaurav
HI Gaurav!
I’ll see this lab sim. What can you respond to hot spots?
(Hotspot) posted no pictures, may be someone who remembers the true test response squeezed exam
I have given possible navigation below each question it can be wrong but these are best possible ways as i am not able to simulate the above scenario fully
1. The user, contractor1, will receive an IP address when the VPN connection is established. Which statement regarding the IP address is true?
a. Is sourced from the contractor pool
b. Is sourced from the employee pool
c. Is sourced from the engineering pool
d. Is sourced from the management pool
e. Is a dedicated address (10.0.4.1 20)
Through configuration
first see username in device management >> see its group policy
then go to remote access VPN >> connection profiles >> client address pools >> contractor >> select t see the address pool
Through Monitoring
VPN statistics > session >> see username and its assigned ip address >> then find it out in configuration tab above procedure
2. Which group policy restricts the VPN user access to VLAN 100?
a. Employee
b. Contractor
c. Management
d. Engineering
configuration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > restricted VLAN
Monitoring > VPN > VPN statistics Sessions, vlan mapping sessions
3. Which connection profile supports SSL VPN Client access only.
a. Employee
b. Contractor
c. Management
d. Engineering
e. New_hire
configuration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > tunneling protocol > see the check marks
4. After providing the correct VPN login credentials, user, contractor1, is enabled to use which VPN access type?
a. Cisco Any Connect VPN
b. Client less VPN
c. Cisco Any Connect VPN and client less VPN
d. Cisco Any Connect VPN, client less VPN, and IPsec VPN
configuration > network client access > any connect connection profiles >connection profiles > edit for each profile > general > more options > tunneling protocol > see the check marks
Monitoring > VPN > VPN statistics > sessions filter by >>> choose contractor1
5. Upon logging in, user, emploeyee1, has two privileges: (Choose two)
a. Cisco ASDM, SSH, Telnet, and console access
b. CLI login prompt for SSH, Telnet, and console only
c. No Cisco ASDM, SSH, or console access
d. Level 15
e. Level 2
f. Level 3
configuration > Device management > users/AAA > Users >> choose between a/b/c and d/e/f
Hotspot is very important to me.
hii gaurav…wen r u going to give exam ????
sorry but i answer it wrong but references were right
Refer to the exhibit. A network architect designed a redundant site-to-site IPsec VPN. In this site-to-site IPsec VPN solution are two standalone Cisco ASA appliances that are deployed at the headquarters office site.
A site-to-site VPN tunnel is established between the remote office and online peer (192.168.4.1).
To enable the remote office devices to be advertised correctly at headquarters, select the three Cisco ASA parameters and the ends in which they should be applied. R=remote end; H=headquarters end. (Choose three)
a. R-Configure Originate-Only<<<<<<<<<<<<<<<<<
b. H-Configure Originate-Only
c. R-Configure Answer-Only
d. H-Configure Answer-Only<<<<<<<<<<<<<<<<<<<
e. R-Enable RRI
f. H-Enable RRI<<<<<<<<<<<<<<<<<<<<<<<<<<<<
answers : A,D,F
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a87f7.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809d07de.shtml
Hi kds
Please find the video solution for hot spot Sim
http://www.mediafire.com/?z3shhbjxeg9ioni
please find the video solution for lab simulation of any connect VPN
http://www.mediafire.com/?03coysp68ijm6o9
kds can you please give me screenshot of complete things to be done in any connect VPN lab as i have only a screenshot above portion
Also kds , please if you you can share anymore new questions apart from 66 question dump
thanks kds for your support
Regards
Gaurav
here is the screenshot for the lab sim.
http://www.mediafire.com/?iui7ykmabci9orr
New connection profile
Name contractor
AAA server group : local
Default Group Policy : contractor
connection Alias : contractor
Group URL : hhtps://192.168.4.2/contractor
name IP address pool
name contractor
ip address range:10.0.4.50 – 10.0.4.70/24
new internal group policy
name contractor
only permitted these two tunneling protocols: client and client less SSL VPN
add a new banner ” Welcome contractors”
Local user
Name contractor1
password Cisco
contractor1 access restrictions no ASDM, ssh,telnet or console access
lock contractor1 user to the contractor connection profile
Hi,
Thank you all for taking the time out to help.
