QUESTION 41Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? A.    group 10B.    group 24C.    group 5D.    group 20 Answer: D QUESTION 42What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes? A.    1160 bytesB.    1260 bytesC.    1360 bytesD.    1240 bytes Answer: C QUESTION 43Which technology does a multipoint GRE interface require to resolve endpoints? A.    ESPB.    dynamic routingC.    NHRPD.    CEFE.    IPSec Answer: C QUESTION 44Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.) A.    SHA (HMAC variant)B.    Diffie-HellmanC.    DESD.    MD5 (HMAC variant) Answer: AB QUESTION 45Which command configures IKEv2 symmetric identity authentication? A.    match identity remote address    authentication local pre-shareC.    authentication pre-shareD.    authentication remote rsa-sig Answer: D QUESTION 46Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) A.    aes-cbc-192, sha256, 14B.    3des, md5, 5C.    3des, sha1, 1D.    aes-cbc-128, sha, 5 Answer: BD QUESTION 47What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? A.    disk0:/webvpn/{context name}/B.    disk1:/webvpn/{context name}/C.    flash:/webvpn/{context name}/D.    nvram:/webvpn/{context name}/ Answer: C QUESTION 48Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN? A.    vpn-filter noneB.    no vpn-filterC.    filter value noneD.    filter value ACLname Answer: C QUESTION 49Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN? A.    csd hostscan path imageB.    csd hostscan image pathC.    csd hostscan pathD.    hostscan image path Answer: B QUESTION 50Hotspot QuestionsWhen a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange? A.    1B.    2C.    5D.    14E.    19 Answer: CExplanation:Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.