Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 6

An internet-based VPN solution is being considered to replace an existing private WAN
connecting remote offices. A multimedia application is used that relies on multicast for
communication. Which two VPN solutions meet the application's network requirement?


Options are :

  • FlexVPN
  • Crypto-map based Site-to-Site IPsec VPNs
  • AnyConnect VPN
  • Group Encrypted Transport VPN

Answer : FlexVPN

ICND1 100-105 Certification Practice Tests Set 2

Which technology does a multipoint GRE interface require to resolve endpoints?


Options are :

  • dynamic routing
  • ESP
  • NHRP

Answer : NHRP

Refer to the exhibit.

Which VPN solution does this configuration represent?


Options are :

  • site-to-site
  • FlexVPN
  • GETVPN
  • DMVPN

Answer : FlexVPN

What URL do you use to download a packet capture file in a format which can be used by a
packet analyzer?


Options are :

  • . ftp:///capture//
  • . https:////pcap
  • https:///admin/capture//pcap
  • https:////

Answer : https:///admin/capture//pcap

Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 3

Which algorithm provides both encryption and authentication for data plane
communication?


    Options are :

    • SHA-384
    • . SHA-96
    • AES-GCM

    Answer : AES-GCM

    Which types of SSO functionality are available on the Cisco ASA without any external
    SSO servers?


    Options are :

    • Kerberos
    • SAML
    • HTTP POST

    Answer : Kerberos

    What are variables for configuring clientless SSL VPN single sign-on? 


    Options are :

    • CSCO_WEBVPN_RADIUS_USER
    • CSCO_WEBVPN_OTP_PASSWORD
    • CSCO_WEBVPN_INTERNAL_PASSWORD

    Answer : CSCO_WEBVPN_INTERNAL_PASSWORD

    200-105 Interconnecting Cisco Networking Devices Part Exam Set 2

    Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN
    users?


    Options are :

    • Cisco AnyConnect Customization
    • banner message
    • Trusted Network Detection
    • Datagram Transport Layer Security

    Answer : Trusted Network Detection

    Refer to the exhibit.

    The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug
    output, which type of mismatch might be the problem?


    Options are :

    • PSK
    • peer identity
    • crypto policy

    Answer : peer identity

    A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot
    establish the connection. Which three commands can be used for troubleshooting of the
    AAA subsystem? 


    Options are :

    • debug vpn authorization error
    • debug ssl error
    • debug webvpn aaa
    • debug aaa authentication

    Answer : debug aaa authentication

    100-105 Net Cert Interconnecting Cisco Networking Exam Set 8

    Which statement about the hub in a DMVPN configuration with iBGP is true?


    Options are :

    • It must be in a different AS.
    • It must be a route reflector client.
    • It must redistribute EIGRP from the spokes
    • t must be a route reflector.

    Answer : t must be a route reflector.

    Which VPN type can be used to provide secure remote access from public internet cafes
    and airport kiosks?


    Options are :

    • site-to-site
    • business-to-business
    • DMVPN
    • Clientless SSL

    Answer : Clientless SSL

    Which protocol must be enabled on the inside interface to use cluster encryption in SSL
    VPN load balancing?


    Options are :

    • TLS
    • DTLS
    • ISAKMP
    • IKEv2

    Answer : ISAKMP

    210-065 Implementing Cisco Video Network Devices Exam Set 3

    Which protocols does the Cisco AnyConnect client use to build multiple connections to the
    security appliance?


    Options are :

    • SSH over TCP
    • L2TP over IPsec
    • TLS and DTLS
    • IKEv1

    Answer : TLS and DTLS

    Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? 


    Options are :

    • ip:interface-config=ip src route
    • ip:interface-config=ip next hop
    • ip:interface-config=ip unnumbered loobackn

    Answer : ip:interface-config=ip unnumbered loobackn

    Which activities does the Key Server perform in a GETVPN deployment?


    Options are :

    • authenticates group members
    • receives policy/keys
    • encrypts endpoint traffic
    • creates group keys

    Answer : authenticates group members

    200-310 Designing for Cisco Inter network Solutions Exam Set 1

    Which parameters must match on all routers in a DMVPN Phase 3 cloud? 