Question, if i study the 66q from AT and this site as well, will this be enough to pass?
Thanks
Hulk
Fyi. I just passed the exam today with895/1000. The dump is still valid, but area new questions which discussed here. Thanks to kids and gau. The lab is still valid. You need to know how to navigate the asdm to find answers.
Good licks all.
Time to move on to ups then secure.
Hello jt
can you please advice if there are any other questions other than discussed here if yes what were are the topics
thanks
Gaurav
any one has the complete LAb Screenshot? how the Lab Scenario come in exam? Kds can you please upload the exact Lab Screenshot?
gaurav,
no, new questions. just make sure the correct answers that discussed here. I was surprised that my scores is low, possibly some of these answer may not be correct. the lab and simlets cost me lots of time. I only have 30min left when I am done.
what exam are taking next.
km: see my earlier post for the screenshots for the lab, just ignore the IP that I used.
materials I used : cbtnuggets snaa, gns3, at dumps and question discussed here.
last on the lab, make sure you complete all asked question before click next. I mean it asked you to validate the SSL vpn profile that you created from the client.
good lucks all.
HI Guys,
I’d like to ask if there is an exam in ccsp track i can take without the ccna security or can be certified if i passed on it?????
@jt,
Hi, how do you validate the SSL vpn profile if it asks?
on the exam, how would you do that?
Thanks
Semore
These are what we need :
CCNP Security VPN 642-647 Official Cert Guide
http://ebook-shelves.blogspot.com/2011/08/download-ccnp-security-vpn-642-647.html
http://www.myindustry.ir
@semore,
on the labsim. look at the topology. click on one of the ssl vpn client laptop, a logon screen will appear, enter username/password then click connect.
@jt
thanks
ALSO 2 quick question,
1. any reason on why the labsim video above they kind of do it backwards instead of straight down the question???
ALSO
2. any reason why on the hotspot video above they keep going to the monitoring tab page when you can find the answers in the configuration tab page???
thanks so much again
Semore
Passed the exam today! scored 874
dumps still valid, 2-3 new questions apart from wat discussed here
Hot spot answers are not the same as in the forum but its very easy to identify.
Thnaks alot kd and Gurav for your help
Guys confirm that I can take CCNP security exams if I am CCNP Routing and Switching certified but without CCNA security
@senmore,
to me, the fast way is
1. create a group policy.
2. create profile
2a. create ip address pool.
3. create user account (because you need to assign to a profile that you create in step 1, other you have to comeback to the user and assign to a profile.
if you have lots of time, then you can do them in any order you like as long as you complete all the requirements.
Hi JT,
What the ASA ASDM and you used to emulate? The ASDM demo is enough to prove this?
Can you help me by providing information about the lab you used to study?
TKS and Congratulations.
@jv
my purpose is not just pass the exam, but to acquire the skill therefore i used gns3 integrated with ASA and routers ios. it is emulators, not simulator, just like real cisco IOS.
1. download gns3: http://www.gns3.net/
1a. then use your google/torrent skill search for some router IOS for gns3.
2. http://www.4shared.com/file/sUllU1ot/asa802-k8initrd-asdm_webvpn_mc.htm
3. http://www.4shared.com/file/izZXzj5k/asa802-k8.htm
4. if you need more instruction google for “gns3 asa”
if you just want to pass the exam, use the AT dumps and ASDM demo is good enough
good lucks
@francis
You can defintely take those exams but you will not get the CCNP-Security certification if you dont have the CCNA security
http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html
@jv,
i can not find any ASA lab out there, so i created my own scenario.
here is my topology
Internal Network ASA Cloud (use a router) ASA Internal Network
JT,
Thanks for the information.
I want to learn, not just pass the test. I have little time experience in the area, and work with Juniper vpn, but I know a lot of cisco remote access, SSL, etc.. My question about the ASDM demo was whether it is enough to learn and not only pass on test. I have no interest in TK, Braindumps, etc …
In the official guide it seems that you need the ASA 8.2, But gns only supports 8.0.x, but found nothing on the internet that emulates the ASA 8.2. I’m checking some way to do it in ubuntu … But I’m slow with this.
