Q1. Which algorithm is replaced by elliptic curve cryptography in Cisco NGE? 

A. 3DES 

B. AES 

C. DES 

D. RSA 

View Answer

Q2. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

View Answer

Q3. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) 

A. key encryption key 

B. group encryption key 

C. user encryption key 

D. traffic encryption key 

View Answer

Q4. What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke? 

A. The hub sends back a resolution reply to the requesting spoke. 

B. The hub updates its own NHRP mapping. 

C. The hub forwards the request to the destination spoke. 

D. The hub waits for the second spoke to send a request so that it can respond to both spokes. 

View Answer

Q5. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

View Answer

Q6. The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed: 

"Login Denied, unauthorized connection mechanism, contact your administrator" 

What is the most possible cause of this problem? 

A. DAP is terminating the connection because IKEv2 is the protocol that is being used. 

B. The client endpoint does not have the correct user profile to initiate an IKEv2 connection. 

C. The AAA server that is being used does not authorize IKEv2 as the connection mechanism. 

D. The administrator is restricting access to this specific user. 

E. The IKEv2 protocol is not enabled in the group policy of the VPN headend. 

View Answer

Q7. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect 

B. IPsec 

C. L2TP 

D. SSL VPN 

View Answer

Q8. What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? 

A. disk0:/webvpn/{context name}/ 

B. disk1:/webvpn/{context name}/ 

C. flash:/webvpn/{context name}/ 

D. nvram:/webvpn/{context name}/ 

View Answer

Q9. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

View Answer

Q10. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer? 

A. ftp://<hostname>/capture/<capture_name>/ 

B. https://<asdm_enabled _interface:port>/<capture_name>/ 

C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap 

D. https://<hostname>/<capture_name>/pcap 

View Answer