Loading questions...
Loading questions...
Preview
Updated
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Which feature must be disabled in EIGRP for DMVPN spokes to learn routes to other DMVPN spokes?
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?
An administrator is setting up AnyConnect for the first time for a few users. Currently, the router does not have access to a RADIUS server. Which AnyConnect protocol must be used to allow users to authenticate?
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?
DRAG DROP -
Drag and drop the correct commands from the right onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all commands are used.
Select and Place:
Which VPN does VPN load balancing on the ASA support?
A Cisco IOS router is reconfigured to connect to an additional DMVPN hub that is a part of a different DMVPN phase 3 cloud. After this change was made, users begin to experience problems accessing corporate resources over both tunnels. Before the additional tunnel was created, users could access resources over the first tunnel without any issues. Both tunnels terminate on the same interface of the router and use the same IPsec proposals. Which two actions resolve the issue without affecting spoke-to-spoke traffic in either DMVPN cloud? (Choose two.)
Which Diffie Hellman group should be used when ECDH is required in a VPN configuration?
Refer to the exhibit. Based on this ASDM output, which remote access technologies are allowed on the ASA?
On an ASA with multiple connection profiles for different departments, what is the best design to ensure that AnyConnect users are assigned the correct connection profile based on their department and do not have the ability to choose a different connection profile?
A user at a company HQ is having trouble accessing a network share at a branch site that is connected with a L2L IPsec VPN. While troubleshooting, a network security engineer runs a packet tracer on the Cisco ASA to simulate the user traffic and discovers that the encryption counter is increasing but the decryption counter is not. What must be configured to correct this issue?
A user is experiencing delays on audio calls over a Cisco AnyConnect VPN. Which implementation step resolves this issue?
Refer to the exhibit.
Users cannot connect via AnyConnect SSLVPN. Which action resolves this issue?
Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)
A network administrator deployed IKEv2 Cisco AnyConnect on a Cisco ASA. The current configuration tunnels all traffic through the VPN. Users report poor performance with cloud-based applications, but no issues have been reported about connections to on-premises servers. Packet analysis on Cisco Webex traffic shows very few duplicate ACKs, high RTT, and no IP fragments. Which action improves Webex performance for VPN users?
Refer to the exhibit. Which type of VPN is used in the configuration?
What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)
A company is setting up a dynamic crypto map on the Cisco ASA at the headquarters to accept connections from the branch offices. There will be no IP subnet overlap between the branch offices, but the engineer does not know which encryption domains will be requested by the branch offices. Additionally, the company security policy states that routing protocol traffic should not leave the HQ network. Which solution should be used to route traffic back to the branches from the Cisco ASA with minimal administrative effort?
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?
A company's remote locations connect to the data centers via MPLS. A new request requires that unicast and multicast traffic that exits in the remote locations be encrypted. Which non-tunneled technology should be used to satisfy this requirement?
An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show crypto isakmp sa command is issued, a response is returned of
"MM_NO_STATE." Why does this failure occur?
Refer to the exhibit. Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)
Which two types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose two.)
Refer to the exhibit. What is configured as a result of this command set?