From what you’ve spent, the ASA 8.0 is enough. Based on this I think there is no difference between version 8.0 and 8.2, am I right?
Again, Thanks for the information!
if you do not understand my English, sorry, I’m learning … laughs ..
Is there any simulation test in the exam?
jv,
i didn’t spent time to find out what’s the difference between 8.0 and 8.2. but what i do know is that the 8.0 emulate in gns3 give you all the functions that you need to learn. ie. the different mode (routed, and ??), context, vpn (sslv, etc), (i can’t find the cisco secure desktop for ASA)
Which three Host Scan checks on a remote endpoint can Cisco Secure Desktop be configured to perform? (Choose three)
a. Registry checks<<<<<<<
b. User rights checks
c. Group Policy Objects checks
d. File checks<<<<<<<<<<<
e. Virus Software checks
f. Process checks<<<<<<<<<<<
Answer is A,D,F
Please
I need to get the latest dump
Thanks
Can anyone help me with latest dumps? [zahoor.mirza@gmail.com]
Thank you
Passed the exam today. The dumps on http://www.examcollection.com/642-637.html are still good (notably the ones from October). There were 70 questions with 2 simulations, one for the Hotspot and the other for configuring a user, connection profile and group policy. Make sure you know your way around the ASDM. No real surprises, although some of the questions have been slightly re-worded (from the dumps) so make sure you read the question and answers carefully.
The correct link for the 642-647 dumps is http://www.examcollection.com/642-647.
Latest dumps
http://www.examcollection.com/642-647.html
Any simulation on this test? I cant find any simulation test for this exam.
Is it possible that some of the questions in the dumps have the wrong answers?
For example:
The software-based Cisco IPsec VPN Client solution uses bidirectional authentication in which the client authenticates the Cisco ASA, and the Cisco ASA authenticates the user. Which three methods are software-based IPsec VPN Client to Cisco ASA authentication methods? (Choose three)
A. Unified Client Certificate authentication
B. Secure Unit Authentication
C. Hybrid Authentication
D. Certificate Authentication
E. Group Authentication
The answers given in the dumps are B, D, E.
Isn’t the answer actually C, D, E? Considering that SUA is only applicable to hardware-based Easy VPN implementation. And the three options available for IPsec VPN client are Group Authentication, Certificate Authentication, and Mutual/Hybrid Authentication (page 561-562 of the official cert guide)?
Hello, is there any CBT Nuggets for this test? I need it urgently
Thanks
Passed today, got 958. Same two labs, pretty easy. The questions in the dumps are mostly valid, but keep in mind that a lot of the answers in the dumps are wrong. So don’t just memorize the answers.
Hi qwerty,
i am about to take exam very soon,Can you email me the dump? augies@126.com
Thanks!
Hi qwerty,
Could you share with us the wrong answers that you saw in the dumps?
Thanks,
qwerty , which two labs?
Gabriel, I don’t have my own dumps. I just used the ones that guys recommended here.
Ila, one lab was to configure clientless SSL VPN, and the other one was to answer questions about a configuration (i.e. what IP address will be assigned to user contractor1?). Pretty sure both labs were talked about here. You just click your way thru the ASDM. It also helps that the ASDM simulation is not fully functional there, so if it doesn’t let you click on something – you know you’re not in the right place
As far as the wrong answers, I’ll tell you what I remember.
The ones about split tunneling – you cannot have an extended access list with split tunneling. It only supports standard ACL. So you would pick “Exclude network list below” and “Standard access list”.
The one about customization portal. The answers were “Logon”, “Logout”, and “Portal”.
The one I mentioned above, about Cisco VPN client authentication. The answers are “group”, “certificate”, and “hybrid”.
Then there was a mix-and-match question about DH, and in the answers they picked DH group 3 for something. There is no such thing as DH3. DH groups are 1,2,5, and 7.
If I remember anymore I’ll come back.
This is the correct answer for the diffie hellman question.
Default for site to site with 3 DES — DH1
DA—-DH 7
Recommended for low processing Power
Recommended for AES Encryption —– DH 5
Default for RA with DES —– DH2
Thank you very much for share qwerty.
I think the correct answer for DH groups is
Default for remote access vpn with aggressive mode—– > DH2
Recommended for PDA—-> DH 7
Recommended for AES Encryption —–> DH 5
Default for Site to site vpn- certificate based —–> DH1
Please guide me if i am wrong. thanks
No, Thats wrong. Aggressive mode will allways use DH1 as default. Please see above for correct answers.
@Ilt Olsen
As question mentioned it Default for remote access vpn, remote connect does’nt support DH group 1 after vpn connect 3.x
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.
Please guide me if i am wrong. thanks
Shahid,i think you are right.
Passed the exam with 906, AT dumps are still valid, with some new questions, Lab and hotspot were same as discussed here
Congrats SID
I am going for exam soon, any views or suggestions on wrong answers as we discussed here. Thanks
Hi Sid please could you send me the AT dumps to this address trialaccount38@yahoo.com
Thanks.
1. The user, contractor1, will receive an IP address when the VPN connection is established. Which statement regarding
the IP address is true?
a. Is sourced from the contractor pool
b. Is sourced from the employee pool
c. Is sourced from the engineering pool
d. Is sourced from the management pool
e. Is a dedicated address (10.0.4.1 20)
AN: Is a dedicated address (10.0.4.1 20)
2. Which group policy restricts the VPN user access to VLAN 100?
a. Employee
b. Contractor
c. Management
d. Engineering
AN: Contractor
3. Which connection profile supports SSL VPN Client access only.
a. Employee
b. Contractor
c. Management
d. Engineering
e. New_hire
AN: New_hire
4. After providing the correct VPN login credentials, user, contractor1, is enabled to use which VPN access type?
a. Cisco Any Connect VPN
b. Clientless VPN
c. Cisco Any Connect VPN and clientless VPN
d. Cisco Any Connect VPN, clientless VPN, and IPsec VPN
AN: ???
5. Upon logging in, user, emploeyee1, has two privileges: (Choose two)
a. Cisco ASDM, SSH, Telnet, and console access
b. CLI login prompt for SSH, Telnet, and console only
c. No Cisco ASDM, SSH, or console access
d. Level 15
e. Level 2
f. Level 3
AN: a and d
————————————————————
NEW QUESTION
Which fileuse Cisco Any Connect
a) user.init
b) user.xml
c) user.html
d) ???
i choose user.xml
Passed today with 926/1000. Thanks to God & all others who have shared their experience here. The contributions of all have made the things easy.
There were about 4 new questions.
Hello Zahoor what dumps did you use to study
thank you.
4. After providing the correct VPN login credentials, user, contractor1, is enabled to use which VPN access type?
a. Cisco Any Connect VPN
b. Clientless VPN
c. Cisco Any Connect VPN and clientless VPN
d. Cisco Any Connect VPN, clientless VPN, and IPsec VPN
AN: a
Hi Zahoor
congrats, do u happen to know the 4 new questions and would u like to share with us please?
Hi guys, just got this output when turning on my ASA 5505
“””i2c_read_word_w_wait() error, slot = 0×0, device = 0×64, address = 134 byte count = 2. Reason: I2C_UNPOPULATED_ERROR “”””
Could you please help out???
Thanks,
pls confirm which dumps are valid and where it is availabe?
hi to all!
I’m reviewing the 80q(by augies) dump, are practically correct, but i want to mention one incorrect question in all dumps:
Q:After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?
A. IPsec user profile
B. Crypto Map
C. Group Policy
D. IPsec policy
E. IKE policy
In all dumps that i reviewed the correct answer is D, but if you look the page 524 of the official Cert Guide you can see the following link in the ASDM to tune IPsec policy:
Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPsec > Crypto Maps
Based on this the correct answer is the option B. Crypto Map.
Thanks to all for share!
Passed today with 906/1000. 5-6 new questions . 1 of them was for DPD-dead peer detection !
Thank you all for the help and good luck
@Anonymous: Which dumps did you use? what about Hotspot & Simulation?
can anyone share Official Study Guide?
please please please