Question: 1
A customer has two ASAs configured in high availability and is experiencing connection drops that
require re-establishment each time failover occurs.
Which type of failover has been implemented?
A. Stateless
B. routed
C. trans parent
D. stateful
Answer: D
Question: 2
In a new DMVPN deployment, phase 1 completes successfully. However, phase2 experiences issues.
Which troubleshooting step is valid in this situation?
A. Temporarily remove encryption to check if the GRE tunnel is working.
B. Verify IP routing between the external IPs of the two peers is correct.
C. Remove NHRP configuration and reset the tunnels.
D. Ensure that the nodes use the same authentication method.
Answer: A
Question: 3
An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales
departments are configured as separate group-policies. Which option must be added to the
configuration to make sure the users in the sales department cannot access the finance department
server?
A. Web type ACL
B. Port forwarding
C. Tunnel group lock
D. VPN filter ACL
Answer: C
Question: 4
An engineer is defining ECC variables and has set the input_mode set to B. Which statement is true?
A. DTMF voice is accepted
B. Get Digits are written to the CED
C. Mixed mode input is not accepted
D. An ASR is not being used
Answer: A
Question: 5
An engineer wants to ensure that Diffie-Helman keys are re-generated upon a pahse-2 rekey. What
option can be configured to allow this?
A. Aggressive mode
B. Dead-peer detection
C. Main mode
D. Perfect-forward secrecy
Answer: D
Question: 6
Which two options are features of Cisco GET VPN? (Choose two.)
A. Allows for optimal routing
B. provides point to point IPsec SA
C. Provides encryption for MPLS
D. uses public Internet
E. uses MORE
Answer: AC
Question: 7
A customer requests a VPN solution to support multicast traffic and connectivity with non-Cisco devices. What VPN solution would meet the customer requirements?
A. GET VPN
B. EZ VPN
C. Flex VPN
D. L2L VPN
Answer: C
Question: 8
Which two option, are benefits of AES compared to 3DES? (Choose two.)
A. switches encryption keys every 32 GB of data transfer
B. faster encryption
C. shorter encryption keys
D. longer encryption block length
E. repeating encryption keys
Answer: BD
Question: 9
A client has asked an engineer to assist in installing and upgrading to the latest version of Cisco Any
Connect Secure and upgrading to the latest version of Cisco Any Connect Secure Mobility Client. Which type of deployment method requires the updated version of the client to be loaded only on the headend device such as an ASA or ISE device?
A. Web-deploy
B. Cloud-deploy
C. Cloud-update
D. Web-update
Answer: A
Question: 10
A customer requires site-to-site VPNs to connect to third party business partners and has purchased two ASAs. The customer requests an active/active configuration.
Which mode is needed to support and active/active solution?
A. single context
B. NAT context
C. PAT context
D. multiple context
Answer: D
