Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 3

In DMVPN phase 2, which  EIGRP features need to be disabled on the hub to allow
spoke-to-spoke communication? 


Options are :

  • metric calculation using bandwidth
  • split horizon
  • autosummary
  • EIGRP address family

Answer : split horizon

What are forms of SSL VPN? (


Options are :

  • Cisco IOS WebVPN
  • Full Tunnel Mode
  • none
  • . port forwarding

Answer : Cisco IOS WebVPN

Which DAP endpoint attribute checks for the matching MAC address of a client machine?


Options are :

  • device
  • process
  • BIA
  • antispyware

Answer : device

Cisco CCNP Route 300-101 Practice Tests Set 2

Which option is one component of a Public Key Infrastructure?


Options are :

  • TACACS+
  • Active Directory
  • RADIUS
  • the Registration Authority

Answer : the Registration Authority

Which parameters are specified in the isakmp (IKEv1) policy?


Options are :

  • the transform-set
  • the session key
  • the hashing algorithm
  • the peer

Answer : the hashing algorithm

Refer to the exhibit.

What technology does the given configuration demonstrate?


Options are :

  • . Keyring used to encrypt IPSec traffic
  • Crypto Policy to enable IKEv2
  • FlexVPN with AnyConnect
  • FlexVPN with IPV6

Answer : FlexVPN with IPV6

400-101 CCIE Routing and Switching Written Practice Exam Set 6

Which application does the Application Access feature of Clientless VPN support?


Options are :

  • TFTP
  • active FTP
  • VoIP
  • Telnet

Answer : Telnet

Which technology can provide high availability for an SSL VPN?


Options are :

  • certificate to tunnel group maps
  • a multiple-tunnel configuration
  • a Cisco ASA pair in active/passive failover configuration
  • DMVPN

Answer : a Cisco ASA pair in active/passive failover configuration

Which examples of transform sets are contained in the IKEv2 default proposal?


Options are :

  • . aes-cbc-192, sha256, 14
  • none
  • 3des, sha1, 1
  • 3des, md5, 5

Answer : 3des, md5, 5

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 4

Which statements about the Cisco ASA Clientless SSL VPN solution are true?


Options are :

  • Clientless SSLVPN provides Layer 3 connectivity into the secured network.
  • When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
  • The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
  • A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions

Answer : A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions

When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you
open a TAC case?


Options are :

  • Enable the WebVPN cache.
  • Collect a DART bundle.
  • Show applet Lifecycle exceptions.
  • Disable cookies.

Answer : Collect a DART bundle.

A spoke has Internet connections for failover. How can you achieve optimum failover
without affecting any other router in the DMVPN cloud?


    Options are :

    • Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link.
    • configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.
    • Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed.
    • Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface.

    Answer : configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.

    Cisco CCNP Route 300-101 Practice Tests Set 1

    Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL
    VPN?


    Options are :

    • no vpn-filter
    • . filter value none
    • vpn-filter none

    Answer : . filter value none

    Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an
    IOC SSL VPN?


    Options are :

    • The Cisco AnyConnect Secure Mobility Client must be installed in flash.
    • A Cisco plug-in must be installed on a SiteMinder server.
    • A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway.

    Answer : A Cisco plug-in must be installed on a SiteMinder server.

    Which remote access VPN methods in an ASA appliance provide support for Cisco
    Secure Desktop?


    Options are :

    • ESP
    • L2TP
    • IKEv2
    • IKEv1

    Answer : IKEv2

    200-125 CCNA Cisco Certified Network Associate Test Set 3

    What is the problem with the IKEv2 site-to-site VPN tunnel?


    Options are :

    • . incorrect PSK
    • incorrect tunnel group
    • crypto access list mismatch
    • crypto policy mismatch

    Answer : crypto access list mismatch

    Which type of communication in a FlexVPN implementation uses an NHRP shortcut?


    Options are :

    • spoke to hub
    • . hub to spoke
    • spoke to spoke

    Answer : spoke to spoke

    Refer to the exhibit.

    Which exchange does this debug output represent?


    Options are :

    • IKE Phase 1
    • IKE Phase 2
    • certificate exchange
    • symmetric key exchange

    Answer : IKE Phase 1

    200-125 Cisco Certified Network Associate Practice Exam Set 6

    Which protocol can be used for better throughput performance when using Cisco
    AnyConnect VPN?


