Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which cryptographic algorithms are a part of the Cisco NGE suite?
A. HIPPA DES
B. AES-CBC-128
C. RC4-128
D. AES-GCM-256
Answer: D
Explanation: Reference:
https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf
Q2. Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution?
A. AES-GCM and SHA-2
B. 3DES and DH
C. AES-CBC and SHA-1
D. 3DES and SHA-1
Answer: A
Q3. CORRECT TEXT
Answer: Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end
Q4. In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to-spoke communication? (Choose two.)
A. autosummary
B. split horizon
C. metric calculation using bandwidth
D. EIGRP address family
E. next-hop-self
F. default administrative distance
Answer: B,E
Q5. What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)
A. CSCO_WEBVPN_OTP_PASSWORD
B. CSCO_WEBVPN_INTERNAL_PASSWORD
C. CSCO_WEBVPN_USERNAME
D. CSCO_WEBVPN_RADIUS_USER
Answer: B,C
Q6. Refer to the exhibit.
You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate?
A. IKEv2 failed to establish a phase 2 negotiation.
B. The Crypto ACL is different on the peer device.
C. ISAKMP was unable to find a matching SA.
D. IKEv2 was used in aggressive mode.
Answer: B
Q7. Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?
A. DTLS
B. SCTP
C. DCCP
D. SRTP
Answer: A
Q8. An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?
A. Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
B. Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
C. Under the TNDPolicy XML section within the Local Preferences file on the client computer
D. Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA
Answer: C
Q9. As network consultant, you are asked.to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend?
A. DMVPN
B. FlexVPN
C. GET VPN
D. SSL VPN
Answer: B
Q10. Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?
A. customization value dart
B. file-browsing enable
C. smart-tunnel enable dart
D. anyconnect module value dart
Answer: D
Q11. To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?
A. Cisco IOS WebVPN customization template
B. Cisco IOS WebVPN customization general
C. web-access-hlp.inc
D. app-access-hlp.inc
Answer: A
Q12. Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and
a Cisco IOS router at a remote office?
A. vpnsetup site-to-site steps
B. show running-config crypto
C. show vpn-sessiondb l2l
D. vpnsetup ssl-remote-access steps
Answer: A
Q13. Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.
E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.
Answer: C,D
Q14. Which technology does a multipoint GRE interface require to resolve endpoints?
A. ESP
B. dynamic routing
C. NHRP
D. CEF
E. IPSec
Answer: C
Q15. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?
interfacE. Tunnel100
Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10
protected vrF. (none)
local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0)
current_peer 209.165.200.230 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836
#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211
#pkts compresseD. 0, #pkts decompresseD. 0
#pkts not compresseD. 0, #pkts compr. faileD. 0
#pkts not decompresseD. 0, #pkts decompress faileD. 0
#send errors 0, #recv errors 0
A. The VPN has established and is functioning normally.
B. There is an asymmetric routing issue.
C. The remote peer is not receiving encrypted traffic.
D. The remote peer is not able to decrypt traffic.
E. Packet corruption is occurring on the path between the two peers.
Answer: E