Q1. Scenario
Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.
Note: Not all screens or option selections are active for this exercise.
Topology
Default_Home
What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.)
A. No action will be taken, they will keep their original assigned addresses
B. The source address will use the outside-nat-pool
C. The source NAT type will be a static translation
D. The source NAT type will be a dynamic translation
E. DNS will be translated on rule matches
Answer: A,C
Explanation:
First, navigate to the Configuration ->NAT Rules tab to see this:
Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following:
Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated.
Q2. Which protocol supports high availability in a Cisco IOS SSL VPN environment?
A. HSRP
B. VRRP
C. GLBP
D. IRDP
Answer: A
Q3. Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?
A. clear configure crypto
B. clear configure crypto ipsec
C. clear crypto map
D. clear crypto ikev2 sa
Answer: A
Q4. Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?
A. customization value dart
B. file-browsing enable
C. smart-tunnel enable dart
D. anyconnect module value dart
Answer: D
Q5. Refer to the exhibit.
Which exchange does this debug output represent?
A. IKE Phase 1
B. IKE Phase 2
C. symmetric key exchange
D. certificate exchange
Answer: A
Q6. Refer to the exhibit.
Which technology does this configuration demonstrate?
A. AnyConnect SSL over IPv4+IPv6
B. AnyConnect FlexVPN over IPv4+IPv6
C. AnyConnect FlexVPN IPv6 over IPv4
D. AnyConnect SSL IPv6 over IPv4
Answer: A
Q7. A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic?
A. AES-128
B. RSA Certificates
C. SHA2-HMAC
D. 3DES
E. Diffie-Helman Key Generation
Answer: C
Q8. Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine?
A. Verify the trusted zone and cookies settings in your browser.
B. Make sure that you specified the URL correctly.
C. Try the URL from another operating system.
D. Move to the IPsec client.
Answer: A
Q9. Which.DAP endpoint attribute checks for the matching MAC address of a client machine?
A. device
B. process
C. antispyware
D. BIA
Answer: A
Q10. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)
A. key encryption key
B. group encryption key
C. user encryption key
D. traffic encryption key
Answer: A,D