- All Exams Instant Download
Which redundancy protocol must be implemented for IPsec stateless failover to work?
Which redundancy protocol must be implemented for IPsec stateless failover to work?A . SSO B. GLBP C. HSRP D. VRRPView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/17826-ipsec-feat.html
Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?
Refer to the exhibit. Which value must be configured in the User Group field when the Cisco AnyConnect Profile is created to connect to an ASA headend with IPsec as the primary protocol?A . address-pool B. group-alias C. group-policy D. tunnel-groupView AnswerAnswer: D Explanation: The user group is used in...
Which command accomplishes this configuration?
Refer to the exhibit. Cisco AnyConnect must be set up on a router to allow users to access internal servers 192.168.0.10 and 192.168.0.11. All other traffic should go out of the client's local NIC. Which command accomplishes this configuration?A . svc split include 192.168.0.0 255.255.255.0 B. svc split exclude 192.168.0.0...
Which IKEv2 packet will contain details of the exchange?
A second set of traffic selectors is negotiated between two peers using IKEv2. Which IKEv2 packet will contain details of the exchange?A . IKEv2 IKE_SA_INIT B. IKEv2 INFORMATIONAL C. IKEv2 CREATE_CHILD_SA D. IKEv2 IKE_AUTHView AnswerAnswer: C Explanation: The IKEv2 CREATE_CHILD_SA packet is used to establish a new security association (SA)...
Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all comments are used
DRAG DROP Drag and drop the correct commands from the night onto the blanks within the code on the left to implement a design that allow for dynamic spoke-to-spoke communication. Not all comments are used. View AnswerAnswer:
Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit?
Refer to the exhibit. Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)A . crypto map B. DMVPN C. GRE D. FlexVPN E. VTIView AnswerAnswer: B,E
Which configuration construct must be used in a FlexVPN tunnel?
Which configuration construct must be used in a FlexVPN tunnel?A . EAP configuration B. multipoint GRE tunnel interface C. IKEv1 policy D. IKEv2 profileView AnswerAnswer: D
Which spoke configuration mitigates tunnel drops?
Topic 1, Site-to-site Virtual Private Networks on Routers and Firewall Refer to the exhibit. The DMVPN tunnel is dropping randomly and no tunnel protection is configured. Which spoke configuration mitigates tunnel drops? A) B) C) D) A . Option A B. Option B C. Option C D. Option DView AnswerAnswer:...
Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit?
Refer to the exhibit. Which two commands under the tunnel-group webvpn-attributes result in a Cisco AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)A . group-url https://172.16.31.10/General enable B. group-policy General internal C. authentication aaa D. authentication certificate E. group-alias General enableView AnswerAnswer: C,E Explanation: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
Which method dynamically installs the network routes for remote tunnel endpoints?
Which method dynamically installs the network routes for remote tunnel endpoints?A . policy-based routing B. CEF C. reverse route injection D. route filteringView AnswerAnswer: C Explanation: Reverse route injection (RRI) is a method that dynamically installs the network routes for remote tunnel endpoints. The RRI feature allows the router to...
