Refer to the exhibit.

Which two commands under the tunnel-group webvpn-attributes result in a Cisco
AnyConnect user receiving the AnyConnect prompt in the exhibit? (Choose two.)

A.

group-url https://172.16.31.10/General enable

B.

group-policy General internal

C.

authentication aaa

D.

authentication certificate

E.

group-alias General enable

Under which section must a bookmark or URL list be configured on a Cisco ASA to be
available for clientless SSLVPN users?

A.

tunnel-group (general-attributes)

B.

tunnel-group (webvpn-attributes)

C.

webvpn (group-policy)

D.

webvpn (global configuration)

Refer to the exhibit.

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Cisco AnyConnect Secure Mobility Client has been configured to use IKEv2 for one group
of users and SSL for another group. When the administrator configures a new AnyConnect
release on the Cisco ASA, the IKEv2 users cannot download it automatically when they
connect. What might be the problem?

A.

The XML profile is not configured correctly for the affected users.

B.

The new client image does not use the same major release as the current one.

C.

Client services are not enabled

D.

Client software updates are not supported with IKEv2.

Which command identifies a Cisco AnyConnect profile that was uploaded to the flash of an
IOS router?

A.

svc import profile SSL_profile flash:simos-profile.xml

B.

anyconnect profile SSL_profile flash:simos-profile.xml

C.

crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

D.

webvpn import profile SSL_profile flash:simos-profile.xml

Refer to the exhibit.

Based on the exhibit, why are users unable to access CCNP Webserver bookmark?

A.

The URL is being blocked by a WebACL.

B.

The ASA cannot resolve the URL.

C.

The bookmark has been disabled.

D.

The user cannot access the URL.

Which requirement is needed to use local authentication for Cisco AnyConnect Secure
Mobility Clients that connect to a FlexVPN server?

A.

use of certificates instead of username and password

B.

EAP-AnyConnect

C.

EAP query-identity

D.

AnyConnect profile

Which two statements about the Cisco ASA Clientless SSL VPN solution are true?
(Choose two.)

A.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP
resources through the URL bar, the client uses the local DNS to perform FQDN resolution

B.

The rewriter enable command under the global webvpn configuration enables the
rewriter functionality because that feature is disabled by default

C.

A Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect
client sessions.

D.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP
resources through the URL bar, the ASA uses its configured DNS servers to perform
FQDN resolution.

E.

Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Which IKE identity does an IOS/IOS-XE headend expect to receive if an IPsec Cisco
AnyConnect client uses default settings?

A.

*$SecureMobilityClient$*

B.

*$AnyConnectClient$*

C.

*$RemoteAccessVpnClient$*

D.

*$DfltlkeldentityS*

Refer to the exhibit.

Which VPN technology is allowed for users connecting to the Employee tunnel group?

A.

SSL AnyConnect

B.

IKEv2 AnyConnect

C.

crypto map

D.

clientless