Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 2

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the
corporate FTP site with a Web browser. What is a possible reason for the failure?


Options are :

  • The user's FTP application is not supported.
  • The user's operating system is not supported.
  • The user is connecting to an IOS VPN gateway configured in Thin Client Mode
  • The user is connecting to an IOS VPN gateway configured in Tunnel Mode.

Answer : The user is connecting to an IOS VPN gateway configured in Thin Client Mode

ICND2 200-105 Certification Practice Tests Set 2

Which option is an example of an asymmetric algorithm?


Options are :

  • IDEA
  • AES
  • 3DES
  • None of the Above
  • RSA

Answer : RSA

What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN?


Options are :

  • disk1:/webvpn/{context name}/
  • nvram:/webvpn/{context name}/
  • disk0:/webvpn/{context name}/
  • flash:/webvpn/{context name}/

Answer : flash:/webvpn/{context name}/

A network administrator is configuring AES encryption for the ISAKMP policy on an IOS
router. Which two configurations are valid?


Options are :

  • crypto isakmp policy 10 encryption aes 192
  • crypto isakmp policy 10 encryption aes 254
  • crypto isakmp policy 10 encryption aes 196

Answer : crypto isakmp policy 10 encryption aes 192

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 5

Which configuration construct must be used in a FlexVPN tunnel?


Options are :

  • EAP configuration
  • IKEv2 profile
  • IKEv1 policy
  • multipoint GRE tunnel interface

Answer : IKEv2 profile

Which protocol does DTLS use for its transport?


Options are :

  • DDE
  • TCP
  • IMAP
  • UDP

Answer : UDP

Which configuration parameters are mandatory for an IKEv2 profile?


Options are :

  • . IKEv2 proposal
  • PKI certificate authority
  • IKEv2 policy
  • local authentication method

Answer : local authentication method

400-101 CCIE Routing and Switching Written Practice Exam Set 10

Which technology supports tunnel interfaces while remaining compatible with legacy VPN
implementations?


Options are :

  • GET VPN
  • FlexVPN
  • DMVPN
  • SSL VPN

Answer : FlexVPN

In FlexVPN, what is the role of a NHRP resolution request?


Options are :

  • It dynamically assigns VPN users to a group
  • It makes sure that each VPN spoke directly communicates with the hub
  • It blocks these entities from to directly communicating with each other
  • It allows these entities to directly communicate without requiring traffic to use an intermediate hop

Answer : It allows these entities to directly communicate without requiring traffic to use an intermediate hop

A company needs to provide secure access to its remote workforce. The end users use
public kiosk computers and a wide range of devices. They will be accessing only an
internal web application. Which VPN solution satisfies these requirements?


Options are :

  • AnyConnect Client using SSLVPN
  • FlexVPN Client
  • AnyConnect Client using IKEv2
  • Clientless SSLVPN

Answer : Clientless SSLVPN

400-101 CCIE Routing and Switching Written Practice Exam Set 12

In which situation would you enable the Smart Tunnel option with clientless SSL VPN?


Options are :

  • when a user has a nonsupported Java version installed
  • when IPsec should be used over SSL VPN
  • when a user is using an outdated version of a web browser
  • when an application is failing in the rewrite proces

Answer : when an application is failing in the rewrite proces

Which adaptive security appliance command can be used to see a generic framework of
the requirements for configuring a VPN tunnel between an adaptive security appliance and
a Cisco IOS router at a remote office?


Options are :

  • show vpn-sessiondb l2l
  • vpnsetup site-to-site steps
  • show running-config crypto

Answer : vpnsetup site-to-site steps

Refer to the exhibit.

Which VPN solution does this configuration represent?


Options are :

  • site-to-site
  • DMVPN
  • FlexVPN
  • GETVPN

Answer : GETVPN

200-125 Cisco Certified Network Associate (CCNA) Exam Set 5

When you configure IPsec VPN High Availability Enhancements, which technology does
Cisco recommend that you enable to make reconvergence faster?


Options are :

  • IP SLAs
  • EOT
  • VPN fast detection
  • periodic IKE keepalives

Answer : periodic IKE keepalives

Which option describes the purpose of the command show derived-config interface virtual-
access 1?


Options are :

  • It verifies that the virtual template created the tunnel interface.
  • It verifies that the virtual access interface is of type Ethernet.
  • It verifies that the virtual access interface is cloned correctly with per-user attributes.
  • It verifies that the virtual access interface is used to create the tunnel interface.

Answer : It verifies that the virtual access interface is cloned correctly with per-user attributes.

