- All Exams Instant Download
An engineer must implement DMVPN phase 2 and two conclusions can be made from the configuration?
Refer to the Exhibit: An engineer must implement DMVPN phase 2 and two conclusions can be made from the configuration? (Choose two.)A . Spoke-to-spoke communication is allowed.B . Next-hop-self is required.C . EIGRP neighbor adjacency will fail.D . EIGRP route redistribution is not allowedE . EIGRP used as the dynamic...
Which situation prevents the user from connecting?
Refer to the exhibit. You have a Clientless SSL VPN service on a Cisco ASA. Which situation prevents the user from connecting? A. The user has a non-Cisco VPN client B. The user’s browser is incompatible C. The user is behind a web proxy D. The Clientless SSL VPN protocol...
Which command do you run to prevent web browsing from the Cisco SSL VPN portal page?
You are configuring a Cisco ASA for Clientless SSL VPN. Which command do you run to prevent web browsing from the Cisco SSL VPN portal page?A . url-list disableB . http server disableC . http-proxy 0.0.0.0D . url-entry disableView AnswerAnswer: D
What must be configured to resolve the issue?
Refer to the exhibit. You are implementing an IKEv1 IPsec tunnel between two Internet routers by using PSKs. After the configuration is complete, the IPsec VPN tunnel fails to negotiate. What must be configured to resolve the issue?A . matching PSKs on both routersB . matching ISAKMP policies on both...
A network security engineer is troubleshooting intermittent connectivity issues across a tunnel. Based on the output from the show crypto ipsec sa command, which cause is most likely?
Refer to the Exhibit: A network security engineer is troubleshooting intermittent connectivity issues across a tunnel. Based on the output from the show crypto ipsec sa command, which cause is most likely?A . ISAKMP and/or IP sec may be bouncing up and down.B . The security association lifetimes are set...
Which option must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. Which option must be added to the configuration to make sure the...
Which type of mismatch is the root cause of the failure?
Refer to the exhibit. You are configuring FlexVPN on a router. The tunnel fails to come up. Which type of mismatch is the root cause of the failure?A . access listB . peer IDC . preshared keyD . transform proposalView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ikeprotocols/5409-ipsec-debug-00.html
What can be determined from this message?
An engineer is troubleshooting an IPsec site-to-site tunnel and verifies that the tunnel status is MM_WAIT_MSG6. What can be determined from this message?A . The PSK has not been confirmed by the responder.B . The encryption policy has not been confirmed by the initiator.C . The encryption policy has not...
Which two methods customize the installation of the Cisco AnyConnect client? (Choose two.)
Which two methods customize the installation of the Cisco AnyConnect client? (Choose two.)A . installation profilesB . command-line parametersC . client profilesD . resource profilesE . installer transformsView AnswerAnswer: B,E Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect46/ administration/guide/b_AnyConnect_Administrator_Guide_4-6/customize-localize-anyconnect.pdf page 2
What are two features of Cisco GET VPN? (Choose two.)
What are two features of Cisco GET VPN? (Choose two.)A . allows for optimal routingB . uses public InternetC . provides encryption for MP_SD . provides point-to-point IPsec SAE . uses MGREView AnswerAnswer: A,C