    Options are :

    • . NHRP network ID
    • EIGRP split-horizon setting
    • tunnel VRF
    • EIGRP process name

    Answer : . NHRP network ID

    Where do you configure AnyConnect certificate-based authentication in ASDM?


    Options are :

    • group policies
    • . Advanced Network (Client) Access
    • AnyConnect Client Profile
    • AnyConnect Connection Profile

    Answer : AnyConnect Connection Profile

    Which statement is true when implementing a router with a dynamic public IP address in a
    crypto map based site-to-site VPN?


    Options are :

    • The tunnel establishment will fail if the router is configured as a responder only.
    • Certificates are always used for phase 1 authentication.
    • The router must be configured with a dynamic crypto map.

    Answer : The tunnel establishment will fail if the router is configured as a responder only.

    Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 1

    Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?


    Options are :

    • . show crypto ikev2 sa
    • show crypto isakmp sa
    • show crypto ipsec sa

    Answer : . show crypto ikev2 sa

    Which statement regarding GET VPN is true?


    Options are :

    • When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server.
    • The configuration that defines which traffic to encrypt is present only on the key server.
    • TEK rekeys can be load-balanced between two key servers operating in COOP.

    Answer : The configuration that defines which traffic to encrypt is present only on the key server.

    You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After
    issuing the debug crypto isakmp command on the headend router, you see the following
    output. What does this output suggest?
    1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0
    1d00h: ISAKMP (0:1); no offers accepted!
    1d00h: ISAKMP (0:1): SA not acceptable!
    1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at
    10.10.10.10


    Options are :

    • There is a mismatch in the ACL that identifies interesting traffic.
    • The transform set does not match on both sides.
    • ISAKMP is not enabled on the remote peer.
    • Phase 1 policy does not match on both sides.

    Answer : Phase 1 policy does not match on both sides.

    210-065 Implementing Cisco Video Network Devices Exam Set 4

    Which IKEv1 policy options must match on each peer when you configure an IPsec
    site-to-site VPN?


    Options are :

    • session lifetime
    • hash algorithm
    • priority number
    • PRF algorithm

    Answer : hash algorithm

    Which  are characteristics of GETVPN?


    Options are :

    • A key server is elected among all configured Group Members
    • The IP header of the encrypted packet is preserved
    • Unique encryption keys are computed for each Group Member

    Answer : The IP header of the encrypted packet is preserved

    Which option describes what address preservation with IPsec Tunnel Mode allows when
    GETVPN is used?


    Options are :

    • Tunnel Endpoint Discovery
    • stronger encryption methods
    • Network Address Translation of encrypted traffic
    • . traffic management based on original source and destination addresses

    Answer : . traffic management based on original source and destination addresses

    642-732 Conducting Cisco Unified Wireless Site Survey Exam Set 3

    Which algorithm provides both encryption and authentication for data plane
    communication?


    Options are :

    • AES-GCM
    • . SHA-96
    • SHA-384
    • AES-256

    Answer : AES-GCM

    Which command is used to determine how many GMs have registered in a GETVPN
    environment?


    Options are :

    • show crypto gdoi ks members
    • show crypto gdoi gm
    • . show crypto isakmp sa

    Answer : show crypto gdoi ks members

    The Cisco AnyConnect client is unable to download an updated user profile from the ASA
    headend using IKEv2. What is the most likely cause of this problem?


    Options are :

    • . User profile updates are not allowed with IKEv2.
    • IKEv2 is not enabled on the group policy
    • A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
    • Client Services is not enabled on the adaptive security appliance.

    Answer : A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.

    200-125 Cisco Certified Network Associate (CCNA) Exam Set 2

    Which two parameters help to map a VPN session to a tunnel group without using the
    tunnel-group list? 


    Options are :

    • certificate map
    • use gateway command
    • group-alias

    Answer : certificate map

    Which configurations are required for both IPsec VTI and crypto map-based VPNs?


    Options are :

    • tunnel interface
    • transform set
    • ACL that defines traffic to encrypt
    • dynamic routing protocol

    Answer : transform set

    Comment / Suggestion Section
    Point our Mistakes and Post Your Suggestions