Question No.91

Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

  1. Verify that the primary protocol on the client machine is set to IPsec.

  2. Verify that AnyConnect is enabled on the correct interface.

  3. Verify that the IKEv2 protocol is enabled on the group policy.

  4. Verify that ASDM and AnyConnect are not using the same port.

  5. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.

Correct Answer: AC

Question No.92

Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and a Cisco IOS router at a remote office?

  1. vpnsetup site-to-site steps

  2. show running-config crypto

  3. show vpn-sessiondb l2l

  4. vpnsetup ssl-remote-access steps

Correct Answer: A

Question No.93

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

  1. ACL

  2. IP routing

  3. RRI

  4. front door VPN routing and forwarding

Correct Answer: B

Question No.94

Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

  1. one IPsec SA for all encrypted traffic

  2. no requirement for an overlay routing protocol

  3. design for use over public or private WAN

  4. sequence numbers that enable scalable replay checking

  5. enabled use of ESP or AH

  6. preservation of IP protocol in outer header

Correct Answer: AB

Question No.95

Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only. Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?


  1. no inverse arp

  2. neighbor (ip address)

  3. no ip split-horizon egrp 1

  4. redistribute static

Correct Answer: C

Question No.96

Refer to the exhibit. A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?


  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. DefaultWEBVPNGroup Group Policy

  4. DefaultRAGroup Group Policy

  5. quot;engineer1quot; AAA/Local Users

Correct Answer: A



The policy group is a container that defines the presentation of the portal and the permissions for resources that are configured for a group of remote users. Entering the policy group command places the router in webvpn group policy configuration mode. After it is configured, the group policy is attached to the SSL VPN context configuration by configuring the default-group-policy command.

The following tasks are accomplished in this configuration: The presentation of the SSL VPN portal page is configured. A NetBIOS server list is referenced.

A port-forwarding list is referenced.

The idle and session timers are configured. A URL list is referenced.

Question No.97

Refer to the exhibit. Which VPN solution does this configuration represent?


  1. DMVPN


  3. FlexVPN

  4. site-to-site

Correct Answer: C

Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)

  1. key encryption key

  2. group encryption key

  3. user encryption key

  4. traffic encryption key

Correct Answer: AD

Question No.98

Which type of communication in a FlexVPN implementation uses an NHRP shortcut?

  1. spoke to hub

  2. spoke to spoke

  3. hub to spoke

  4. hub to hub

Correct Answer: B

Question No.99

Refer to the exhibit. What is the problem with the IKEv2 site-to-site VPN tunnel?


  1. incorrect PSK

  2. crypto access list mismatch

  3. incorrect tunnel group

  4. crypto policy mismatch

  5. incorrect certificate

Correct Answer: D

Question No.100

In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require?

  1. Virtual tunnel interface

  2. Multipoint GRE interface

  3. Point-to-point GRE interface

  4. Loopback interface

Correct Answer: B

