Page: 1
/ 13
Total 188 questions
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. What must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
- A. tunnel group lock
- B. smart tunnel
- C. port forwarding
- D. webtype ACL
Answer : A
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly, and all tunnel stats show that they are up. However, when trying to connect to a remote server using RDP, the connection fails.
Which action resolves this issue?
- A. Adjust the MTU size within the routers.
- B. Add RDP port to the extended ACL.
- C. Replace certificate on the RDP server.
- D. Change DMVPN timeout values.
Answer : A
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
- A. isakmp policy
- B. group policy
- C. crypto map
- D. tunnel group
Answer : D
A network engineer has been tasked with configuring SSL VPN to provide remote users with access to the corporate network. Traffic destined to the enterprise IP range should go through the tunnel, and all other traffic should go directly to the Internet. Which feature should be configured to achieve this?
- A. U-turning
- B. hairpinning
- C. split-tunnel
- D. dual-homing
Answer : C
A network engineer must design a remote access solution to allow contractors to access internal servers. These contractors do not have permissions to install applications on their computers. Which VPN solution should be used in this design?
- A. IKEv2 AnyConnect
- B. Clientless
- C. Port forwarding
- D. SSL AnyConnect
Answer : B
Refer to the exhibit. Which type of Cisco VPN is shown for group Cisc012345678?
- A. Cisco AnyConnect Client VPN
- B. DMVPN
- C. Clientless SSLVPN
- D. GETVPN
Answer : A
Which command shows the smart default configuration for an IPsec profile?
- A. show run all crypto ipsec profile
- B. ipsec profile does not have any smart default configuration
- C. show smart-defaults ipsec profile
- D. show crypto ipsec profile default
Answer : D
DRAG DROP -
Drag and drop the code snippets from the right onto the blanks in the configuration to implement FlexVPN. Not all snippets are used.
Select and Place:
Answer :
Refer to the exhibit. The DMVPN spoke is not establishing a session with the hub. Which two actions resolve this issue? (Choose two.)
- A. Change the spoke nhs to 172.16.18.1 and the nbma to 10.0.0.1.
- B. Change the transform set to mode tunnel.
- C. Change the ISAKMP policy authentication on the spoke to pre-shared.
- D. Change the ISAKMP key address on the spoke to 0.0.0.0.
- E. Change the nhrp authentication key on the spoke to cisco123.
Answer : DE
Refer to the exhibit. A network engineer is configuring a remote access SSLVPN and is unable to complete the connection using local credentials. What must be done to remediate this problem?
- A. Enable the client protocol in the Cisco AnyConnect profile.
- B. Configure a AAA server group to authenticate the client.
- C. Change the authentication method to local.
- D. Configure the group policy to force local authentication.
Answer : A
Which two NHRP functions are specific to DMVPN Phase 3 implementation? (Choose two.)
- A. registration reply
- B. redirect
- C. resolution reply
- D. registration request
- E. resolution request
Answer : BC
A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?
A.
B.
C.
D.
Answer : A
Which two features are valid backup options for an IOS FlexVPN client? (Choose two.)
- A. HSRP stateless failover
- B. DNS-based hub resolution
- C. reactivate primary peer
- D. tunnel pivot
- E. need distractor
Answer : BC
Refer to the exhibit. Which type of VPN is used?
- A. GETVPN
- B. clientless SSL VPN
- C. Cisco Easy VPN
- D. Cisco AnyConnect SSL VPN
Answer : C
30 days access 