    Options are :

    • DTLSv1
    • TLSv1.2
    • TLSv1
    • TLSv1.1

    Answer : DTLSv1


    Refer to the exhibit.

    An administrator is adding IPv6 addressing to an already functioning tunnel. The
    administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which
    configuration needs to be added or changed?


    Options are :

    • NHRP needs to be configured to provide NBMA mapping.
    • No configuration change is necessary. Everything is working correctly.
    • Tunnel mode needs to be changed to GRE IPv6.
    • . OSPFv3 needs to be configured on the interface.

    Answer : Tunnel mode needs to be changed to GRE IPv6.

    To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file
    must you configure?


    Options are :

    • web-access-hlp.inc
    • Cisco IOS WebVPN customization template
    • Cisco IOS WebVPN customization general
    • app-access-hlp.inc

    Answer : Cisco IOS WebVPN customization template

    ICND2 200-105 Certification Practice Tests Set 1

    A network is configured to allow clientless access to resources inside the network. Which
    feature must be enabled and configured to allow SSH applications to respond on the
    specified port 8889?


    Options are :

    • port forwarding
    • auto applet download
    • HTTP proxy
    • web-type ACL

    Answer : port forwarding

    Refer to the exhibit.

    A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA
    devices. Based on the syslog message, which action can bring up the VPN tunnel?


    Options are :

    • Remove the maximum SA limit on the remote Cisco ASA.
    • Increase the maximum SA limit on the local Cisco ASA
    • Correct the crypto access list on both Cisco ASA devices.

    Answer : Increase the maximum SA limit on the local Cisco ASA

    On which Cisco platform are dynamic virtual template interfaces available?


    Options are :

    • Cisco Catalyst 3750X
    • Cisco Adaptive Security Appliance 5585-X
    • Cisco Integrated Services Router Generation 2
    • Cisco Nexus 7000

    Answer : Cisco Integrated Services Router Generation 2

    Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 4

    Which GDOI encryption keys are used within a GET VPN network?


    Options are :

    • user encryption key
    • . key encryption key
    • group encryption key

    Answer : . key encryption key

    You are troubleshooting a DMVPN NHRP registration failure. Which command can you use
    to view request counters?


    Options are :

    • show ip nhrp nhs detail
    • show ip nhrp incomplete tunnel tunnel_interface_number
    • show ip nhrp incomplete
    • show ip nhrp tunnel

    Answer : show ip nhrp nhs detail

    Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco
    ASA appliance that has an invalid IKEv2 configuration?


    Options are :

    • migrate remote-access ssl overwrite
    • migrate remote-access ssl
    • migrate remote-access ikev2
    • migrate l2l

    Answer : migrate remote-access ssl overwrite

    Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 1

    Which technology must be installed on the client computer to enable users to launch
    applications from a Clientless SSL VPN?


    Options are :

    • Flash
    • Java
    • Silverlight
    • QuickTime plug-in

    Answer : Java

    Remote users want to access internal servers behind an ASA using Microsoft terminal
    services. Which option outlines the steps required to allow users access via the ASA
    clientless VPN portal?


    Options are :

    • 1. Configure a bookmark of the type http:// server-IP :3389 2. Enable Smart tunnel on this bookmark 3. Assign the bookmark to the desired group policy
    • 1. Configure a static pat rule for TCP port 3389 2. Configure an inbound access-list to allow traffic from remote users to the servers 3. Assign this access-list rule to the group policy
    • 1. Upload an RDP plugin to the ASA 2. Configure a bookmark of the type rdp:// server-IP 3. Assign the bookmark list to the desired group policy

    Answer : 1. Upload an RDP plugin to the ASA 2. Configure a bookmark of the type rdp:// server-IP 3. Assign the bookmark list to the desired group policy

    Which statements comparing ECC and RSA are true?


    Options are :

    • ECC cannot have the same security as RSA, even with an increased key size.
    • ECC can have the same security as RSA but with a shorter key size.
    • ECC lags in performance when compared with RSA.
    • Key generation in ECC is slower and less CPU intensive.

    Answer : ECC can have the same security as RSA but with a shorter key size.

    200-125 Cisco Certified Network Associate Practice Exam Set 7

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions