Which two protocols can be used for IPSec VTI encapsulation? (Choose two)
What would cause the req-failed field to be a number greater than zero on a spoke? (Choose two)
What should you consider when defining an IP address pool? (Choose two)
What should you consider when configuring split tunneling in a Group Policy? (Choose two)
You want to display NHRP next-hop server information. Which command should you use?
Which statements best describe dynamic point-to-point VTI tunnels? (Choose two)
You are configuring Cisco SSL VPN plugins. Once you have imported the plugins to the Cisco Adaptive Security Appliance. What further actions can you take? (Choose two)
How can Cisco ASA assign IP addresses in an SSL VPN full tunnel solution? (Choose three)
Which attribute is used to push WebVPN ACEs to clientless SSL VPN sessions?
What are the benefits of the clientless remote access SSL VPN architecture? (Choose two)
Which statements regarding the verification of DMVPN full-mesh routing and IKE peering are true? (Choose two)
What steps are required to configure transmission protection? (Choose three)
What is the purpose of a connection profile? (Choose two)
Identify the multiple client-side authentication options in clientless SSL VPN. (Choose three)
Which statement regarding the FLEX VPN IKEv2 Smart Defaults feature is true?
Which statements best describe the NHRP client-server protocol? (Choose two)
The Cisco ASA uses a hierarchical policy inheritance model. Which user policies would have the highest priority using this model?
What are the three fields in an X.509v3 certificate? (Choose three)
You are testing an application plugin for a clientless SSL VPN session; however, it will not start. What should be done?
Which two VPN types are preferred for larger environments that are partially meshed? (Choose two)
A tunnel is not forming between two spokes. Which of the following should you verify? (Choose two)
Review the output. Which type of VPN technology is being verified?
When verifying and troubleshooting Cisco AnyConnect IPSec VPN, which tab of the AnyConnect Secure Mobility Client window allows you to confirm that the client has used IPSec/IKEv2 to connect by viewing the transport information?
When configuring router-to-ASA FlexVPN, what match statement rules should you keep in mind? (Choose two)
Which secure posture module component is a package that installs on the remote device after the user connects to the Cisco Adaptive Security Appliance and before the user logs in?
What statements accurately describe the similarities and differences between IKEv1 and IKEv2? (Choose two)
You need to implement a PKI solution to protect compromised keys by verifying certificates against a revocation database in real-time. The solution needs to be integrated with common PKI revocation mechanisms. What should be implemented?
You need to implement NGE. Which options would be viable? (Choose three)
What are the three VPN connection technologies? (Choose three)
Before deploying a basic site-to-site VPN, what information should you have? (Choose three)
Which information can be obtained using the ASDM when monitoring a Cisco AnyConnect VPN on a server? (Choose three)
A connection is not forming between the spoke and the hub. Enter the command that you would use to verify SA states on hub and spoke. (Choose two)
What are the characteristics of split tunneling on Cisco AnyConnect SSL VPN clients? (Choose two)
Refer to the output. Which statements regarding the output are true? (Choose two)
Which FlexVPN configuration block specifies an acceptable combination of security protocols and algorithms for the IPSec SA?
How is external authorization in AnyConnect SSL VPNs monitored? (Choose two)
Which site-to-site technology combines IKE/IKEv2, AH, and ESP into a security framework?
What is the purpose of FlexVPN? (Choose two)
You have configured Cisco ASA to allow users to choose a connection profile when connecting to the full-tunnel IKEv2 VPN. What will occur if the user does not select a connection profile?
Which statements best describe FlexVPN? (Choose two)
Which command would be used to verify the number of encrypted and decrypted packets?
Which Cisco ASA-supported application plugin supports the Citrix servers?
What information should you consider when monitoring AnyConnect SSL VPNs on the client? (Choose two)
Refer to the output. To what is this message referring?
What is the first troubleshooting step that should be taken when there is a clientless SSL VPN session establishment issue?
Which two set of commands will correctly configure EIGRP on the hub in a full mesh DMVPN network? (Choose two)
Which steps are required to configure basic peer authentication for point-to-point tunnels on the Cisco ASA? (Choose three)
Which component encrypts and decrypts the traffic in a GET VPN deployment?
What should you keep in mind in a configuration scenario that uses the local CA function on the Cisco ASA CA user accounts? (Choose two)
You are configuring DMVPN on a spoke router. The configurations in the output given below have been made on the router.Which command or set of commands will complete the next step in the configuration on the spoke router?
Which of the three tools are used with a VPN to combat man-in-the-middle attacks? (Choose three)
Which statements regarding the use of parallel DTLS and TLS tunnels are true? (Choose two)
What should you consider when using a hub-and-spoke FlexVPN deployment model? (Choose two)
Which type of certificate is required for clientless SSL VPN connections to the Cisco ASA?
During which phase of the SSL/TLS session establishment and key management does data transfer begin?