Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 1

Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?


Options are :

  • appl ssh putty.exe windows
  • appl ssh putty.exe win
  • appl ssh putty.exe
  • appl ssh putty

Answer : appl ssh putty.exe windows

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 2

Refer to the exhibit.

Which statements about the given configuration are true? 


Options are :

  • Defined PSK can be used by any IPSec peer.
  • Any router defined in group 2 will be allowed to connect.
  • It is a LAN-to-LAN VPN ISAKMP policy.

Answer : Defined PSK can be used by any IPSec peer.

Which cryptographic algorithms are approved to protect Top Secret information?


Options are :

  • HIPPA DES
  • AES-256
  • AES-128
  • RC4-128

Answer : AES-256

Which two features are required when configuring a DMVPN network?


Options are :

  • GRE tunnel interface
  • Dynamic routing protocol
  • IPsec encryption
  • . Dynamic crypto map

Answer : GRE tunnel interface

200-125 Cisco Certified Network Associate (CCNA) Exam Set 6

What are the three primary components of a GET VPN network? 


Options are :

  • accounting server
  • Simple Network Management Protocol
  • Simple Network Management Protocol
  • Group Domain of Interpretation protocol

Answer : Group Domain of Interpretation protocol

The network administrator is adding a new spoke, but the tunnel is not passing traffic. What
could cause this issue?


Options are :

  • There is no EIGRP configuration, and therefore the second tunnel is not working.
  • DMVPN is a point-to-point tunnel, so there can be only one spoke
  • The NHRP authentication is failing.

Answer : The NHRP authentication is failing.

Which of the following could be used to configure remote access VPN Host-scan and pre-
login policies?


Options are :

  • Pre-login-check CLI command
  • ASDM
  • Connection-profile CLI command
  • Host-scan CLI command under the VPN group policy

Answer : ASDM

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 1

Which two are features of GETVPN but not DMVPN and FlexVPN?


Options are :

  • design for use over public or private WAN
  • one IPsec SA for all encrypted traffic
  • sequence numbers that enable scalable replay checking
  • enabled use of ESP or AH

Answer : one IPsec SA for all encrypted traffic

Which three types of web resources or protocols are enabled by default on the Cisco ASA
Clientless SSL VPN portal?


Options are :

  • HTTP
  • VNC
  • ICA (Citrix)
  • RDP

Answer : HTTP

Refer to the exhibit.

Which technology does this configuration demonstrate?


Options are :

  • AnyConnect SSL over IPv4+IPv6
  • AnyConnect FlexVPN over IPv4+IPv6
  • AnyConnect FlexVPN IPv6 over IPv4
  • AnyConnect SSL IPv6 over IPv4

Answer : AnyConnect SSL over IPv4+IPv6

200-105 Inter connecting Cisco Networking Devices Exam Set 3

As network security architect, you must implement secure VPN connectivity among
company branches over a private IP cloud with any-to-any scalable connectivity.
Which technology should you use?


Options are :

  • DMVPN
  • GET VPN
  • FlexVPN
  • IPsec DVTI

Answer : GET VPN

Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish
an IKEv2 connection, while SSL works fine? 


Options are :

  • Verify that AnyConnect is enabled on the correct interface.
  • Verify that the primary protocol on the client machine is set to IPsec.
  • . Verify that ASDM and AnyConnect are not using the same port.
  • . Verify that ASDM and AnyConnect are not using the same port.

Answer : Verify that the primary protocol on the client machine is set to IPsec.

When an IPsec SVTI is configured, which technology processes traffic forwarding for
encryption?


Options are :

  • front door VPN routing and forwarding
  • IP routing
  • ACL
  • RRI

Answer : IP routing

ICND1 100-105 Certification Practice Tests Set 1

Which Cisco adaptive security appliance command can be used to view the count of all
active VPN sessions?


Options are :

  • show vpn-sessiondb summary
  • . show crypto ikev1 sa
  • show vpn-sessiondb ratio encryption
  • show crypto protocol statistics all

Answer : show vpn-sessiondb summary

Which VPN feature allows remote access clients to print documents to local network
printers?


Options are :

  • . Reverse Route Injection
  • loopback addressing
  • split tunneling

Answer : split tunneling

Refer to the exhibit.

Which technology is represented by this configuration?


Options are :

  • . AAA for FlexVPN
  • TACACS+ command authorization
  • AAA for EzVPN

Answer : . AAA for FlexVPN

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 1

Refer to the exhibit.

