web analytics

Which two are characteristics of GETVPN?

Which two are characteristics of GETVPN? (Choose two.) A. The IP header of the encrypted packet is preserved B. A key server is elected among all configured Group Members C.

Which two are valid configuration constructs on a Cisco IOS router?

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) A. crypto ikev2 keyring

Which four activities does the Key Server perform in a GETVPN deployment?

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) A. authenticates group members B. manages security policy C. creates group keys D. distributes policy/keys E.

Where is split-tunneling defined for remote access clients on an ASA?

Where is split-tunneling defined for remote access clients on an ASA? A. Group-policy B. Tunnel-group C. Crypto-map D. Web-VPN Portal E. ISAKMP client Correct Answer: A

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies? A. ASDM B. Connection-profile CLI command C. Host-scan CLI command under the VPN group

What command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces? A. interface virtual-template number

What is the role of a NHRP resolution request?

In FlexVPN, what is the role of a NHRP resolution request? A. It allows these entities to directly communicate without requiring traffic to use an intermediate hop B. It dynamically

What are three benefits of deploying a GET VPN?

What are three benefits of deploying a GET VPN? (Choose three.) A. It provides highly scalable point-to-point topologies. B. It allows replication of packets after encryption. C. It is suited

What is the default topology type for a GET VPN?

What is the default topology type for a GET VPN? A. point-to-point B. hub-and-spoke C. full mesh D. on-demand spoke-to-spoke Correct Answer: C

Which two GDOI encryption keys are used within a GET VPN network?

Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) A. key encryption key B. group encryption key C. user encryption key D. traffic encryption key

What are the three primary components of a GET VPN network?

What are the three primary components of a GET VPN network? (Choose three.) A. Group Domain of Interpretation protocol B. Simple Network Management Protocol C. server load balancer D. accounting

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN?

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) A. priority number B. hash algorithm C. encryption algorithm D. session

Which two parameters are configured within an IKEv2 proposal on an IOS router?

Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) A. authentication B. encryption C. integrity D. lifetime Correct Answer: BC

Which type of interface does a branch router require?

In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require? A. Virtual tunnel interface B. Multipoint GRE interface C. Point-to-point GRE interface D. Loopback interface Correct

Which three settings are required for crypto map configuration?

Which three settings are required for crypto map configuration? (Choose three.) A. match address B. set peer C. set transform-set D. set security-association lifetime E. set security-association level per-host F.

Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889?

A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port

What is a possible cause of the connection failure?

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. What is a possible cause of the connection

Where do you enable the DTLS protocol setting?

In the Cisco ASDM interface, where do you enable the DTLS protocol setting? A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit

What are two forms of SSL VPN?

What are two forms of SSL VPN? (Choose two.) A. port forwarding B. Full Tunnel Mode C. Cisco IOS WebVPN D. Cisco AnyConnect Correct Answer: CD

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies? A. dynamic access policy attributes B. group policy attributes C. connection profile attributes D.

What are two variables for configuring clientless SSL VPN single sign-on?

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.) A. CSCO_WEBVPN_OTP_PASSWORD B. CSCO_WEBVPN_INTERNAL_PASSWORD C. CSCO_WEBVPN_USERNAME D. CSCO_WEBVPN_RADIUS_USER Correct Answer: BC

Which file must you configure?

To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure? A. Cisco IOS WebVPN customization template B. Cisco IOS WebVPN

Which three plugins are available for clientless SSL VPN?

Which three plugins are available for clientless SSL VPN? (Choose three.) A. CIFS B. RDP2 C. SSH D. VNC E. SQLNET F. ICMP Correct Answer: BCD

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration? A. migrate remote-access ssl overwrite

Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?

Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? A. The Cisco AnyConnect Secure Mobility Client must be installed in flash. B. A SiteMinder

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile?

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.) A. The client initiates a VPN connection upon detection

Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?

Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? A. appl ssh putty.exe win B. appl ssh putty.exe windows C. appl ssh putty D. appl ssh putty.exe Correct

Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop?

Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.) A. IKEv1 B. IKEv2 C. SSL client D. SSL clientless E. ESP

Which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection?

A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would

Which Cisco ASDM option configures forwarding syslog messages to email?

Which Cisco ASDM option configures forwarding syslog messages to email? A. Configuration > Device Management > Logging > E-Mail Setup B. Configuration > Device Management > E-Mail Setup > Logging

Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

Which Cisco ASDM option configures WebVPN access on a Cisco ASA? A. Configuration > WebVPN > WebVPN Access B. Configuration > Remote Access VPN > Clientless SSL VPN Access C.

Which two features and commands will help troubleshoot the issue?

A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the

What troubleshooting steps would verify the issue without causing additional risks?

A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks? A. Configure

Which two VPN solutions meet the application’s network requirement?

An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN

Which technology can a network administrator use to detect and drop the altered data traffic?

A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? A. AES-128 B. RSA Certificates

Which VPN solution satisfies these requirements?

A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an

Which two configurations are valid?

A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) A. crypto isakmp policy 10 encryption aes 254

Which two qualify as Next Generation Encryption integrity algorithms?

Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) A. SHA-512 B. SHA-256 C. SHA-192 D. SHA-380 E. SHA-192 F. SHA-196 Correct Answer: AB

Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?

Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN? A. The router must be configured with a dynamic

Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect?

Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.) A. The VPN server must have a self-signed certificate. B. A SSL group pre-shared

Which two features are required when configuring a DMVPN network?

Which two features are required when configuring a DMVPN network? (Choose two.) A. Dynamic routing protocol B. GRE tunnel interface C. Next Hop Resolution Protocol D. Dynamic crypto map E.

What are two benefits of DMVPN Phase 3?

What are two benefits of DMVPN Phase 3? (Choose two.) A. Administrators can use summarization of routing protocol updates from hub to spokes. B. It introduces hierarchical DMVPN deployments. C.

Which are two main use cases for Clientless SSL VPN?

Which are two main use cases for Clientless SSL VPN? (Choose two.) A. In kiosks that are part of a shared environment B. When the users do not have admin

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage? A. NHRP Event Publisher B. interface state control C. CAC

Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?

Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations? A. FlexVPN B. DMVPN C. GET VPN D. SSL VPN Correct Answer: A

Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?

Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices? A. IKEv2 Suite-B B. IKEv2 proposals C. IKEv2 profiles D. IKEv2 Smart Defaults Correct Answer: D

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption? A. ACL B. IP routing C. RRI D. front door VPN routing and forwarding Correct Answer: B

What is a possible reason for the failure?

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the

Which protocol is used between the Cisco IOS router and the Windows server?

A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used

Which command must you configure on the virtual template?

You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template? A. tunnel protection ipsec B. ip virtual-reassembly