Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 4

When troubleshooting established clientless SSL VPN issues, which three steps should be
taken? 


Options are :

  • Clear the browser and Java cache.
  • Clear the browser history.
  • Collect the information from the computer event log.

Answer : Clear the browser and Java cache.

Which parameters are configured within an IKEv2 proposal on an IOS router? 


Options are :

  • lifetime
  • encryption
  • authentication
  • no

Answer : encryption

Refer to the exhibit.

Which authentication method was used by the remote peer to prove its identity?


Options are :

  • Extensible Authentication Protocol
  • pre-shared key
  • XAUTH
  • certificate authentication

Answer : pre-shared key

400-101 CCIE Routing and Switching Written Practice Exam Set 11

Which  configurations are prerequisites for stateful failover for IPsec? 


Options are :

  • The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
  • Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
  • Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
  • The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Answer : The IPsec configuration that is set up on the active device must be duplicated on the standby device.

Which transform set is contained in the IKEv2 default proposal?


Options are :

  • . aes-cbc-128, sha, group 5
  • 3des, md5, group 7
  • aes-cbc-192, sha256, group 14
  • 3des, sha1, group 1

Answer : . aes-cbc-128, sha, group 5

Which functionality is provided by L2TPv3 over FlexVPN?


Options are :

  • the extension of a Layer 3 domain across the FlexVPN
  • a secure backdoor for remote access users through the FlexVPN
  • . the extension of a Layer 2 domain across the FlexVPN
  • secure communication between servers on the FlexVPN

Answer : . the extension of a Layer 2 domain across the FlexVPN

210-065 Implementing Cisco Video Network Devices Exam Set 6

Which qualify as Next Generation Encryption integrity algorithms? 


Options are :

  • SHA-380
  • SHA-512
  • SHA-192
  • SHA-192

Answer : SHA-512

Where is split-tunneling defined for remote access clients on an ASA?


Options are :

  • Group-policy
  • Tunnel-group
  • Crypto-map

Answer : Group-policy

Which is used by GETVPN, FlexVPN and DMVPN?


Options are :

  • GRE
  • NHRP
  • ESP
  • MPLS

Answer : ESP

200-105 Inter connecting Cisco Networking Devices Exam Set 3

Which statements are true when designing a SSL VPN solution using Cisco
AnyConnect?


Options are :

  • The VPN server must have a self-signed certificate.
  • A SSL group pre-shared key must be configured on the server.
  • Server side certificate is optional if using AAA for client authentication.
  • The VPN IP address pool can overlap with the rest of the LAN networks.

Answer : The VPN IP address pool can overlap with the rest of the LAN networks.

Refer to the exhibit.

What is the purpose of the given configuration?


Options are :

  • Enabling IPSec to decrypt fragmented packets.
  • Establishing a GRE tunnel.
  • Resolving access issues caused by large packet sizes.

Answer : Resolving access issues caused by large packet sizes.

200-125 Cisco Certified Network Associate Practice Exam Set 3

An administrator desires that when work laptops are not connected to the corporate
network, they should automatically initiate an AnyConnect VPN tunnel back to
headquarters. Where does the administrator configure this?


Options are :

  • Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
  • Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
  • D. Via the svc trusted-network command under the global webvpn sub-configuration mode on
  • Under the TNDPolicy XML section within the Local Preferences file on the client computer

Answer : Under the TNDPolicy XML section within the Local Preferences file on the client computer

Which statements describe effects of the DoNothing option within the untrusted
network policy on a Cisco AnyConnect profile? (


Options are :

  • The always-on feature is enabled.
  • The client does not automatically initiate any VPN connectio
  • The client initiates a VPN connection upon detection of an untrusted network.
  • The client initiates a VPN connection upon detection of a trusted network.

Answer : The client initiates a VPN connection upon detection of an untrusted network.

In a spoke-to-spoke DMVPN topology, which type of interface does a branch router
require?


Options are :

  • Point-to-point GRE interface
  • Loopback interface
  • . Virtual tunnel interface
  • Multipoint GRE interface

Answer : Multipoint GRE interface

Cisco 210-060 Implement Collaboration Device Practice Exam Set 2

Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?


Options are :

  • group 24
  • group 20
  • group 5
  • group 10

Answer : group 20

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are
valid configuration constructs on a Cisco IOS router? 


Options are :

  • crypto ikev2 keyring keyring-name peer peer1 address 209.165.201.1 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2
  • crypto ikev2 map crypto-map-name set crypto ikev2 tunnel-group tunnel-group-name set crypto ikev2 transform-set transform-set-name
  • crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmac esp-aes esp-sha-hmac

Answer : crypto ikev2 keyring keyring-name peer peer1 address 209.165.201.1 255.255.255.255 pre-shared-key local key1 pre-shared-key remote key2

Which feature do you include in a highly available system to account for potential site
failures?


