Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which hash algorithm is required to protect classified information?
A. MD5
B. SHA-1
C. SHA-256
D. SHA-384
Answer: D
Q2. Which option is a required element of Secure Device Provisioning communications?
A. the introducer
B. the certificate authority
C. the requestor
D. the registration authority
Answer: A
Q3. Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?
A. csd hostscan path image
B. csd hostscan image path
C. csd hostscan path
D. hostscan image path
Answer: B
Q4. Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and
a Cisco IOS router at a remote office?
A. vpnsetup site-to-site steps
B. show running-config crypto
C. show vpn-sessiondb l2l
D. vpnsetup ssl-remote-access steps
Answer: A
Q5. Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.)
A. It is compatible with IKEv1.
B. It has at minimum a nine-packet exchange.
C. It uses aggressive mode.
D. NAT traversal is included in the RFC.
E. It uses main mode.
F. DPD is defined in RFC 4309.
G. It allows for EAP authentication.
Answer: D,G
Q6. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)
A. key encryption key
B. group encryption key
C. user encryption key
D. traffic encryption key
Answer: A,D
Q7. Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.)
A. authentication
B. encryption
C. integrity
D. lifetime
Answer: B,C
Q8. Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface?
A. ip unnumbered interface
B. eigrp router-id
C. passive-interface interface name
D. ip split-horizon eigrp as number
Answer: A
Q9. As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which.technology should you use?
A. IPsec DVTI
B. FlexVPN
C. DMVPN
D. IPsec SVTI
E. GET VPN
Answer: E
Q10. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: A,B,G
Q11. Scenario
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.
Note: Not all screens or option selections are active for this exercise.
Topology
Default_Home
Which two networks will be included in the secured VPN tunnel? (Choose two.)
A. 10.10.0.0/16
B. All networks will be securely tunneled
C. Networks with a source of any4
D. 10.10.9.0/24
E. DMZ network
Answer: A,E
Explanation:
Navigate to the Configuration -> Remote Access -> Group Policies tab to observe the following:
Then, click on the DlftGrpPolicy to see the following:
On the left side, select “Split Tunneling” to get to this page:
Here you see that the Network List called “Inside Subnets” is being tunneled (secured). Select Manage to see the list of networks
Here we see that the 10.10.0.0/16 and DMZ networks are being secured over the tunnel.
Q12. Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?
A. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
B. IKEv2 sessions are not licensed.
C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
D. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.
Answer: B
Q13. Scenario
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.
Note: Not all screens or option selections are active for this exercise.
Topology
Default_Home
Which address range will be assigned to the AnyConnect users?
A. 10.10.15.40-50/24
B. 209.165.201.20-30/24
C. 192.168.1.100-150/24
D. 10.10.15.20-30/24
Answer: D
Explanation:
First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below:
C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png
Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below:
C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png
From here, click the Select button on the “VPN_Address_Pool” and you will see the following pools defined:
Here we see that the VPN_Address_Pool contains the IP address range of 10.10.15.20-10.10.15.30/24.
Q14. Refer to the exhibit.
Which authentication method was used by the remote peer to prove its identity?
A. Extensible Authentication Protocol
B. certificate authentication
C. pre-shared key
D. XAUTH
Answer: C
Q15. Which protocol supports high availability in a Cisco IOS SSL VPN environment?
A. HSRP
B. VRRP
C. GLBP
D. IRDP
Answer: A