Cisco 300-209 Implementing Secure Mobility Solutions Exam Set 7

A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing
traffic to be blackholed. Which command should be used to identify the peer from which
that route originated?


Options are :

  • show crypto route
  • show crypto ikev2 sa detail
  • show crypto ikev2 client flexvpn

Answer : show crypto route

ICND2 200-105 Certification Practice Tests Set 1

Which alogrithm is an example of asymmetric encryption?


Options are :

  • RC4
  • 3DES
  • ECDSA
  • AES

Answer : ECDSA

Which protocol must be enabled on the inside interface to use cluster encryption in SSL
VPN load balancing?


Options are :

  • IKEv2
  • TLS
  • DTLS
  • ISAKMP

Answer : ISAKMP

Which PKI enrollment method allows the user to separate authentication and enrollment
actions and also provides an option to specify HTTP/TFTP commands to perform file
retrieval from the server?


Options are :

  • enrollment url
  • enrollment profile
  • enrollment selfsigned
  • enrollment terminal

Answer : enrollment profile

400-101 CCIE Routing and Switching Written Practice Exam Set 1

As network consultant, you are asked to suggest a VPN technology that can support a
multivendor environment and secure traffic between sites. Which technology should you
recommend?


Options are :

  • DMVPN
  • GET VPN
  • SSL VPN
  • FlexVPN

Answer : FlexVPN

Which feature is enabled by the use of NHRP in a DMVPN network?


Options are :

  • EIGRP redistribution
  • BGP multiaccess
  • host to NBMA resolution
  • host routing with Reverse Route Injection

Answer : host to NBMA resolution

Which configuration is used to build a tunnel between a Cisco ASA and ISR?


Options are :

  • crypto map
  • DMVPN
  • GET VPN
  • GRE with IPsec

Answer : crypto map

300-101 Implementing Cisco IP Routing (ROUTE) Practice Exam Set 1

The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following
error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?


Options are :

  • None
  • The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
  • DAP is terminating the connection because IKEv2 is the protocol that is being used.
  • The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
  • The IKEv2 protocol is not enabled in the group policy of the VPN headend.

Answer : The IKEv2 protocol is not enabled in the group policy of the VPN headend.

Which Cisco firewall platform supports Cisco NGE?


Options are :

  • Cisco ASA 5525-X
  • Cisco ASA 5580
  • FWSM
  • Cisco ASA 5505

Answer : Cisco ASA 5525-X

Refer to the exhibit.

Which type of mismatch is causing the problem with the IPsec VPN tunnel?


Options are :

  • PSK
  • crypto access list
  • transform set
  • . Phase 1 policy

Answer : PSK

200-105 Inter connecting Cisco Networking Devices Exam Set 5

A Cisco router may have a fan issue that could increase its temperature and trigger a
failure. What troubleshooting steps would verify the issue without causing additional risks?


Options are :

  • Configure logging using commands "logging host 10.11.10.11", "logging trap 2", and check for fan failure logs at the syslog server 10.11.10.11
  • Configure logging using commands "logging on", "logging discriminator msglog1 console 7", and check for fan failure logs using "show logging"
  • Configure logging using commands "logging on", "logging buffered 6", and check for fan failure logs using "show logging"
  • Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging"

Answer : Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging"

Which cryptographic algorithms are a part of the Cisco NGE suite?


Options are :

  • AES-GCM-256
  • HIPPA DES
  • AES-CBC-128
  • RC4-128

Answer : AES-GCM-256

Which settings are required for crypto map configuration? 


Options are :

  • match address
  • set security-association lifetime
  • set security-association level per-host
  • set pfs

Answer : match address

200-125 Cisco Certified Network Associate (CCNA) Exam Set 1

The following configuration steps have been completeD.
WebVPN was enabled on the ASA outside interface.
SSL VPN client software was loaded to the ASA.
A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the
ASA SSL page?


Options are :

  • The SSL client must be loaded to the client by an ASA administrator
  • The SSL VPN client must be enabled on the ASA after loading
  • The SSL client must be enabled on the client machine before loading
  • The SSL client must be downloaded to the client via FTP

Answer : The SSL VPN client must be enabled on the ASA after loading

A customer requires all traffic to go through a VPN. However, access to the local network is
also required. Which two options can enable this configuration? 


Options are :

  • split include
  • full tunnel by default
  • split tunnel
  • . split exclude

Answer : . split exclude

Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?


Options are :

  • AES
  • 3DES
  • DES
  • RSA

Answer : RSA

200-125 Cisco Certified Network Associate Practice Exam Set 3

Which command identifies an AnyConnect profile that was uploaded to the router flash?


Options are :

  • anyconnect profile SSL_profile flash:simos-profile.xml
  • svc import profile SSL_profile flash:simos-profile.xml
  • webvpn import profile SSL_profile flash:simos-profile.xml
  • crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

Answer : crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface
when the MTU is set to 1400 bytes?


Options are :

  • 1160 bytes
  • 1240 bytes
  • 1360 bytes
  • 1260 bytes

Answer : 1360 bytes

Which cryptographic technologies are recommended for use with FlexVPN?


Options are :

  • SHA (HMAC variant)
  • MD5 (HMAC variant)
  • DES

Answer : SHA (HMAC variant)

Cisco CCNP Route 300-101 Practice Tests Set 5

Refer to the exhibit.

Which VPN solution does this configuration represent?


Options are :

  • SSL VPN
  • DMVPN
  • Cisco AnyConnect (IKEv2)
  • site-to-site

Answer : SSL VPN

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions