Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.)
A. The VPN server must have a self-signed certificate.
B. A SSL group pre-shared key must be configured on the server.
C. Server side certificate is optional if using AAA for client authentication.
D. The VPN IP address pool can overlap with the rest of the LAN networks.
E. DTLS can be enabled for better performance.
Answer: D,E
Q2. Which two types of authentication are supported when you use Cisco ASDM to configure site-to-site IKEv2 with IPv6? (Choose two.)
A. preshared key
B. webAuth
C. digital certificates
D. XAUTH
E. EAP
Answer: A,C
Q3. Refer to the exhibit.
After the configuration is performed, which combination of devices can connect?
A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com"
B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com"
C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com"
D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com"
Answer: D
Q4. In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?
A. interface virtual-template number type template
B. interface virtual-template number type tunnel
C. interface template number type virtual
D. interface tunnel-template number
Answer: B
Explanation:
Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A
Configuring the Virtual Tunnel Interface on FlexVPN Spoke
SUMMARY STEPS
1. enable
2. configure terminal
3. interface virtual-template number type tunnel
4. ip unnumbered tunnel number
5. ip nhrp network-id number
6. ip nhrp shortcut virtual-template-number
7. ip nhrp redirect [timeout seconds]
8. exit
Q5. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)
A. HTTP
B. VNC
C. CIFS
D. RDP
E. HTTPS
F. ICA (Citrix)
Answer: A,C,E
Q6. Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?
A. clear configure crypto
B. clear configure crypto ipsec
C. clear crypto map
D. clear crypto ikev2 sa
Answer: A
Q7. What must be enabled in the web browser of the client computer to support Clientless SSL VPN?
A. cookies
B. ActiveX
C. Silverlight
D. popups
Answer: A
Q8. Which are two main use cases for Clientless SSL VPN? (Choose two.)
A. In kiosks that are part of a shared environment
B. When the users do not have admin rights to install a new VPN client
C. When full tunneling is needed to support applications that use TCP, UDP, and ICMP
D. To create VPN site-to-site tunnels in combination with remote access
Answer: A,B
Q9. You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?
A. Configure start before logon in the client profile.
B. Configure a group policy to prompt the user to download the updated module.
C. Define the modules for download in the client profile.
D. Define the modules for download in the group policy.
Answer: A
Q10. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?
A. TLS
B. DTLS
C. IKEv2
D. ISAKMP
Answer: D
Q11. Refer to the exhibit.
Which exchange does this debug output represent?
A. IKE Phase 1
B. IKE Phase 2
C. symmetric key exchange
D. certificate exchange
Answer: A
Q12. Which VPN feature allows remote access clients to print documents to local network printers?
A. Reverse Route Injection
B. split tunneling
C. loopback addressing
D. dynamic virtual tunnels
Answer: B
Q13. Refer to the exhibit.
Which authentication method was used by the remote peer to prove its identity?
A. Extensible Authentication Protocol
B. certificate authentication
C. pre-shared key
D. XAUTH
Answer: C
Q14. When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.)
A. Clear the browser history.
B. Clear the browser and Java cache.
C. Collect the information from the computer event log.
D. Enable and use HTML capture tools.
E. Gather crypto debugs on the adaptive security appliance.
F. Use Wireshark to capture network traffic.
Answer: B,E,F
Q15. Refer to the exhibit.
Which VPN solution does this configuration represent?
A. DMVPN
B. GETVPN
C. FlexVPN
D. site-to-site
Answer: C