Q1. Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?
A. enrollment profile
B. enrollment terminal
C. enrollment url
D. enrollment selfsigned
Answer: A
Q2. A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server?
A. HTTPS
B. NetBIOS
C. CIFS
D. HTTP
Answer: C
Q3. Which application does the Application Access feature of Clientless VPN support?
A. TFTP
B. VoIP
C. Telnet
D. active FTP
Answer: C
Q4. Refer to the exhibit.
Which VPN solution does this configuration represent?
A. DMVPN
B. GETVPN
C. FlexVPN
D. site-to-site
Answer: C
Q5. What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?
A. The hub sends back a resolution reply to the requesting spoke.
B. The hub updates its own NHRP mapping.
C. The hub forwards the request to the destination spoke.
D. The hub waits for the second spoke to send a request so that it can respond to both spokes.
Answer: C
Q6. An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?
A. Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
B. Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
C. Under the TNDPolicy XML section within the Local Preferences file on the client computer
D. Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA
Answer: C
Q7. Which Cisco ASDM option configures forwarding syslog messages to email?
A. Configuration > Device Management > Logging > E-Mail Setup
B. Configuration > Device Management > E-Mail Setup > Logging Enable
C. Select the syslogs to email, click Edit, and select the Forward Messages option.
D. Select the syslogs to email, click Settings, and specify the Destination Email Address option.
Answer: A
Q8. Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?
A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download
B. instructing users to use the corporate proxy server for all web browsing
C. disabling split tunneling
D. permitting local LAN access
Answer: C
Q9. Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?
A. vpn-filter none
B. no vpn-filter
C. filter value none
D. filter value ACLname
Answer: C
Reference:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/v.html#pgfId-1842564
Q10. Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)
A. authenticates group members
B. manages security policy
C. creates group keys
D. distributes policy/keys
E. encrypts endpoint traffic
F. receives policy/keys
G. defines group members
Answer: A,B,C,D