Options are :

  • geographical separation of redundant devices
  • hot/standby failover pairs
  • D. dual power supplies
  • Cisco ACE load-balancing with VIP

Answer : geographical separation of redundant devices

200-105 Interconnecting Cisco Networking Devices Part Exam Set 6

What action does the hub take when it receives a NHRP resolution request from a spoke
for a network that exists behind another spoke?


Options are :

  • The hub updates its own NHRP mapping.
  • The hub forwards the request to the destination spoke
  • The hub sends back a resolution reply to the requesting spoke.

Answer : The hub forwards the request to the destination spoke

Which command clears all Cisco AnyConnect VPN sessions?


Options are :

  • vpn-sessiondb logoff l2l
  • clear crypto isakmp sa
  • vpn-sessiondb logoff webvpn
  • vpn-sessiondb logoff anyconnect

Answer : vpn-sessiondb logoff anyconnect

Refer to the exhibit.

Which action is demonstrated by this debug output?


Options are :

  • . NHRP initial registration by a spoke.
  • Disabling of the DMVPN tunnel interface.
  • NHRP registration acknowledgement by the hub.

Answer : . NHRP initial registration by a spoke.

210-065 Implementing Cisco Video Network Devices Exam Set 2

Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?


Options are :

  • clear crypto map
  • clear configure crypto ipsec
  • clear configure crypto

Answer : clear configure crypto

A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address


Options are :

  • After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80
  • Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10
  • Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic

Answer : After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80

Which two types of authentication are supported when you use Cisco ASDM to configure
site-to-site IKEv2 with IPv6? (


Options are :

  • webAuth
  • XAUTH
  • . preshared key

Answer : . preshared key

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 1

Which two statements regarding IKEv2 are true per RFC 4306?


Options are :

  • It has at minimum a nine-packet exchange.
  • It is compatible with IKEv1.
  • NAT traversal is included in the RFC.

Answer : NAT traversal is included in the RFC.

Which statement about the hub in a DMVPN configuration with iBGP is true?


Options are :

  • It must redistribute EIGRP from the spokes.
  • It must be a route reflector.
  • It must be in a different AS.
  • It must be a route reflector client.

Answer : It must be a route reflector.

After completing a site-to-site VPN setup between two routers, application performance
over the tunnel is slow. You issue the show crypto ipsec sa command and see the following
output. What does this output suggest?
interfacE. Tunnel100
Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10
protected vrF. (none)
local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0)
current_peer 209.165.200.230 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836
#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211
#pkts compresseD. 0, #pkts decompresseD. 0
#pkts not compresseD. 0, #pkts compr. faileD. 0
#pkts not decompresseD. 0, #pkts decompress faileD. 0
#send errors 0, #recv errors 0


Options are :

  • The VPN has established and is functioning normally.
  • There is an asymmetric routing issue.
  • Packet corruption is occurring on the path between the two peers.

Answer : Packet corruption is occurring on the path between the two peers.

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 4

Which RADIUS attributes are needed for a VRF-aware FlexVPN hub? 


Options are :

  • ip:interface-config=ip unnumbered loobackn
  • ip:interface-config=ip next hop
  • ip:interface-config=ip src route

Answer : ip:interface-config=ip unnumbered loobackn



Refer to the exhibit.



Which type of VPN is being configured, based on the partial configuration snippet?


Options are :

  • GET VPN with dual group member
  • DMVPN with dual hub
  • GET VPN with COOP key server
  • FlexVPN backup gateway

Answer : GET VPN with COOP key server

What does NHRP stand for?


Options are :

  • Next Hub Routing Protocol
  • Next Hop Resolution Protoco
  • Next Hop Registration Protocol

Answer : Next Hop Resolution Protoco

Cisco CCNP Route 300-101 Practice Tests Set 5

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After
issuing the debug crypto ipsec command on the headend router, you see the following
output. What does this output suggest?
1d00h: IPSec (validate_proposal): transform proposal
(port 3, trans 2, hmac_alg 2) not supported
1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0
1d00h: ISAKMP (0:2) SA not acceptable


Options are :

  • Phase 1 policy does not match on both sides.
  • The crypto map is not applied on the remote peer.
  • ISAKMP is not enabled on the remote peer.
  • The Phase 2 transform set does not match on both sides.

Answer : The Phase 2 transform set does not match on both sides.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions