Refer to the exhibit.
Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)
A. crypto map
B. DMVPN
C. GRE
D. FlexVPN
E. VTI
Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?
A. tunnel-group (general-attributes)
B. tunnel-group (webvpn-attributes)
C. webvpn (group-policy)
D. webvpn (global configuration)
Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco AnyConnect client uses default settings?
A. *$SecureMobilityClient$*
B. *$AnyConnectClient$*
C. *$RemoteAccessVpnClient$*
D. *$DfltlkeldentityS*
Refer to the exhibit.
The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?
A. preshared key
B. peer identity
C. transform set
D. ikev2 proposal
Refer to the exhibit.
Client 1 cannot communicate with client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?
A. dns-server value 10.1.1.2
B. same-security-traffic permit intra-interface
C. same-security-traffic permit inter-interface
D. dns-server value 10.1.1.3
Which parameter must match on all routers in a DMVPN Phase 3 cloud?
A. GRE tunnel key
B. NHRP network ID
C. tunnel VRF
D. EIGRP split-horizon setting
Where is split tunneling defined for IKEv2 remote access clients on a Cisco router?
A. IKEv2 authorization policy
B. Group Policy
C. virtual template
D. webvpn context
A DMVPN spoke router tunnel is up and passing traffic, but it cannot establish an EIGRP neighbor relationship with the hub router. Which solution resolves this issue?
A. Enable EIGRP Split Horizon on the hub tunnel interface.
B. Remove the EIGRP stub configuration on the spoke tunnel interface.
C. Enable the EIGRP next hop self feature on the hub tunnel interface.
D. Configure the dynamic NHRP multicast map on the hub tunnel interface.
Refer to the exhibit.
Users cannot connect via AnyConnect SSLVPN. Which action resolves this issue?
A. Configure the ASA to act as a DHCP server.
B. Configure the HTTP server to listen on port 443.
C. Add an IPsec preshared key to the group policy.
D. Add ssl-client to the allowed list of VPN protocols.
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols should be used between the routers? (Choose two.)
A. IS-IS
B. BGP
C. RIPv2
D. OSPF
E. EIGRP
Refer to the exhibit.
Which component must be configured on routers for a GETVPN deployment work properly?
A. PE3: Key Server ?Customer 2 CEs: Group Members
B. Customer 1 CE1: Key Server ?R1 and Customer 1 CE2: Group Members
C. R1: Key Server ?Customer 1 CEs: Group Members
D. PE3: Key Server ?all CEs: Group Members
Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?
A. Import the CA that signed the certificate into the machine trusted root CA store.
B. Reissue the certificate with asa.lab in the subject alternative name field.
C. Import the CA that signed the certificate into the user trusted root CA store.
D. Reissue the certificate with 192.168.10.10 in the subject common name field.
Where must an engineer configure a preshared key for a site-to-site VPN tunnel configured on a Cisco ASA?
A. isakmp policy
B. group policy
C. crypto map
D. tunnel group
Refer to the exhibit.
Upon setting up a tunnel between two sites, users are complaining that connections to applications over the VPN are not working consistently. The output of show crypto ipsec sa was collected on one of the VPN devices. Based on this output, what should be done to fix this issue?
A. Lower the tunnel MTU.
B. Enable perfect forward secrecy.
C. Specify the application networks in the remote identity.
D. Make an adjustment to IPSec replay window.
When deploying a site-to-site VPN, what must be used to minimize IP fragmentation?
A. IKE version 1
B. ISAKMP over UDP 500
C. Dead Peer Detection
D. Path MTU Discovery