Q1. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 

View Answer

Q2. The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem? 

A. User profile updates are not allowed with IKEv2. 

B. IKEv2 is not enabled on the group policy. 

C. A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt. 

D. Client Services is not enabled on the adaptive security appliance. 

View Answer

Q3. Which statement about the hub in a DMVPN configuration with iBGP is true? 

A. It must be a route reflector client. 

B. It must redistribute EIGRP from the spokes. 

C. It must be in a different AS. 

D. It must be a route reflector. 

View Answer

Q4. Refer to the exhibit. 

Which statement about the given IKE policy is true? 

A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds. 

B. It will use encrypted nonces for authentication. 

C. It has a keepalive of 60 minutes, checking every 5 minutes. 

D. It uses a 56-bit encryption algorithm. 

View Answer

Q5. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest? 

interfacE. Tunnel100 

Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10 

protected vrF. (none) 

local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0) 

remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0) 

current_peer 209.165.200.230 port 500 

PERMIT, flags={origin_is_acl,} 

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836 

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211 

#pkts compresseD. 0, #pkts decompresseD. 0 

#pkts not compresseD. 0, #pkts compr. faileD. 0 

#pkts not decompresseD. 0, #pkts decompress faileD. 0 

#send errors 0, #recv errors 0 

A. The VPN has established and is functioning normally. 

B. There is an asymmetric routing issue. 

C. The remote peer is not receiving encrypted traffic. 

D. The remote peer is not able to decrypt traffic. 

E. Packet corruption is occurring on the path between the two peers. 

View Answer

Q6. You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters? 

A. show ip nhrp nhs detail 

B. show ip nhrp tunnel 

C. show ip nhrp incomplete 

D. show ip nhrp incomplete tunnel tunnel_interface_number 

View Answer

Q7. In which situation would you enable the Smart Tunnel option with clientless SSL VPN? 

A. when a user is using an outdated version of a web browser 

B. when an application is failing in the rewrite process 

C. when IPsec should be used over SSL VPN 

D. when a user has a nonsupported Java version installed 

E. when cookies are disabled 

View Answer

Q8. Which command clears all Cisco AnyConnect VPN sessions? 

A. vpn-sessiondb logoff anyconnect 

B. vpn-sessiondb logoff webvpn 

C. vpn-sessiondb logoff l2l 

D. clear crypto isakmp sa 

View Answer

Q9. Refer to the exhibit. 

What technology does the given configuration demonstrate? 

A. Keyring used to encrypt IPSec traffic 

B. FlexVPN with IPV6 

C. FlexVPN with AnyConnect 

D. Crypto Policy to enable IKEv2 

View Answer

Q10. In the Cisco ASDM interface, where do you enable the DTLS protocol setting? 

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy 

B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit 

C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit 

View Answer