Topic 2: Remote access VPNs
Refer to the exhibit.
What is configured as a result of this command set?
A.
FlexVPN client profile for IPv6
B.
FlexVPN server to authorize groups by using an IPv6 external AAA
C.
FlexVPN server for an IPv6 dVTI session
D.
FlexVPN server to authenticate IPv6 peers by using EAP
FlexVPN client profile for IPv6
Which two types of web resources or protocols are enabled by default on the Cisco ASA
Clientless SSL VPN portal? (Choose two.)
A.
HTTP
B.
ICA (Citrix)
C.
VNC
D.
RDP
E.
CIFS
RDP
CIFS
Which two features provide headend resiliency for Cisco AnyConnect clients? (Choose
two.)
A.
AnyConnect Auto Reconnect
B.
AnyConnect Network Access Manager
C.
AnyConnect Backup Servers
D.
ASA failover
E.
AnyConnect Always On
AnyConnect Backup Servers
ASA failover
Which command automatically initiates a smart tunnel when a user logs in to the WebVPN
portal page?
A.
auto-upgrade
B.
auto-connect
C.
auto-start
D.
auto-run
auto-start
Refer to the exhibit.
Based on the debug output, which type of mismatch is preventing the VPN from coming
up?
A.
interesting traffic
B.
lifetime
C.
preshared key
D.
PFS
lifetime
If the responder's policy does not allow it to accept any part of the proposed Traffic
Selectors, it responds with a TS_UNACCEPTABLE Notify message.
In a FlexVPN deployment, the spokes successfully connect to the hub, but spoke-to-spoke
tunnels do not form. Which troubleshooting step solves the issue?
A.
Verify the spoke configuration to check if the NHRP redirect is enabled.
B.
Verify that the spoke receives redirect messages and sends resolution requests.
C.
Verify the hub configuration to check if the NHRP shortcut is enabled.
D.
Verify that the tunnel interface is contained within a VRF.
Verify that the spoke receives redirect messages and sends resolution requests.
Refer to the exhibit.
Which type of mismatch is causing the problem with the IPsec VPN tunnel?
A.
crypto access list
B.
Phase 1 policy
C.
transform set
D.
preshared key
preshared key
Refer to the exhibit.
Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and
have established a successful SSL VPN connection to the hub ASA. Which command on
the ASA is missing?
A.
dns-server value 10.1.1.2
B.
same-security-traffic permit intra-interface
C.
same-security-traffic permit inter-interface
D.
dns-server value 10.1.1.3
same-security-traffic permit intra-interface
Refer to the exhibit.
What is a result of this configuration?
A.
Spoke 1 fails the authentication because the authentication methods are incorrect.
B.
Spoke 2 passes the authentication to the hub and successfully proceeds to phase 2.
C.
Spoke 2 fails the authentication because the remote authentication method is incorrect.
D.
Spoke 1 passes the authentication to the hub and successfully proceeds to phase 2.
Spoke 1 fails the authentication because the authentication methods are incorrect.
An engineer is troubleshooting a new DMVPN setup on a Cisco IOS router. After the show
crypto isakmp sa command is issued, a response is returned of "MM_NO_STATE." Why
does this failure occur?
A.
The ISAKMP policy priority values are invalid.
B.
ESP traffic is being dropped.
C.
The Phase 1 policy does not match on both devices.
D.
Tunnel protection is not applied to the DMVPN tunnel.
ESP traffic is being dropped.
Refer to the exhibit.
The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A.
preshared key
B.
peer identity
C.
transform set
D.
ikev2 proposal
peer identity
Which command is used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity
failure?
show crypto ikev2 sa
A.
show crypto ikev2 sa
B.
show crypto isakmp sa
C.
show crypto gkm
D.
show crypto identity
show crypto ikev2 sa
| Page 3 out of 9 Pages |
| Previous |