Add NHRP shortcuts on the hub. Correct Answer: ADE. RC D. Select the syslogs to email, click Edit, and select the Forward Messages option. Select the syslogs to email, click Settings, and specify the Destination Email Address option. Correct Answer: A. Certain finance employees need remote access to the software during nonbusiness hours. Configure a smart tunnel for the application. Configure the plug-in that best fits the application. Explanation: A smart tunnel is a connection between a TCP-based application and a private site, using a clientless browser based SSL VPN session with the security appliance as the pathway, and the security appliance as a proxy server.
You can identify applications to which you want to grant smart tunnel access, and specify the local path to each application. For applications running on Microsoft Windows, you can also require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access. Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want to grant smart tunnel access. You can also list web-enabled applications for which to automate the submission of login credentials in smart tunnel connections over clientless SSL VPN sessions.
Why Smart Tunnels? The advantage of a plug-in is that it does not require the client application to be installed on the remote computer.
Smart Tunnel Requirements, Restrictions, and Limitations The following sections categorize the smart tunnel requirements and limitations. Smart tunnel uses the Internet Explorer configuration that is, the one intended for system-wide use in Windows.
If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy. For proxies that require authentication, smart tunnel supports only the basic digest authentication type. The security appliance also does this if a tunnel-all policy applies.
If the user starts another instance of the browser process, it passes all traffic through the VPN session. If the browser process is the same and the security appliance does not provide access to a URL, the user cannot open it. Reset user login credentials. Disable the HTTP server. Correct the URL address. NHRP B. MPLS C. GRE D. The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
The administrator is restricting access to this specific user. Correct Answer: E Explanation. IKEv2 proposal B. IKEv2 policy E. PKI certificate authority F. IKEv2 profile description H. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.
The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue? IKEv2 is blocked over the path. UserGroup must be different than the name of the connection profile. The primary protocol should be SSL. UserGroup must be the same as the name of the connection profile. Correct Answer: D Explanation. Which three components are part of the IKEv2 proposal for this implementation? Choos three. DH group C.
Configure a static pat rule for TCP port 2. Configure an inbound access-list to allow traffic from remote users to the servers 3. Assign this access-list rule to the group policy B. Enable Smart tunnel on this bookmark 3. Assign the bookmark to the desired group policy C. Configure a Smart Tunnel application list 2. Add the rdp. Assign the Smart Tunnel application list to the desired group policy D. Assign the bookmark list to the desired group policy Correct Answer: D Explanation.
Choose four. SHA B. SHA C. AES E. Refer to the exhibit. An engineer encounters a debug message. Which action can the engineer take to eliminate this error message? Use stronger encryption suite.
Correct the VPN peer address. Make adjustment to IPSec replay window. Change the preshared key to match. As the Cisco ASA administrator, how would you accomplish this task? Define a special identity certificate with multiple groups, which are defined in the certificate OU field, that will grant the certificate holder access to the named groups on the login page. Under Group Policies, define a default group that encompasses the required individual groups that will appear on the login page.
Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that will appear on the login page. Login Page Customization—Configures the look and feel of the user login page by specifying which preconfigured customization attributes to apply.
The default is DfltCustomization. The widely respected IT certification programs available through Cisco Career Certifications bring valuable, measurable rewards to networking professionals, to their managers, and to the organizations that employ them.
Choose a career path below that meets your goals for professional and financial rewards. Passitdump for CCNP Security exam covers the following knowledge areas but their specifications and consistency vary with time:.
Like actual certification exams our dump is in multiple-choice questions MCQs. After purchasing our products you are just a step away from testing for certification. Still not convinced? Try our free samples or choose to buy your Practice Exam now! Choose three. It provides highly scalable point-to-point topologies. It allows replication of packets after encryption. It preserves original source and destination IP address information.
It simplifies encryption management through use of group keying.
0コメント