Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?
A. Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging"
B. Configure logging using commands "logging on", "logging buffered 6", and check for fan failure logs using "show logging"
C. Configure logging using commands "logging on", "logging discriminator msglog1 console 7", and check for fan failure logs using "show logging"
D. Configure logging using commands "logging host 10.11.10.11", "logging trap 2", and check for fan failure logs at the syslog server 10.11.10.11
Answer: A
Q2. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?
A. group 10
B. group 24
C. group 5
D. group 20
Answer: D
Q3. Refer to the exhibit.
An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem?
A. IPsec will not work in conjunction with a group URL.
B. The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this.
C. If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group).
D. A new XML profile should be created instead of modifying the existing profile, so that the clients force the update.
Answer: C
Q4. Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?
A. TLS and DTLS
B. IKEv1
C. L2TP over IPsec
D. SSH over TCP
Answer: A
Q5. You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?
A. show ip nhrp nhs detail
B. show ip nhrp tunnel
C. show ip nhrp incomplete
D. show ip nhrp incomplete tunnel tunnel_interface_number
Answer: A
Q6. What are two benefits of DMVPN Phase 3? (Choose two.)
A. Administrators can use summarization of routing protocol updates from hub to spokes.
B. It introduces hierarchical DMVPN deployments.
C. It introduces non-hierarchical DMVPN deployments.
D. It supports L2TP over IPSec as one of the VPN protocols.
Answer: A,B
Q7. Refer to the exhibit.
Which VPN solution does this configuration represent?
A. Cisco AnyConnect
B. IPsec
C. L2TP
D. SSL VPN
Answer: B
Q8. An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application's network requirement? (Choose two.)
A. FlexVPN
B. DMVPN
C. Group Encrypted Transport VPN
D. Crypto-map based Site-to-Site IPsec VPNs
E. AnyConnect VPN
Answer: A,B
Q9. Which option is an example of an asymmetric algorithm?
A. 3DES
B. IDEA
C. AES
D. RSA
Answer: D
Q10. A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud?
A. Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link.
B. Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed.
C. Configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.
D. Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface.
Answer: C
Q11. Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)
A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0
Answer: B,C,D
Q12. A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements?
A. Clientless SSLVPN
B. AnyConnect Client using SSLVPN
C. AnyConnect Client using IKEv2
D. FlexVPN Client
E. Windows built-in PPTP client
Answer: A
Q13. A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address
209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)
A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any
B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80
C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10
D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10
E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic
Answer: A,B
Q14. Remote users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal?
A. 1. Configure a static pat rule for TCP port 3389
2. Configure an inbound access-list to allow traffic from remote users to the servers
3. Assign this access-list rule to the group policy
B. 1. Configure a bookmark of the type http:// server-IP :3389
2. Enable Smart tunnel on this bookmark
3. Assign the bookmark to the desired group policy
C. 1. Configure a Smart Tunnel application list
2. Add the rdp.exe process to this list
3. Assign the Smart Tunnel application list to the desired group policy
D. 1. Upload an RDP plugin to the ASA
2. Configure a bookmark of the type rdp:// server-IP
3. Assign the bookmark list to the desired group policy
Answer: D
Q15. When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?
A. ACL
B. IP routing
C. RRI
D. front door VPN routing and forwarding
Answer: B