لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
Refer to the exhibit. An engineer is diagnosing an issue that occurred after a router at a branch site was assigned a new address. Based on the debugs, what must be done to resolve this issue?
A. Add the remote peer’s IP address to the server's IKEv2 keyring
B. Ensure that the correct preshared keys are set on both sides
C. Ensure that the UDP 500 packets between devices are not dropped
D. Add the remote peer’s identity to the server’s IKEv2 profile
عرض الإجابة
اجابة صحيحة: A
السؤال #2
In order to enable FlexVPN to use a AAA attribute list, which two tasks must be performed? (Choose two.)
A. DMVPN with ISAKMP
B. GETVPN with ISAKMP
C. DMVPN with NHRP
D. GETVPN with NHRP
عرض الإجابة
اجابة صحيحة: BD
السؤال #3
Refer to the exhibit. Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)
A. use of certificates instead of username and password
B. EAP-AnyConnect
C. EAP query-identity
D. AnyConnect profile
عرض الإجابة
اجابة صحيحة: BE
السؤال #4
Refer to the exhibit. Which VPN technology is used in the exhibit?
A. DVTI
B. VTI
C. DMVPN
D. GRE
عرض الإجابة
اجابة صحيحة: B
السؤال #5
An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?
A. routing
B. WebACL
C. split tunnel
D. VPN filter
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?
A. show crypto ikev2 sa
B. show crypto isakmp sa
C. show crypto gkm
D. show crypto identity
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?
A. nterface virtual-access
B. p nhrp redirect
C. nterface tunnel
D. nterface virtual-template
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Refer to the exhibit. A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?
A. Enable the client protocol in the Cisco AnyConnect profile
B. Configure a AAA server group to authenticate the client
C. Change the authentication method to local
D. Configure the group policy to force local authentication
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Which VPN does VPN load balancing on the ASA support?
A. VTI
B. IPsec site-to-site tunnels
C. L2TP over IPsec
D. Cisco AnyConnect
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Refer to the exhibit.A network administrator is setting up a phone VPN on a Cisco AS
A. he phone cannot connect and the error is presented in a debug on the Cisco ASA
A. nable web-deploy of the posture module so that the module can be downloaded from the Cisco ASA to an IP phone
B. onfigure the Cisco ASA to present an RSA certificate to the phone for authentication
C. isable Cisco Secure Desktop under the connection profile VPNPhone
D. nstall the posture module on the Cisco ASA
عرض الإجابة
اجابة صحيحة: C
السؤال #11
Refer to the exhibit. A network engineer is reconfiguring clientless SSLVPN during a maintenance window, and after testing the new configuration, is unable to establish the connection. What must be done to remediate this problem?
A. Enable client services on the outside interface
B. Enable clientless protocol under the group policy
C. Enable DTLS under the group policy
D. Enable auto sign-on for the user’s IP address
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Refer to the exhibit. The customer can establish a Cisco AnyConnect connection without using an XML profile. When the host "ikev2" is selected in the AnyConnect drop down, the connection fails. What is the cause of this issue?
A. The HostName is incorrect
B. The IP address is incorrect
C. Primary protocol should be SSL
D. UserGroup must match connection profile
عرض الإجابة
اجابة صحيحة: D
السؤال #13
On a FlexVPN hub-and-spoke topology where spoke-to-spoke tunnels are not allowed, which command is needed for the hub to be able to terminate FlexVPN tunnels?
A. interface virtual-access
B. ip nhrp redirect
C. interface tunnel
D. interface virtual-template
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Refer to the exhibit. An engineer is troubleshooting a new GRE over IPsec tunnel. The tunnel is established, but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?
A. ESP packets from spoke2 to spoke1
B. ISAKMP packets from spoke2 to spoke1
C. ESP packets from spoke1 to spoke2
D. ISAKMP packets from spoke1 to spoke2
عرض الإجابة
اجابة صحيحة: A
السؤال #15
01. Which VPN solution uses TBAR?
A. SL/TLS
B. 2TP
C. TLS
D. PsecIKEv1
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. smart tunnel
C. port forwarding
D. webtype ACL
عرض الإجابة
اجابة صحيحة: A
السؤال #17
An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why does this failure occur?
A. The ISAKMP policy priority values are invalid
B. ESP traffic is being dropped
C. The Phase 1 policy does not match on both devices
D. Tunnel protection is not applied to the DMVPN tunnel
عرض الإجابة
اجابة صحيحة: C
السؤال #18
In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke tunnels do not form. Which troubleshooting step solves the issue?
A. Verify the spoke configuration to check if the NHRP redirect is enabled
B. Verify that the spoke receives redirect messages and sends resolution requests
C. Verify the hub configuration to check if the NHRP shortcut is enabled
D. Verify that the tunnel interface is contained within a VRF
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Which feature allows the ASA to handle nonstandard applications and web resources so that they display correctly over a clientless SSL VPN connection?
A. auto-upgrade
B. auto-connect
C. auto-start
D. auto-run
عرض الإجابة
اجابة صحيحة: B
السؤال #20
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)
A. EAP configuration
B. multipoint GRE tunnel interface
C. IKEv1 policy
D. IKEv2 profile
عرض الإجابة
اجابة صحيحة: DE
السؤال #21
Which parameter must match on all routers in a DMVPN Phase 3 cloud?
A. GRE tunnel key
B. NHRP network ID
C. tunnel VRF
D. EIGRP split-horizon setting
عرض الإجابة
اجابة صحيحة: A
السؤال #22
A clientless SSLVPN is set up to allow remote users to access internal HTTPS webservers. Users can access all but one server and see the message "Connection Failed. Server 192.168.0.101 unavailable". Pings between the Cisco ASA and the webserver are successful, and users can connect to the webserver when they use their computer in the internal network. Which action resolves this issue?
A. Add an SSL cipher that can be negotiated with the webserver to the Cisco AS
B. Add the http 192
C. Configure routing on the Cisco ASA so it can reach the webserver
D. Configure a DNS server that can resolve the webserver domain on the Cisco ASA
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A network engineer must expand a company's Cisco AnyConnect solution. Currently, a Cisco ASA is set up in North America and another will be installed in Europe with a different IP address. Users should connect to the ASA that has the lowest Round Trip Time from their network location as measured by the AnyConnect client. Which solution must be implemented to meet this requirement?
A. VPN Load Balancing
B. IP SLA
C. DNS Load Balancing
D. Optimal Gateway Selection
عرض الإجابة
اجابة صحيحة: D
السؤال #24
What are two purposes of the key server in Cisco IOS GETVPN? (Choose two.)
A. tunnelall
B. excludeall
C. tunnelspecified
D. excludespecified
عرض الإجابة
اجابة صحيحة: BE
السؤال #25
Refer to the exhibit. Cisco AnyConnect must be set up on a router to allow users to access internal servers 192.168.0.10 and 192.168.0.11. All other traffic should go out of the client's local NIC. Which command accomplishes this configuration?
A. svc split include 192
B. svc split exclude 192
C. svc split include acl CCNP
D. svc split exclude acl CCNP
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Where is split tunneling defined for IKEv2 remote access clients on a Cisco router?
A. IKEv2 authorization policy
B. Group Policy
C. virtual template
D. webvpn context
عرض الإجابة
اجابة صحيحة: B
السؤال #27
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
A. IKEv2 AnyConnect
B. Clientless
C. Port forwarding
D. SSL AnyConnect
عرض الإجابة
اجابة صحيحة: B
السؤال #28
02. Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?
A. TI
B. ryptomap
C. ETVPN
D. MVPN
A. unnel-group(general-attributes)
B. unnel-group(webvpn-attributes)
C. ebvpn(group-policy)
D. ebvpn(globalconfiguration)
A. REtunnelkey
B. HRPnetworkID
C. unnelVRF
D. IGRPsplit-horizonsetti
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?
A. The URL is being blocked by a WebACL
B. The ASA cannot resolve the URL
C. The bookmark has been disabled
D. The user cannot access the URL
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Refer to the exhibit. Which type of Cisco VPN is shown for group Cisc012345678?
A. Cisco AnyConnect Client VPN
B. DMVPN
C. Clientless SSLVPN
D. GETVPN
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which command shows the smart default configuration for an IPsec profile?
A. show run all crypto ipsec profile
B. ipsec profile does not have any smart default configuration
C. show smart-defaults ipsec profile
D. show crypto ipsec profile default
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message “Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?
A. phase 9: rpf-check
B. phase 5: NAT
C. phase 4: ACCESS-LIST
D. phase 3: UN-NAT
عرض الإجابة
اجابة صحيحة: D
السؤال #33
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?
A. IKEv2 IKE_SA_INIT
B. IKEv2 INFORMATIONAL
C. IKEv2 CREATE_CHILD_SA
D. IKEv2 IKE_AUTH
عرض الإجابة
اجابة صحيحة: B
السؤال #34
A Cisco ASA is configured in active/standby mode. What is needed to ensure that Cisco AnyConnect users can connect after a failover event?
A. AnyConnect images must be uploaded to both failover ASA devices
B. The vpnsession-db must be cleared manually
C. Configure a backup server in the XML profile
D. AnyConnect client must point to the standby IP address
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Refer to the exhibit. Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub AS
A. Which command on the ASA is missing?A
B. same-security-traffic permit intra-interface
C. same-security-traffic permit inter-interface
D. dns-server value 10
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Which technology is used to send multicast traffic over a site-to-site VPN?
A. GRE over IPsec on IOS router
B. GRE over IPsec on FTD
C. IPsec tunnel on FTD
D. GRE tunnel on ASA
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Refer to the exhibit. Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?
A. Lower the tunnel MTU
B. Enable perfect forward secrecy
C. Specify the application networks in the remote identity
D. Make an adjustment to IPSec replay window
عرض الإجابة
اجابة صحيحة: A
السؤال #38
An engineer is creating an URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?
A. pecify the protocol to match (HTTP or HTTPS)
B. se the FQDN including the subdomain for the website
C. se the subject common name from the website certificate
D. efine the path to the individual webpage that uses HTTPS
عرض الإجابة
اجابة صحيحة: B
السؤال #39
Refer to the exhibit. Which type of VPN implementation is displayed?
A. Configure the spoke and hub to use the same IKE version
B. Ensure that devices between the hub and spoke are not blocking ESP traffic
C. Ensure that devices between the hub and spoke are not blocking GRE traffic
D. Enable the tunnel interface with the no shutdown command
عرض الإجابة
اجابة صحيحة: C
السؤال #40
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
A. isakmp policy
B. group policy
C. crypto map
D. tunnel group
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Refer to the exhibit. What is a result of this configuration?
A. Spoke 1 fails the authentication because the authentication methods are incorrect
B. Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2
C. Spoke 2 fails the authentication because the remote authentication method is incorrect
D. Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2
عرض الإجابة
اجابة صحيحة: A
السؤال #42
An engineer is implementing the FlexVPN solution on a Cisco IOS router. The router must only terminate VPN requests and must not initiate them. Additionally, the interface must support VPNs from other routers and Cisco AnyConnect connections. Which interface type must be configured to meet these requirements?
A. oint-to-point GRE tunnel interface
B. ultipoint GRE tunnel interface
C. tatic virtual tunnel interface
D. irtual template interface
عرض الإجابة
اجابة صحيحة: D
السؤال #43
Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?
A. tunnel-group (general-attributes)
B. tunnel-group (webvpn-attributes)
C. webvpn (group-policy)
D. webvpn (global configuration)
عرض الإجابة
اجابة صحيحة: C
السؤال #44
Which two remote access VPN solutions support SSL? (Choose two.)
A. GETVPN
B. VTI
C. DMVPN
D. Cisco AnyConnect
عرض الإجابة
اجابة صحيحة: BE
السؤال #45
Refer to the exhibit. Which type of Cisco VPN is shown for group Cisc012345678?
A. Cisco AnyConnect Client VPN
B. DMVPN
C. Clientless SSLVPN
D. GETVPN
عرض الإجابة
اجابة صحيحة: A
السؤال #46
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?
A. Adjust the MTU size within the routers
B. Add RDP port to the extended ACL
C. Replace certificate on the RDP server
D. Change DMVPN timeout values
عرض الإجابة
اجابة صحيحة: A
السؤال #47
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
A. registration reply
B. redirect
C. resolution reply
D. registration request
E. resolution request
عرض الإجابة
اجابة صحيحة: BC
السؤال #48
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails.Which action resolves this issue?
A. Adjust the MTU size within the routers
B. Add RDP port to the extended ACL
C. Replace certificate on the RDP server
D. Change DMVPN timeout values
عرض الإجابة
اجابة صحيحة: A
السؤال #49
Refer to the exhibit. Which two conclusions should be drawn from the DMVPN phase 2 configuration? (Choose two.)
A. Add the address 192
B. Add the match fvrf any command to the IKEv2 policy
C. Add the aaa authorization group psk list Flex_AAA Flex_Auth command to the IKEv2 profile configuration
D. Add the tunnel mode gre ip command to the tunnel configuration
عرض الإجابة
اجابة صحيحة: CE
السؤال #50
An administrator is setting up Cisco AnyConnect on a Cisco ASA with the requirement that AnyConnect automatically establishes a VPN when a company-owned laptop is connected to the internet outside of the corporate network. Which configuration meets these requirements?
A. BL with user certificate authentication
B. ND with machine certificate authentication
C. BL with machine certificate authentication
D. ND with user certificate authentication
عرض الإجابة
اجابة صحيحة: B
السؤال #51
Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?
A. Set up a smart tunnel with the IP address of the web server
B. Set up a NAT rule that translates the ASA public address to the web server private address on port 80
C. Set up Cisco AnyConnect with a split tunnel that has the IP address of the web server
D. Set up a WebACL to permit the IP address of the web server
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: