Which two are characteristics of GETVPN?
Which two are characteristics of GETVPN? (Choose two.) A. The IP header of the encrypted packet is preserved B. A key server is elected among all configured Group Members C.
A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) A. crypto ikev2 keyring
Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) A. authenticates group members B. manages security policy C. creates group keys D. distributes policy/keys E.
Where is split-tunneling defined for remote access clients on an ASA? A. Group-policy B. Tunnel-group C. Crypto-map D. Web-VPN Portal E. ISAKMP client Correct Answer: A
Which of the following could be used to configure remote access VPN Host-scan and pre-login policies? A. ASDM B. Connection-profile CLI command C. Host-scan CLI command under the VPN group
In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces? A. interface virtual-template number
Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) A. key encryption key B. group encryption key C. user encryption key D. traffic encryption key
What are the three primary components of a GET VPN network? (Choose three.) A. Group Domain of Interpretation protocol B. Simple Network Management Protocol C. server load balancer D. accounting
Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) A. priority number B. hash algorithm C. encryption algorithm D. session
Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) A. authentication B. encryption C. integrity D. lifetime Correct Answer: BC
In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require? A. Virtual tunnel interface B. Multipoint GRE interface C. Point-to-point GRE interface D. Loopback interface Correct
Which three settings are required for crypto map configuration? (Choose three.) A. match address B. set peer C. set transform-set D. set security-association lifetime E. set security-association level per-host F.
A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port
Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. What is a possible cause of the connection
When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies? A. dynamic access policy attributes B. group policy attributes C. connection profile attributes D.
What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.) A. CSCO_WEBVPN_OTP_PASSWORD B. CSCO_WEBVPN_INTERNAL_PASSWORD C. CSCO_WEBVPN_USERNAME D. CSCO_WEBVPN_RADIUS_USER Correct Answer: BC
Which three plugins are available for clientless SSL VPN? (Choose three.) A. CIFS B. RDP2 C. SSH D. VNC E. SQLNET F. ICMP Correct Answer: BCD
Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration? A. migrate remote-access ssl overwrite
Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? A. The Cisco AnyConnect Secure Mobility Client must be installed in flash. B. A SiteMinder
Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.) A. The client initiates a VPN connection upon detection
Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? A. appl ssh putty.exe win B. appl ssh putty.exe windows C. appl ssh putty D. appl ssh putty.exe Correct
Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.) A. IKEv1 B. IKEv2 C. SSL client D. SSL clientless E. ESP
A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would
Which Cisco ASDM option configures forwarding syslog messages to email? A. Configuration > Device Management > Logging > E-Mail Setup B. Configuration > Device Management > E-Mail Setup > Logging
Which Cisco ASDM option configures WebVPN access on a Cisco ASA? A. Configuration > WebVPN > WebVPN Access B. Configuration > Remote Access VPN > Clientless SSL VPN Access C.
A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 188.8.131.52 through a Cisco ASA. Which two features and commands will help troubleshoot the
A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks? A. Configure
An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN
A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? A. AES-128 B. RSA Certificates
Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) A. SHA-512 B. SHA-256 C. SHA-192 D. SHA-380 E. SHA-192 F. SHA-196 Correct Answer: AB
Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN? A. The router must be configured with a dynamic
Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.) A. The VPN server must have a self-signed certificate. B. A SSL group pre-shared
Which two features are required when configuring a DMVPN network? (Choose two.) A. Dynamic routing protocol B. GRE tunnel interface C. Next Hop Resolution Protocol D. Dynamic crypto map E.
Which are two main use cases for Clientless SSL VPN? (Choose two.) A. In kiosks that are part of a shared environment B. When the users do not have admin
Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage? A. NHRP Event Publisher B. interface state control C. CAC
Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations? A. FlexVPN B. DMVPN C. GET VPN D. SSL VPN Correct Answer: A
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices? A. IKEv2 Suite-B B. IKEv2 proposals C. IKEv2 profiles D. IKEv2 Smart Defaults Correct Answer: D
When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption? A. ACL B. IP routing C. RRI D. front door VPN routing and forwarding Correct Answer: B
A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used
You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template? A. tunnel protection ipsec B. ip virtual-reassembly