Q91. You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?
A. Configure start before logon in the client profile.
B. Configure a group policy to prompt the user to download the updated module.
C. Define the modules for download in the client profile.
D. Define the modules for download in the group policy.
Answer: A
Q92. Which cryptographic algorithms are a part of the Cisco NGE suite?
A. HIPPA DES
B. AES-CBC-128
C. RC4-128
D. AES-GCM-256
Answer: D
Explanation: Reference:
https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf
Q93. CORRECT TEXT
Answer: Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end
Q94. Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?
A. An access-list must be configured on the outside interface to permit inbound VPN traffic
B. A route to 192.168.22.0/24 will not be automatically installed in the routing table
C. The ASA will use a window of 128 packets (64x2) to perform the anti-replay check _
D. The tunnel can also be established on TCP port 10000
Answer: C
Explanation:
Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.
Q95. Which command identifies an AnyConnect profile that was uploaded to the router flash?
A. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml
B. svc import profile SSL_profile flash:simos-profile.xml
C. anyconnect profile SSL_profile flash:simos-profile.xml
D. webvpn import profile SSL_profile flash:simos-profile.xml
Answer: A
Q96. Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to-Site VPN Wizard?
A. the local interface named "VPN_access"
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0
Answer: B
Q97. When you configure IPsec VPN High Availability Enhancements, which technology does Cisco recommend that you enable to make reconvergence faster?
A. EOT
B. IP SLAs
C. periodic IKE keepalives
D. VPN fast detection
Answer: C
Q98. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?
A. ftp://<hostname>/capture/<capture_name>/
B. https://<asdm_enabled _interface:port>/<capture_name>/
C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap
D. https://<hostname>/<capture_name>/pcap
Answer: C
Q99. Which algorithm provides both encryption and authentication for data plane communication?
A. SHA-96
B. SHA-384
C. 3DES
D. AES-256
E. AES-GCM
F. RC4
Answer: E
Q100. Which technology does a multipoint GRE interface require to resolve endpoints?
A. ESP
B. dynamic routing
C. NHRP
D. CEF
E. IPSec
Answer: C