An administrator had the above configuration working with SSL protocol, but as soon as the
administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not
able to connect. What is the problem?


Options are :

  • The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this.
  • IPsec will not work in conjunction with a group URL.
  • If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group).

Answer : If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group).

Refer to the exhibit.

The customer can establish an AnyConnect connection on the first attempt only.
Subsequent attempts fail. What might be the issue?


Options are :

  • . UserGroup must be the same as the name of the connection profile.
  • The primary protocol should be SSL.
  • IKEv2 is blocked over the path.
  • UserGroup must be different than the name of the connection profile.

Answer : . UserGroup must be the same as the name of the connection profile.

A custom desktop application needs to access an internal server. An administrator is
tasked with configuring the company's SSL VPN gateway to allow remote users to work.
Which two technologies would accommodate the company's requirement?


Options are :

  • AnyConnect clien
  • Portal Customizations
  • Content Rewriter
  • Email Proxy

Answer : AnyConnect clien

200-310 Designing for Cisco Inter network Solutions Exam Set 4

Refer to the exhibit.

The customer needs to launch AnyConnect in the RDP machine. Which configuration is
correct?


Options are :

  • crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1 browser-attribute import test
  • crypto vpn anyconnect profile test flash:RDP.xml policy group default svc profile test
  • crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1 browser-attribute import flash:/swj.xml
  • crypto vpn anyconnect profile test flash:RDP.xml policy group default svc profile flash:RDP.xml

Answer : crypto vpn anyconnect profile test flash:RDP.xml policy group default svc profile test

You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which
command must you configure on the virtual template?


Options are :

  • ip unnumbered
  • tunnel protection ipsec
  • ip virtual-reassembly
  • tunnel mode ipsec

Answer : ip unnumbered

Which encryption and authentication algorithms does Cisco recommend when deploying a
Cisco NGE supported VPN solution?


Options are :

  • AES-CBC and SHA-1
  • 3DES and SHA-1
  • AES-GCM and SHA-2
  • 3DES and DH

Answer : AES-GCM and SHA-2

300-320 Designing Cisco Network Service Architectures Exam Set 3

Which option is most effective at preventing a remote access VPN user from bypassing the
corporate transparent web proxy?


Options are :

  • instructing users to use the corporate proxy server for all web browsing
  • using the proxy-server settings of the client computer to specify a PAC file for the client computer to download
  • disabling split tunneling
  • permitting local LAN access

Answer : disabling split tunneling

Which command specifies the path to the Host Scan package in an ASA AnyConnect
VPN?


Options are :

  • csd hostscan path
  • . csd hostscan imagepath
  • . csd hostscan path image

Answer : . csd hostscan imagepath

Which technology can rate-limit the number of tunnels on a DMVPN hub when system
utilization is above a specified percentage?


Options are :

  • NHRP Event Publisher
  • CAC
  • interface state control

Answer : CAC

210-065 Implementing Cisco Video Network Devices Exam Set 1

What are two benefits of DMVPN Phase 3? 


Options are :

  • It introduces non-hierarchical DMVPN deployments.
  • Administrators can use summarization of routing protocol updates from hub to spokes.
  • It supports L2TP over IPSec as one of the VPN protocols.

Answer : Administrators can use summarization of routing protocol updates from hub to spokes.

Refer to the exhibit.

Which two characteristics of the VPN implementation are evident? (


Options are :

  • DMVPN Phase 3 implementation
  • DMVPN Phase 1 implementation
  • dual DMVPN cloud setup with dual hub

Answer : DMVPN Phase 3 implementation

Which statements about the Cisco ASA Clientless SSL VPN smart tunnels feature are
true?


Options are :

  • Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses.
  • A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.
  • Smart tunnels require Administrative privileges to run on the client machine.

Answer : A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.

210-260 Implementing Cisco Network Security Practice Exam Set 7

A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users
can access file shares on a Microsoft Windows 2003 server. Which protocol is used
between the Cisco IOS router and the Windows server?


Options are :

  • HTTPS
  • NetBIOS
  • HTTP
  • CIFS

Answer : CIFS

Which *commands are included in the command show dmvpn detail? (


Options are :

  • show crypto ipsec sa detail
  • show ip nhrp nhs
  • show crypto sockets
  • show ip nhrp

Answer : show ip nhrp nhs

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions