Refer to the exhibit.
Cisco AnyConnect must be set up on a router to allow users to access internal servers 192.168.0.10 and 192.168.0.11. All other traffic should go out of the client's local NIC. Which command accomplishes this configuration?
A. svc split include 192.168.0.0 255.255.255.0
B. svc split exclude 192.168.0.0 255.255.255.0
C. svc split include acl CCNP
D. svc split exclude acl CCNP
Refer to the exhibit.
An engineer is diagnosing an issue that occurred after a router at a branch site was assigned a new address. Based on the debugs, what must be done to resolve this issue?
A. Add the remote peer's IP address to the server's IKEv2 keyring.
B. Ensure that the correct preshared keys are set on both sides.
C. Ensure that the UDP 500 packets between devices are not dropped.
D. Add the remote peer's identity to the server's IKEv2 profile.
What is a characteristic of GETVPN?
A. An ACL that defines interesting traffic must be configured and applied to the crypto map.
B. Quick mode is used to create an IPsec SA.
C. The remote peer for the IPsec session is configured as part of the crypto map.
D. All peers have one IPsec SPI for inbound and outbound communication.
Which VPN technology minimizes the impact on VPN performance when encrypting multicast traffic on a Private WAN?
A. DMVPN
B. IPsec VPN
C. FlexVPN
D. GETVPN
Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?
A. Import the CA that signed the certificate into the machine trusted root CA store.
B. Reissue the certificate with asa.lab in the subject alternative name field.
C. Import the CA that signed the certificate into the user trusted root CA store.
D. Reissue the certificate with 192.168.10.10 in the subject common name field.
Refer to the exhibit.
Which type of VPN is used?
A. GETVPN
B. clientless SSL VPN
C. Cisco Easy VPN
D. Cisco AnyConnect SSL VPN
After a user configures a connection profile with a bookmark list and tests the clientless SSLVPN connection, all of the bookmarks are grayed out. What must be done to correct this behavior?
A. Apply the bookmark to the correct group policy.
B. Specify the correct port for the web server under the bookmark.
C. Configure a DNS server on the Cisco ASA and verify it has a record for the web server.
D. Verify HTTP/HTTPS connectivity between the Cisco ASA and the web server.
An administrator is designing a VPN with a partner's non-Cisco VPN solution. The partner's VPN device will negotiate an IKEv2 tunnel that will only encrypt subnets 192.168.0.0/24 going to 10.0.0.0/24. Which technology must be used to meet these requirements?
A. VTI
B. crypto map
C. GETVPN
D. DMVPN
Which VPN technology must be used to ensure that routers are able to dynamically form connections with each other rather than sending traffic through a hub and be able to advertise routes without the use of a dynamic routing protocol?
A. FlexVPN
B. DMVPN Phase 3
C. DMVPN Phase 2
D. GETVPN
An engineer is implementing a failover solution for a FlexVPN client site where ESP traffic to the primary FlexVPN server is blocked intermittently after tunnel establishment. This issue causes users at the branch site to lose access to the corporate network. The solution must quickly establish a tunnel and send traffic to the secondary FlexVPN server only during a failover event. Which action must the engineer take to implement this solution?
A. Create one tunnel with peer statements to each server and use Dead Peer Detection to track the status or the primary server.
B. Create two tunnels for each FlexVPN server and use the tunnel keepalive command to track the status of each FlexVPN server.
C. Create one tunnel with peer statements to each server and use object tracking to track the status of the primary server.
D. Create two tunnels for each FlexVPN server and use a dynamic routing protocol to track the status or each FlexVPN server.
