Q1. What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes?
A. 1160 bytes
B. 1260 bytes
C. 1360 bytes
D. 1240 bytes
Answer: C
Q2. Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)
A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.
F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
G. The IKE configuration that is set up on the active device must be duplicated on the standby device.
Answer: C,E,G
Q3. Which alogrithm is an example of asymmetric encryption?
A. RC4
B. AES
C. ECDSA
D. 3DES
Answer: C
Q4. Refer to the exhibit.
The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue?
A. IKEv2 is blocked over the path.
B. UserGroup must be different than the name of the connection profile.
C. The primary protocol should be SSL.
D. UserGroup must be the same as the name of the connection profile.
Answer: D
Q5. What are two forms of SSL VPN? (Choose two.)
A. port forwarding
B. Full Tunnel Mode
C. Cisco IOS WebVPN
D. Cisco AnyConnect
Answer: C,D
Q6. Which two features are required when configuring a DMVPN network? (Choose two.)
A. Dynamic routing protocol
B. GRE tunnel interface
C. Next Hop Resolution Protocol
D. Dynamic crypto map
E. IPsec encryption
Answer: B,C
Q7. What must be enabled in the web browser of the client computer to support Clientless SSL VPN?
A. cookies
B. ActiveX
C. Silverlight
D. popups
Answer: A
Q8. Scenario
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using
Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise.
Topology
Default_Home
Which address pool is being assigned to the users connecting via the AnyConnect client?
A. AC_Address_Pool
B. Remote_Address_Pool
C. Outside_Address_Pool
D. VPN_Address_Pool
Answer: D
Explanation:
First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below:
Capture
Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below:
Capture
From here we can see that the Client Address Pools in use is the “VPN_Access_Pool”
Q9. What are two benefits of DMVPN Phase 3? (Choose two.)
A. Administrators can use summarization of routing protocol updates from hub to spokes.
B. It introduces hierarchical DMVPN deployments.
C. It introduces non-hierarchical DMVPN deployments.
D. It supports L2TP over IPSec as one of the VPN protocols.
Answer: A,B
Q10. Which two types of authentication are supported when you use Cisco ASDM to configure site-to-site IKEv2 with IPv6? (Choose two.)
A. preshared key
B. webAuth
C. digital certificates
D. XAUTH
E. EAP
Answer: A,C