Q111. Refer to the exhibit. 

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem? 


B. crypto policy 

C. peer identity 

D. transform set 


Q112. If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic? 


B. 3DES 


D. AES192 

E. AES256 



Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer. 

Q113. What is the default topology type for a GET VPN? 

A. point-to-point 

B. hub-and-spoke 

C. full mesh 

D. on-demand spoke-to-spoke 


Q114. A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? 

A. AES-128 

B. RSA Certificates 


D. 3DES 

E. Diffie-Helman Key Generation 


Q115. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 


Q116. Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface? 

A. ip unnumbered interface 

B. eigrp router-id 

C. passive-interface interface name 

D. ip split-horizon eigrp as number 


Q117. A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud? 

A. Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link. 

B. Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed. 

C. Configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface. 

D. Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface. 


Q118. Which three parameters are specified in the isakmp (IKEv1) policy? (Choose three.) 

A. the hashing algorithm 

B. the authentication method 

C. the lifetime 

D. the session key 

E. the transform-set 

F. the peer 

Answer: A,B,C 

Q119. Which technology does a multipoint GRE interface require to resolve endpoints? 


B. dynamic routing 



E. IPSec 


Q120. Which two features are required when configuring a DMVPN network? (Choose two.) 

A. Dynamic routing protocol 

B. GRE tunnel interface 

C. Next Hop Resolution Protocol 

D. Dynamic crypto map 

E. IPsec encryption 

Answer: B,C