Q67. Under which section must a bookmark or URL list be configured on a Cisco ASA to be available for clientless SSLVPN users?

Q68.

Refer to the exhibit. Based on the debug output, which type of mismatch is preventing the VPN from coming up?

Q69.

Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch is the problem?

Q70. An administrator must guarantee that remote access users are able to reach printers on their local LAN after a VPN session is established to the headquarters. All other traffic should be sent over the tunnel. Which split-tunnel policy reduces the configuration on the ASA headend?

Q71. Refer to the exhibit.

Based on the debug output, which type of mismatch is preventing the VPN from coming up?

Q72. A network engineer must implement an SSLVPN Cisco AnyConnect solution that supports 500 concurrent users, ensures all traffic from the client passes through the ASA, and allows users to access all devices on the inside interface subnet (192.168.0.0/24). Assuming all other configuration is set up appropriately, which configuration implements this solution?

Q73. Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group of users and SSL for another group. When the administrator configures a new AnyConnect release on the Cisco ASA, the IKEv2 users cannot download it automatically when they connect. What might be the problem?

Q74. What are two advantages of using GETVPN to traverse over the network between corporate offices? (Choose two.)

Q75. Refer to the exhibit.

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action brings up the VPN tunnel?

Q76.

Refer to the exhibit. An SSL client is connecting to an ASA headend. The session fails with the message
“Connection attempt has timed out. Please verify Internet connectivity.” Based on how the packet is processed, which phase is causing the failure?

Q77. An engineer would like Cisco AnyConnect users to be able to reach servers within the 10.10.0.0/16 subnet while all other traffic is sent out to the Internet. Which IPsec configuration accomplishes this task?

Q78. Refer to the exhibit.

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

Q79. Which redundancy protocol must be implemented for IPsec stateless failover to work?

Q80. Refer to the exhibit.

The VPN tunnel between the FlexVPN spoke and FlexVPN hub 192.168.0.12 is failing. What should be done to correct this issue?

Q81. Which technology and VPN component allows a VPN headend to dynamically learn post NAT IP addresses of remote routers at different sites?

Q82. Which two components are required in a Cisco IOS GETVPN key server configuration? (Choose two.)

Q83. Refer to the exhibit.

Based on the exhibit, why are users unable to access CCNP Webserver bookmark?

Q84. Refer to the exhibit.

Which two tunnel types produce the show crypto ipsec sa output seen in the exhibit? (Choose two.)

Q85. A network engineer must design a clientless VPN solution for a company. VPN users must be able to access several internal web servers. When reachability to those web servers was tested, it was found that one website is not being rewritten correctly by the ASA.
What is a potential solution for this issue while still allowing it to be a clientless VPN setup?

Q86. Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an IOS router?

Q87. Refer to the exhibit.

An IKEv2 site-to-site tunnel between an ASA and a remote peer is not building successfully. What will fix the problem based on the debug output?

Q88. While troubleshooting, an engineer finds that the show crypto isakmp sa command indicates that the last state of the tunnel is MM_KEY_EXCH. What is the next step that should be taken to resolve this issue?