Which Cisco IOS FlexVPN benefit provides three different models to implement it?
Which options best describe site-to-site VPN? (Choose two)
How do both Cisco ASA and Cisco IOS routers facilitate resource and application access? (Choose two)
A DMVPN cloud topology can support either a hub-and-spoke or a spoke-to-spoke deployment model. What are characteristics of the hub-and-spoke model? (Choose two)
What improvements does IKEv2 provide to IKEv1? (Choose three)
When configuring a DMVPN spoke, which tasks follow configuring an NHRP client in the mGRE interface? (Choose two)
You want to display NHRP next-hop server information. Which command should you use?
Which steps are required to configure basic peer authentication for point-to-point tunnels on the Cisco ASA? (Choose three)
In a basic IKEv2 message exchange, with only the minimal four messages, which messages represent the IKE_SA_INIT phase and exchange IKEv2 proposals and key material information? (Choose two)
What are the three VPN connection technologies? (Choose three)
Before deploying a basic site-to-site VPN, what information should you have? (Choose three)
How does the Cisco ASA enables a user to choose connection profiles? (Choose two)
What is the purpose of FlexVPN? (Choose two)
Which statement best describes the purpose of Cisco IPSec VTI?
When configuring router-to-ASA FlexVPN, what match statement rules should you keep in mind? (Choose two)
Which FlexVPN configuration block specifies an acceptable combination of security protocols and algorithms for the IPSec SA?
Which of the three tools are used with a VPN to combat man-in-the-middle attacks? (Choose three)
When an SSL client is authenticated, in addition to the server, which additional exchanges are required? (Choose two)
What steps are required to configure transmission protection? (Choose three)
What actions are possible with the default Group Policy provided by the Cisco ASA? (Choose two)
Which algorithms are considered next-generation encryption mechanisms? (Choose three)
What should you consider when using a hub-and-spoke FlexVPN deployment model? (Choose two)
How are clientless password-based users handled in SSL VPN authentication? (Choose two)
The Cisco ASA uses a hierarchical policy inheritance model. Which user policies would have the highest priority using this model?
During which phase of the SSL/TLS session establishment and key management does data transfer begin?
What are the benefits of the clientless remote access SSL VPN architecture? (Choose two)
Which Cisco ASA-supported application plugin supports the Citrix servers?
Which statements best describe the handshake phase of SSL connections? (Choose two)
What are the five fundamental components of security that cryptography provides for VPNs? (Choose five)
Which command is used to verify that the ECDSA keys have been successfully generated?
What does SSL/TLS provide? (Choose two)
Which statements best describe the NHRP client-server protocol? (Choose two)
What is the role of the responder in IKEv2 DoS prevention? (Choose two)
What are the descriptions that can be applied to a digital signature? (Choose two)
What is involved when configuring basic IKE peering using PSKs? (Choose two)
What are the three main modules, from a design standpoint, where you would use VPN technologies? (Choose three)
What statements accurately describe the similarities and differences between IKEv1 and IKEv2? (Choose two)
What are the characteristics of symmetric algorithms? (Choose three)
Which tasks are the client generally responsible for in the SSL server authentication? (Choose three)
What limitations should you consider when using GRE tunneling? (Choose two)
How do nonrepudiation methods provide cryptographic proof of a transaction? (Choose three)
Which three pieces of information are required for the client side of a challenge/response authentication using HMAC? (Choose three)
Which of the protocols transmit data in plaintext and are susceptible to man-in-the-middle attacks? (Choose three)
Which two protocols are used for full client and clientless connections by Cisco VPNs? (Choose two)
Which statements best describe FlexVPN? (Choose two)
What is ESP encapsulation designed to provide? (Choose four)
Which statements best describe dynamic point-to-point VTI tunnels? (Choose two)
Which statements best describe shortcut switching? (Choose two)
Which functions applied to cryptographic keys deal with Key Management? (Choose five)
What is the first required step in configuring a DMVPN spoke?
The Cisco ASA requires a server identity certificate, which the appliance sends to remote SSL VPN clients in order for remote clients to authenticate the Cisco ASA. By default, the security appliance will create a self-signed X.509 certificate on each reboot, resulting in many client warnings when attempting SSL VPN access, as the certificate cannot be verified by any means. How can you address this issue? (Choose two)
What are the three fields in an X.509v3 certificate? (Choose three)
Which commands can be used to restore the original IKEv2 Smart Defaults values? (Choose two)
What should you keep in mind when verifying the SSL VPN portal configuration and training users on how to use it? (Choose two)
When a clientless SSL VPN user successfully authenticates to the Cisco Adaptive Security Appliance, the user is presented with a web portal where they can access protected resources behind the Cisco ASA. What types of applications can a user access by default? (Choose two)