Q1. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp
Answer: C
Q2. As network consultant, you are asked.to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend?
A. DMVPN
B. FlexVPN
C. GET VPN
D. SSL VPN
Answer: B
Q3. Which feature do you include in a highly available system to account for potential site failures?
A. geographical separation of redundant devices
B. hot/standby failover pairs
C. Cisco ACE load-balancing with VIP
D. dual power supplies
Answer: A
Q4. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?
A. TLS
B. DTLS
C. IKEv2
D. ISAKMP
Answer: D
Q5. Refer to the exhibit.
Which two characteristics of the VPN implementation are evident? (Choose two.)
A. dual DMVPN cloud setup with dual hub
B. DMVPN Phase 3 implementation
C. single DMVPN cloud setup with dual hub
D. DMVPN Phase 1 implementation
E. quad DMVPN cloud with quadra hub
F. DMVPN Phase 2 implementation
Answer: B,C
Q6. Refer to the exhibit.
You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?
A. HTTP proxy
B. AAA
C. policy
D. port forwarding
Answer: B
Q7. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?
A. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splitlist
B. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelall
split-tunnel-network-list value splitlist
C. group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
D. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect vpn-tunnel-network-list splitlist
E. crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
Answer: A
Q8. Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)
A. HTTP
B. VNC
C. CIFS
D. RDP
E. HTTPS
F. ICA (Citrix)
Answer: A,C,E
Q9. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: A,B,G
Q10. When you configure IPsec VPN High Availability Enhancements, which technology does Cisco recommend that you enable to make reconvergence faster?
A. EOT
B. IP SLAs
C. periodic IKE keepalives
D. VPN fast detection
Answer: C