Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 5

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?


Options are :

  • dynamic access policy attribute
  • group policy attributes
  • connection profile attributes

Answer : dynamic access policy attribute

Which technology is FlexVPN based on?


Options are :

  • IKEv2
  • VRF
  • OER

Answer : IKEv2

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 4

Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user
computers when a Cisco AnyConnect user logs in?


Options are :

  • customization value dart
  • file-browsing enable
  • anyconnect module value dart

Answer : anyconnect module value dart

Which benefit of FlexVPN is not offered by DMVPN using IKEv1?


Options are :

  • Dynamic routing protocols can be configured.
  • GRE encapsulation allows for forwarding of non-IP traffic
  • . IKE implementation can install routes in routing table.

Answer : . IKE implementation can install routes in routing table.

Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a
tunnel group in cleartext?


Options are :

  • show running-config crypto
  • more system:running-config
  • show running-config tunnel-group

Answer : more system:running-config

100-105 Net Cert Interconnecting Cisco Networking Exam Set 4

Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?


Options are :

  • AES
  • 3DES
  • DES
  • RSA

Answer : RSA

An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels.
Which configuration on the ASA will correctly limit the networks reachable to
209.165.201.0/27 and 209.165.202.128/27?


Options are :

  • access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist
  • group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
  • ccess-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelall split-tunnel-network-list value splitlist

Answer : access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224 ! group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist

If Web VPN bookmarks are grayed out on the home screen, which action should you take
to begin troubleshooting?


Options are :

  • Determine whether the Cisco ASA can resolve the DNS names
  • Determine whether an ACL is present to permit DNS forwarding.
  • Determine whether the Cisco ASA has DNS forwarders set up

Answer : Determine whether the Cisco ASA can resolve the DNS names

200-125 Cisco Certified Network Associate (CCNA) Exam Set 6

Which Cisco ASDM option configures forwarding syslog messages to email?


Options are :

  • Configuration > Device Management > E-Mail Setup > Logging Enabl
  • Configuration > Device Management > Logging > E-Mail Setup

Answer : Configuration > Device Management > Logging > E-Mail Setup

Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec
Site-to-Site VPN Wizard?


Options are :

  • he local interface from which traffic originates
  • the local interface named "VPN_access"
  • the local interface configured with crypto enable

Answer : the local interface configured with crypto enable

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN
session, the certificate has changed and the connection fails.
What is a possible cause of the connection failure?


Options are :

  • An invalid modulus was used to generate the initial key.
  • The VPN is using an expired certificate.
  • The Cisco ASA appliance was reloaded.

Answer : The Cisco ASA appliance was reloaded.

Cisco 100-101 Interconnecting Cisco Networking Devices Exam Set 3

Which protocol supports high availability in a Cisco IOS SSL VPN environment?


Options are :

  • VRRP
  • HSRP

Answer : HSRP

Refer to the exhibit.

An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB.
Which configuration error is causing the failure?


Options are :

  • An invalid administrative distance value was configured.
  • An invalid administrative distance value was configured.
  • IKEv2 routing requires certificate authentication, not pre-shared keys.

Answer : An invalid administrative distance value was configured.

Which technology can you implement to reduce latency issues associated with a Cisco
AnyConnect VPN


Options are :

  • SCTP
  • DCCP
  • SRTP
  • DTLS

Answer : DTLS

210-065 Implementing Cisco Video Network Devices Exam Set 1

Which command configures IKEv2 symmetric identity authentication?


Options are :

  • authentication pre-share
  • authentication remote rsa-sig
  • match identity remote address 0.0.0.0
  • authentication local pre-share

Answer : authentication remote rsa-sig

Regarding licensing, which option will allow IKEv2 connections on the adaptive security
appliance?


Options are :

  • The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
  • AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
  • IKEv2 sessions are not licensed.

Answer : IKEv2 sessions are not licensed.

What are benefits of deploying a GET VPN? 


Options are :

  • It provides highly scalable point-to-point topologies.
  • It is suited for enterprises running over a DMVPN network.
  • . It allows replication of packets after encryption.

Answer : . It allows replication of packets after encryption.

210-065 Implementing Cisco Video Network Devices Exam Set 2

Refer to the exhibit.

Which type of VPN implementation is displayed?


Options are :

  • IKEv2 load balancer
  • IKEv2 reconnect
  • IKEv1 cluster

Answer : IKEv2 load balancer

Refer to the exhibit.

Which VPN solution does this configuration represent?


Options are :

  • FlexVPN
  • GETVPN
  • site-to-site
  • DMVPN

Answer : FlexVPN

Refer to the exhibit.

Which VPN solution does this configuration represent?


Options are :

  • SSL VPN
  • IPsec
  • L2TP
  • Cisco AnyConnect

Answer : IPsec

642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 3

Which type of NHRP packet is unique to Phase 3 DMVPN topologies?


Options are :

  • resolution reply
  • resolution request
  • redirect

Answer : redirect

The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following
error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?


Options are :

  • DAP is terminating the connection because IKEv2 is the protocol that is being used.
  • The IKEv2 protocol is not enabled in the group policy of the VPN headend.
  • The administrator is restricting access to this specific user.

Answer : The IKEv2 protocol is not enabled in the group policy of the VPN headend.

In the Cisco ASDM interface, where do you enable the DTLS protocol setting?


Options are :

  • Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit
  • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit
  • . Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy
  • Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client

Answer : Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client

200-125 CCNA Cisco Certified Network Associate Test Set 1