Get Full Version of the Exam Question No.211As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which technology should you use?IPsec DVTIFlexVPNDMVPNIPsec SVTIGET VPNCorrect Answer: E Question No.212Where do you configure AnyConnect certificate-based authentication in ASDM?group policiesAnyConnect Connection ProfileAnyConnect Client ProfileAdvanced Read more [...]
Get Full Version of the Exam Question No.201A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)split excludeuse of an XML profilefull tunnel by defaultsplit tunnelsplit includeCorrect Answer: AB Question No.202Which feature is a benefit of Dynamic Multipoint VPN?geographic filtering of spoke devicestranslation PATrotating wildcard preshared Read more [...]
Get Full Version of the Exam Question No.191A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?Configure logging using commands quot;logging onquot;, quot;logging buffered 4quot;, and check for fan failure logs using quot;show loggingquot;Configure logging using commands quot;logging onquot;, quot;logging buffered 6quot;, and check Read more [...]
Get Full Version of the Exam Question No.181Refer to the exhibit. You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?HTTP proxyAAApolicyport forwardingCorrect Answer: B Question No.182Refer to the exhibit. Which exchange does this debug output represent?IKE Phase 1IKE Phase 2symmetric key exchangecertificate exchangeCorrect Answer: A Question No.183Which two are characteristics Read more [...]
Get Full Version of the Exam Question No.151Which two operational advantages does GetVPN offer over site-to-site IPsec tunnel in a private MPLS-based core network? (Choose two.)Key servers perform encryption and decryption of all the data in the network, which allows for tight security policies.Traffic uses one VRF to encrypt data and a different on to decrypt data, which allows for multicast traffic isolation.GETVPN is tunnel-less, which allows any group Read more [...]
Get Full Version of the Exam Question No.171To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?Cisco IOS WebVPN customization templateCisco IOS WebVPN customization generalweb-access-hlp.incapp-access-hlp.incCorrect Answer: A Question No.172Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action can bring Read more [...]
Get Full Version of the Exam Question No.161Refer to the exhibit. When the user quot;contractorquot; Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?full restrictions (no Cisco ASDM, no CLI, no console access)full restrictions (no read, no write, no execute permissions)full restrictions (CLI show commands and Cisco ASDM monitoring permissions only)full access with no restrictionsCorrect Answer: D Question Read more [...]
Get Full Version of the Exam Question No.141Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes?quot;engineeringquot; Group Policyquot;contractorquot; Connection Profilequot;engineer1quot; AAA/Local UsersDfltGrpPolicy Group PolicyCorrect Answer: BExplanation: Read more [...]
Get Full Version of the Exam Question No.131Which option is an example of an asymmetric algorithm?3DESIDEAAESRSACorrect Answer: D Question No.132A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real- Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)Client#39;s public IP addressClient#39;s Read more [...]
Get Full Version of the Exam Question No.121You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?1d00h: IPSec (validate_proposal): transform proposal (port 3, trans 2, hmac_alg 2) not supported1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 1d00h: ISAKMP (0:2) SA not acceptablePhase 1 Read more [...]
Get Full Version of the Exam Question No.111Refer to the exhibit. A junior network engineer configured the corporate Cisco ASA appliance to accommodate a new temporary worker. For security reasons, the IT department wants to restrict the internal network access of the new temporary worker to the corporate server, with an IP address of After the junior network engineer finished the configuration, an IT security specialist tested the account of the Read more [...]