You have deployed new Cisco AnyConnect start before logon modules and set the
configuration to download modules before logon, but all client connections continue to use
the previous version of the module. Which action must you take to correct the problem?


Options are :

  • Define the modules for download in the group policy.
  • Configure a group policy to prompt the user to download the updated module.
  • Configure start before logon in the client profile.
  • Define the modules for download in the client profile.

Answer : Configure start before logon in the client profile.

Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 3

A private wan connection is suspected of intermittently corrupting data. Which technology
can a network administrator use to detect and drop the altered data traffic?


Options are :

  • RSA Certificates
  • SHA2-HMAC
  • AES-128

Answer : SHA2-HMAC

Which are two main use cases for Clientless SSL VPN?


Options are :

  • In kiosks that are part of a shared environment
  • To create VPN site-to-site tunnels in combination with remote access
  • When full tunneling is needed to support applications that use TCP, UDP, and ICMP

Answer : In kiosks that are part of a shared environment

Which hash algorithm is required to protect classified information?


Options are :

  • SHA-1
  • SHA-384
  • SHA-256
  • MD5

Answer : SHA-384

300-320 Designing Cisco Network Service Architectures Exam Set 3

Which VPN solution is best for a collection of branch offices connected by MPLS that
frequenty make VoIP calls between branches?


Options are :

  • site-to-site
  • Cisco AnyConnect
  • DMVPN
  • GETVPN

Answer : GETVPN

Refer to the exhibit.

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment.
Which action will allow the session to establish correctly?


Options are :

  • The address command on Router2 must be narrowed down to a /32 mask.
  • The local and remote keys on Router2 must be the same.
  • The local and remote keys on Router2 must be switched.
  • The pre-shared key must be altered to use only lowercase letters.

Answer : The local and remote keys on Router2 must be switched.

200-105 Interconnecting Cisco Networking Devices Part Exam Set 2

Which option is a possible solution if you cannot access a URL through clientless SSL VPN
with Internet Explorer, while other browsers work fine?


Options are :

  • Make sure that you specified the URL correctly.
  • Verify the trusted zone and cookies settings in your browser.
  • . Try the URL from another operating system.
  • Move to the IPsec client.

Answer : Verify the trusted zone and cookies settings in your browser.

Refer to the exhibit.

You have implemented an SSL VPN as shown. Which type of communication takes place
between the secure gateway R1 and the Cisco Secure ACS?


Options are :

  • AAA
  • port forwarding
  • policy
  • HTTP proxy

Answer : AAA

Which option is a required element of Secure Device Provisioning communications?


Options are :

  • the registration authority
  • the requestor
  • the certificate authority
  • the introducer

Answer : the introducer

200-105 Interconnecting Cisco Networking Devices Part Exam Set 7

Which changes must be made to migrate from DMVPN Phase 2 to Phase 3 when
EIGRP is configured?


Options are :

  • Add NHRP shortcuts on the hub.
  • Enable EIGRP next-hop-self on the hub.
  • Enable EIGRP split-horizon on the hub.
  • Disable EIGRP next-hop-self on the hub.

Answer : Enable EIGRP next-hop-self on the hub.

Which command enables the router to form EIGRP neighbor adjacencies with peers using
a different subnet than the ingress interface?


Options are :

  • . ip unnumbered interface
  • p split-horizon eigrp as number
  • passive-interface interface name
  • eigrp router-id

Answer : . ip unnumbered interface

In the Diffie-Hellman protocol, which type of key is the shared secret?


Options are :

  • a decryption key
  • a symmetric key
  • an encryption key
  • an asymmetric key

Answer : a symmetric key

200-125 Cisco Certified Network Associate (CCNA) Exam Set 1

In FlexVPN, what command can an administrator use to create a virtual template interface
that can be configured and applied dynamically to create virtual access interfaces?


Options are :

  • interface virtual-template number type tunnel
  • interface template number type virtual
  • interface virtual-template number type template

Answer : interface virtual-template number type tunnel

Refer to the exhibit.

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment.
Which action will allow the session to establish correctly?


Options are :

  • The local and remote keys on Router2 must be switched.
  • The address command on Router2 must be narrowed down to a /32 mask.
  • The pre-shared key must be altered to use only lowercase letters.
  • The local and remote keys on Router2 must be the same.

Answer : The local and remote keys on Router2 must be switched.

Which technologies are considered to be Suite B cryptography? 


Options are :

  • MD5
  • 3DES
  • SHA2

Answer : SHA2

100-105 Net Cert Interconnecting Cisco Networking Exam Set 7

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions