لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)
A. HSRP stateless failover
B. DNS-based hub resolution
C. reactivate primary peer
D. tunnel pivot
E. need distractor
عرض الإجابة
اجابة صحيحة: BC
السؤال #2
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?
A. U-turning
B. hairpinning
C. split-tunnel
D. dual-homing
عرض الإجابة
اجابة صحيحة: C
السؤال #3
Which command must be configured on the tunnel interface of a FlexVPN spoke to receive a dynamic IP address from the hub?
A. p address negotiated
B. p unnumbered
C. p address dhcp
D. p address pool
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Refer to the exhibit. Which type of VPN is used?
A. GETVPN
B. clientless SSL VPN
C. Cisco Easy VPN
D. Cisco AnyConnect SSL VPN
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)
A. policy-based routing
B. CEF
C. reverse route injection
D. route filtering
عرض الإجابة
اجابة صحيحة: BD
السؤال #6
Refer to the exhibit. A site-to-site tunnel between two sites is not coming up. Based on the debugs, what is the cause of this issue?
A. An authentication failure occurs on the remote peer
B. A certificate fragmentation issue occurs between both sides
C. UDP 4500 traffic from the peer does not reach the router
D. An authentication failure occurs on the router
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Which feature of GETVPN is a limitation of DMVPN and FlexVPN?
A. sequence numbers that enable scalable replay checking
B. enabled use of ESP or AH
C. design for use over public or private WAN
D. no requirement for an overlay routing protocol
عرض الإجابة
اجابة صحيحة: D
السؤال #8
Refer to the exhibit. The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)
A. Enable the client protocol in the Cisco AnyConnect profile
B. Configure a AAA server group to authenticate the client
C. Change the authentication method to local
D. Configure the group policy to force local authentication
عرض الإجابة
اجابة صحيحة: DE
السؤال #9
Which configuration construct must be used in a FlexVPN tunnel?
A. Endpoint Assessment
B. Cisco Secure Desktop
C. Basic Host Scan
D. Advanced Endpoint Assessment
عرض الإجابة
اجابة صحيحة: D
السؤال #10
Which benefit of FlexVPN is a limitation of DMVPN using IKEv1?
A. GRE encapsulation allows for forwarding of non-IP traffic
B. IKE implementation can install routes in routing table
C. NHRP authentication provides enhanced security
D. Dynamic routing protocols can be configured
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Refer to the exhibit. What is configured as a result of this command set?
A. FlexVPN client profile for IPv6
B. FlexVPN server to authorize groups by using an IPv6 external AAA
C. FlexVPN server for an IPv6 dVTI session
D. FlexVPN server to authenticate IPv6 peers by using EAP
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Refer to the exhibit. Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)
A. Reduce the maximum SA limit on the local Cisco AS
B. Increase the maximum in-negotiation SA limit on the local Cisco ASA
C. Remove the maximum SA limit on the remote Cisco ASA
D. Correct the crypto access list on both Cisco ASA devices
عرض الإجابة
اجابة صحيحة: BE
السؤال #13
Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?
A. GET VPN with COOP key server
B. GET VPN with dual group member
C. FlexVPN load balancer
D. FlexVPN backup gateway
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Which two types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose two.)
A. IKEv1 cluster
B. IKEv2 backup gateway
C. IKEv2 load balancer
D. IKEv2 reconnect
عرض الإجابة
اجابة صحيحة: BE
السؤال #15
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?
A. FlexVPN
B. DMVPN Phase 3
C. DMVPN Phase 2
D. GETVPN
عرض الإجابة
اجابة صحيحة: B
السؤال #16
Which clientless SSLVPN supported feature works when the http-only-cookie command is enabled?
A. Citrix load balancer
B. port reflector
C. Java rewriter
D. Java plug-ins
E. script browser
عرض الإجابة
اجابة صحيحة: E
السؤال #17
Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?
A. address-pool
B. group-alias
C. group-policy
D. tunnel-group
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
A. isakmp policy
B. group policy
C. crypto map
D. tunnel group
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which requirement is needed to use local authentication for Cisco AnyConnect Secure Mobility Clients that connect to a FlexVPN server?
A. *$SecureMobilityClient$*
B. *$AnyConnectClient$*
C. *$RemoteAccessVpnClient$*
D. *$DfltlkeldentityS*
عرض الإجابة
اجابة صحيحة: D
السؤال #20
While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?
A. Verify that the ISAKMP proposals match
B. Ensure that UDP 500 is not being blocked between the devices
C. Correct the peer's IP address on the crypto map
D. Confirm that the pre-shared keys match on both devices
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)
A. GETVPN
B. clientless SSL VPN
C. Cisco Easy VPN
D. Cisco AnyConnect SSL VPN
عرض الإجابة
اجابة صحيحة: BC
السؤال #22
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose two.)
A. The XML profile is not configured correctly for the affected users
B. The new client image does not use the same major release as the current one
C. Client services are not enabled
D. Client software updates are not supported with IKEv2
عرض الإجابة
اجابة صحيحة: CD
السؤال #23
Which technology works with IPsec stateful failover?
A. GLBP
B. HSRP
C. GRE
D. VRRP
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which method dynamically installs the network routes for remote tunnel endpoints?
A. svc import profile SSL_profile flash:simos-profile
B. anyconnect profile SSL_profile flash:simos-profile
C. crypto vpn anyconnect profile SSL_profile flash:simos-profile
D. webvpn import profile SSL_profile flash:simos-profile
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Cisco AnyConnect clients need to transfer large files over the VPN sessions. Which protocol provides the best throughput?
A. SSL/TLS
B. L2TP
C. DTLS
D. IPsec IKEv1
عرض الإجابة
اجابة صحيحة: C
السؤال #26
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?
A. U-turning
B. hairpinning
C. split-tunnel
D. dual-homing
عرض الإجابة
اجابة صحيحة: C
السؤال #27
A DMVPN spoke is configured with IKEv1 to secure the tunnel. Despite having a configuration similar to other working spokes, the tunnel is not coming up. Packet captures on the spoke show packets leaving the spoke router, but not making it to the hub router. Which solution resolves this issue?
A. Add a route on the remote peer for 209
B. Add a route on the local peer for 10
C. Add a permit for TCP traffic going to 10
D. Add a permit for TCP traffic going to 209
عرض الإجابة
اجابة صحيحة: B
السؤال #28
An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?
A. EAP-GTC
B. EAP-MSCHAPv2
C. EAP-MD5
D. EAP-AnyConnect
عرض الإجابة
اجابة صحيحة: D
السؤال #29
Which statement about GETVPN is true?
A. The configuration that defines which traffic to encrypt originates from the key server
B. TEK rekeys can be load-balanced between two key servers operating in COOP
C. The pseudotime that is used for replay checking is synchronized via NTP
D. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Which VPN solution uses TBAR?
A. Same-security-traffic permit inter-interface under Group Policy
B. Exclude Network List Below under Group Policy
C. Tunnel All Networks under Group Policy
D. Tunnel Network List Below under Group Policy
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which command shows the smart default configuration for an IPsec profile?
A. show run all crypto ipsec profile
B. ipsec profile does not have any smart default configuration
C. show smart-defaults ipsec profile
D. show crypto ipsec profile default
عرض الإجابة
اجابة صحيحة: D
السؤال #32
DRAG DROP (Drag and Drop is not supported)Drag and drop the code snippets from the right onto the blanks in the configuration to implement FlexVPN. Not all snippets are used.Select and Place:
A. See Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #33
After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?
A. Apply the bookmark to the correct group policy
B. Specify the correct port for the web server under the bookmark
C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server
D. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server
عرض الإجابة
اجابة صحيحة: C
السؤال #34
DRAG DROP (Drag and Drop is not supported)Drag and drop the correct commands from the right onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all commands are used.Select and Place:
A. See Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Refer to the exhibit. DMVPN spoke-to-spoke traffic works, but it passes through the hub, and never sends direct spoke-to-spoke traffic. Based on the tunnel interface configuration shown, what must be configured on the hub to solve the issue?
A. Enable NHRP redirect
B. Enable split horizon
C. Enable IP redirects
D. Enable NHRP shortcut
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A. preshared key
B. peer identity
C. transform set
D. ikev2 proposal
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?
A. crypto access list
B. Phase 1 policy
C. transform set
D. preshared key
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Which redundancy protocol must be implemented for IPsec stateless failover to work?
A. SSO
B. GLBP
C. HSRP
D. VRRP
عرض الإجابة
اجابة صحيحة: C
السؤال #39
Refer to the exhibit. The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)
A. Change the spoke nhs to 172
B. Change the transform set to mode tunnel
C. Change the ISAKMP policy authentication on the spoke to pre-shared
D. Change the ISAKMP key address on the spoke to 0
E. Change the nhrp authentication key on the spoke to cisco123
عرض الإجابة
اجابة صحيحة: DE
السؤال #40
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A. single sign-on
B. Smart Tunnel
C. WebType ACL
D. plug-ins
عرض الإجابة
اجابة صحيحة: CD
السؤال #41
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
A. IKEv2 AnyConnect
B. Clientless
C. Port forwarding
D. SSL AnyConnect
عرض الإجابة
اجابة صحيحة: B
السؤال #42
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
A. SSL
B. FlexVPN
C. DMVPN
D. GETVPN
عرض الإجابة
اجابة صحيحة: D
السؤال #43
03. Which feature allows the ASA to handle nonstandard applications and web resources so that they display correctly over a clientless SSL VPN connection?
A. -turni
B. airpinni
C. plit-tunnel
D. ual-homi
عرض الإجابة
اجابة صحيحة: B
السؤال #44
Refer to the exhibit. An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?
A. Ensure crypto IPsec policy matches on both VPN devices
B. Install the correct certificate to validate the peer
C. Correct crypto access list on both VPN devices
D. Specify the peer IP address in the tunnel group name
عرض الإجابة
اجابة صحيحة: A
السؤال #45
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?
A. VTI
B. crypto map
C. GETVPN
D. DMVPN
عرض الإجابة
اجابة صحيحة: B
السؤال #46
Which parameter is initially used to elect the primary key server from a group of key servers?
A. code version
B. highest IP address
C. highest-priority value
D. lowest IP address
عرض الإجابة
اجابة صحيحة: C
السؤال #47
What is a requirement for smart tunnels to function properly?
A. Java or ActiveX must be enabled on the client machine
B. Applications must be UDP
C. Stateful failover must not be configured
D. The user on the client machine must have admin access
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Refer to the exhibit. Based on the debug output, which type of mismatch is preventing the VPN from coming up?
A. interesting traffic
B. lifetime
C. preshared key
D. PFS
عرض الإجابة
اجابة صحيحة: A
السؤال #49
What are two functions of ECDH and ECDSA? (Choose two.)
A. ECDSA
B. ECDHE
C. AES-GCM
D. SHA
عرض الإجابة
اجابة صحيحة: CD
السؤال #50
Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?
A. SSL AnyConnect
B. IKEv2 AnyConnect
C. crypto map
D. clientless
عرض الإجابة
اجابة صحيحة: B
السؤال #51
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. smart tunnel
C. port forwarding
D. webtype ACL
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.