Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?
A. shares a single profile between multiple tunnel interfaces
B. allows multiple authentication types to be used on the tunnel interface
C. shares a single profile between a tunnel interface and a crypto map
D. shares a single profile between IKEv1 and IKEv2
Answer: A
Q2. Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine?
A. Verify the trusted zone and cookies settings in your browser.
B. Make sure that you specified the URL correctly.
C. Try the URL from another operating system.
D. Move to the IPsec client.
Answer: A
Q3. Which benefit of FlexVPN is not offered by DMVPN using IKEv1?
A. Dynamic routing protocols can be configured.
B. IKE implementation can install routes in routing table.
C. GRE encapsulation allows for forwarding of non-IP traffic.
D. NHRP authentication provides enhanced security.
Answer: B
Q4. A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889?
A. auto applet download
B. port forwarding
C. web-type ACL
D. HTTP proxy
Answer: B
Q5. Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN users?
A. Trusted Network Detection
B. Datagram Transport Layer Security
C. Cisco AnyConnect Customization
D. banner message
Answer: A
Q6. Which Cisco firewall platform supports Cisco NGE?
A. FWSM
B. Cisco ASA 5505
C. Cisco ASA 5580
D. Cisco ASA 5525-X
Answer: D
Q7. A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic?
A. AES-128
B. RSA Certificates
C. SHA2-HMAC
D. 3DES
E. Diffie-Helman Key Generation
Answer: C
Q8. Refer to the exhibit.
What is the purpose of the given configuration?
A. Establishing a GRE tunnel.
B. Enabling IPSec to decrypt fragmented packets.
C. Resolving access issues caused by large packet sizes.
D. Adding the spoke to the routing table.
Answer: C
Q9. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp
Answer: C
Q10. Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?
A. DTLS
B. SCTP
C. DCCP
D. SRTP
Answer: A
Q11. What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes?
A. 1160 bytes
B. 1260 bytes
C. 1360 bytes
D. 1240 bytes
Answer: C
Q12. The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?
A. DAP is terminating the connection because IKEv2 is the protocol that is being used.
B. The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
C. The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
D. The administrator is restricting access to this specific user.
E. The IKEv2 protocol is not enabled in the group policy of the VPN headend.
Answer: E
Q13. Refer to the exhibit.
You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?
A. HTTP proxy
B. AAA
C. policy
D. port forwarding
Answer: B
Q14. Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?
A. customization value dart
B. file-browsing enable
C. smart-tunnel enable dart
D. anyconnect module value dart
Answer: D
Q15. When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?
A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.
Answer: D