Scenario:
You are the senior network security administrator for your organization. Recently and junior
engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA
and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured
according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify
the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:
What is being used as the authentication method on the branch ISR?
A.
Certifcates
B.
Pre-shared keys
C.
RSA public keys
D.
Diffie-Hellman Group 2
Explanation:
The show crypto isakmp key command shows the preshared key of “cisco”
QUESTION
Which option describes the purpose of the command show derived-config interface virtual-access 1?
A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.
Answer: A
QUESTION
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)
A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0
Answer: AB
QUESTION
Which functionality is provided by L2TPv3 over FlexVPN?
A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN
Answer: A
QUESTION
When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?
A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.
Answer: D
Answer: C
QUESTION
If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?
A. Determine whether the Cisco ASA can resolve the DNS names.
B. Determine whether the Cisco ASA has DNS forwarders set up.
C. Determine whether an ACL is present to permit DNS forwarding.
D. Replace the DNS name with an IP address.
Answer: A
QUESTION
Which command clears all Cisco AnyConnect VPN sessions?
A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. vpn-sessiondb logoff l2l
D. clear crypto isakmp sa
Answer: A
Full Version: https://drive.google.com/drive/folders/0B75b5xYLjSSNRkY3M21SbTdTNDg?usp=sharing
0
0