When configuring a FlexVPN, which two components must be configured for IKEv2? (Choose two.)

When configuring a FlexVPN, which two components must be configured for IKEv2? (Choose two.)A . persistenceB . profileC . proposalD . preferenceE . methodView AnswerAnswer: B,C Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15­mt/sec-flexvpn-15-mt-book/sec-cfg-ikev2-flex.html

December 8, 2019 No Comments READ MORE +

Which possible cause of the connection failure is most likely?

Refer to the exhibit. You configure Clientless SSL VPN on a Cisco ASA. Users from Company A cannot connect to the Clientless SSL VPN. Which possible cause of the connection failure is most likely? A. The users have authentication issues B. The users are behind the same NAT IP address...

December 8, 2019 No Comments READ MORE +

Which method dynamically advertises the network routes for remote tunnel endpoints?

Which method dynamically advertises the network routes for remote tunnel endpoints?A . dynamic routingB . RRIC . policy-based routingD . CEFView AnswerAnswer: B Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/12­4t/sec-vpnavailability-12-4t-book/sec-rev-rte-inject.html

December 8, 2019 No Comments READ MORE +

Which result of running the command is true?

Refer to the exhibit. Which result of running the command is true?A . authenticates the IKEv2 peers in the 172.16.0.0/16 range by using the cisco123 keyB . secures all the certificates in the IKE exchange by using the cisco123 keyC . authenticates the IKEv1 peers in the 172.16.0.0/16 range by...

December 8, 2019 No Comments READ MORE +

What are two features of Cisco GET VPN? (Choose two.)

What are two features of Cisco GET VPN? (Choose two.)A . allows for optimal routingB . uses public InternetC . provides encryption for MP_SD . provides point-to-point IPsec SAE . uses MGREView AnswerAnswer: A,C

December 7, 2019 No Comments READ MORE +

What is a functional difference between IKEv1 and IKEv2 on a router?

What is a functional difference between IKEv1 and IKEv2 on a router?A . HSRPB . RRIC . DPDD . Stateful FailoverView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ikevpn/configuration/15-1mt/ Configuring_Internet_Key_Exchange_Version_2.html

December 7, 2019 No Comments READ MORE +

Why must a network engineer avoid usage of the default X509 certificate when implementing clientless SSLVPN on an ASA?

Why must a network engineer avoid usage of the default X509 certificate when implementing clientless SSLVPN on an ASA? A. The certificate is too weak to provide adequate security. B. The certificate is regenerated at each reboot. C. The certificate must be managed by the local CA. D. The default...

December 7, 2019 No Comments READ MORE +

Which encryption algorithm does Cisco recommend that you avoid?

Which encryption algorithm does Cisco recommend that you avoid?A . HMAC-SHA1B . AES-CBCC . DESD . HMAC-MD5View AnswerAnswer: C

December 6, 2019 No Comments READ MORE +

Which VPN technology preserves IP headers and prevents overlay routing?

Which VPN technology preserves IP headers and prevents overlay routing?A . site-to-site VPNB . GET VPNC . Cisco Easy VPND . DMVPNView AnswerAnswer: B

December 6, 2019 No Comments READ MORE +

Which model is needed to support an active/active solution?

A customer requires site-to-site VPNs to connect third-party business partners and has purchased two ASAs. The customer requests an active/active configuration. Which model is needed to support an active/active solution?A . NAT contextB . single contextC . multiple contextD . PAT context.View AnswerAnswer: C

December 6, 2019 No Comments READ MORE +