Designing and Implementing Cloud Connectivity (ENCC) v1.0

Page:    1 / 6   
Exam contains 84 questions
Expand All

Refer to the exhibit.

Which Cisco IKEv2 configuration brings up the IPsec tunnel between the remote office router and the AWS virtual private gateway?

  • A.
  • B.
  • C.
  • D.


Answer : B

An engineer must configure an IPsec tunnel to the cloud VPN gateway. Which two actions send traffic into the tunnel? (Choose two.)

  • A. Configure access lists that match the interesting user traffic.
  • B. Configure a static route.
  • C. Configure a local policy in Cisco vManage.
  • D. Configure an IPsec profile and match the remote peer IP address.
  • E. Configure policy-based routing.


Answer : AB

Refer to the exhibits.


An engineer needs to configure a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router and Amazon Web Services (AWS). Which two IP prefixes should be used to configure the AWS routing options? (Choose two.)

  • A. 20.20.20.0/24
  • B. 50.50.50.0/30
  • C. 30.30.30.0/24
  • D. 40.40.40.0/24
  • E. 30.30.30.0/30


Answer : BC

Refer to the exhibit.

While troubleshooting an IPsec connection between a Cisco WAN edge router and an Amazon Web Services (AWS) endpoint, a network engineer observes that the security association status is active, but no traffic flows between the devices. What is the problem?

  • A. wrong ISAKMP policy
  • B. identity mismatch
  • C. wrong encryption
  • D. IKE version mismatch


Answer : B



Refer to the exhibit. An engineer must configure a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router and AWS. Which command completes the configuration?

  • A. tunnel source 30.30.30.29
  • B. tunnel source 20.20.20.29
  • C. tunnel destination 20.20.20.29
  • D. tunnel destination 30.30.30.29


Answer : C

DRAG DROP
-



Refer to the exhibit. Drag and drop the commands from the bottom onto the blanks where the code is missing in the Cisco IKEv2 configuration to bring up the IPsec tunnel between the remote office router and the AWS virtual private gateway? Not all options are used.



Answer :



Refer to the exhibit. An engineer establishes IPsec, internet-based, secure cloud connectivity between an on-premises Cisco IOS XE router and a native AWS endpoint. Which parameters were used to configure phase 1 of the IPsec VPN connection?

  • A. Encryption algorithm: AES-CBC-256
    Integrity algorithm: SHA256
    Diffie-Hellman group: 16
  • B. Encryption algorithm: AES-CBC-128
    Integrity algorithm: SHA1
    Diffie-Hellman group: 19
  • C. Encryption algorithm: AES-CBC-128
    Integrity algorithm: SHA1
    Diffie-Hellman group: 16
  • D. Encryption algorithm: AES-CBC-256
    Integrity algorithm: SHA256
    Diffie-Hellman group: 19


Answer : A



Refer to the exhibit. An engineer is establishing a VPN tunnel from the Google Cloud VPN gateway toward the external IP addresses of the Montreal branch and the Toronto site. The engineer must then establish a connection between the Montreal branch and the Toronto branch toward the cloud. Which two gcloud CLI commands accomplishes the task? (Choose two.)

  • A. gcloud compute networks create vpn-scale-test-cisco --mode custom
    gcloud compute networks subnets create subnet-1 --network vpn-scale-test-cisco \
    --region Montreal --range 10.10.10.1/24
  • B. gcloud compute forwarding-rules create fr-udp500 --project vpn-guide --region Montreal \
    gcloud compute forwarding-rules create fr-udp4500 --project vpn-guide --region Toronto \
    --address 192.168.10.1 --target-vpn-gateway vpn-scale-test-cisco-gw-0 --ip-protocol=UDP --ports 0
  • C. gcloud compute --project vpn-guide vpn-tunnels create tunnel1 --peer-address 10.10.20.1 \
    --region us-toronto --ike-verslon 2 --shared-secret MySharedSecret2 --target-vpn-gateway \
    vpn-scale-test-cisco-gw-0 --router vpn-scale-test-cisco-rtr
  • D. gcloud compute --project vpn-guide vpn-tunnels create tunnel1 --peer-address 10.10.10.1 \
    --region us-montreal --ike-verslon 2 --shared-secret MySharedSecret1 --target-vpn-gateway \
    vpn-scale-test-cisco-gw-0 --router vpn-scale-test-cisco-rtr
  • E. gcloud compute networks create vpn-scale-test-cisco --mode custom
    gcloud compute networks subnets create subnet-1 --network vpn-scale-test-cisco \
    --region Toronto --range 10.10.20.1/24


Answer : CD



Refer to the exhibit. Which tunnel mode must be configured to allow cloud gateway connectivity to the VPC through the transit gateway using an AWS IPSec VPN approach?

  • A. sdwan tunnel
  • B. gre multipoint tunnel
  • C. gre ip tunnel
  • D. ipsec ipv4 tunnel


Answer : D

Which two types of target gateways are used to configure an AWS site-to-site VPN? (Choose two.)

  • A. virtual private
  • B. transit
  • C. VPN
  • D. local network
  • E. bastion


Answer : AB



Refer to the exhibit. An engineer is troubleshooting an IPSec connectivity issue between an on-premises data center and a public cloud provider. Which two conclusions should the engineer draw? (Choose two.)

  • A. The vedge01 router did not receive the DPD packets from 10.10.1.45.
  • B. The vedge01 router sent an INFO request to 10.10.1.1.
  • C. The IPSec tunnel is down.
  • D. The vedge01 router did not receive the DPD packets from 10.10.1.1.
  • E. The IPSec tunnel restarted.


Answer : CD



Refer to the exhibit. An engineer must configure a site-to-site IPsec VPN connection between an on-premises Cisco IOS XE router and Amazon Web Services. Which IP address completes the configuration to establish the tunnel?

  • A. 10.10.10.1
  • B. 10.10.10.9
  • C. 20.20.10.9
  • D. 20.20.10.1


Answer : D

DRAG DROP -
An engineer must use Cisco vManage to configure an application-aware routing policy. Drag and drop the steps from the left onto the order on the right to complete the configuration.



Answer :

DRAG DROP -
An engineer must configure an AppQoE service node for WAN optimization for applications that are hosted in the cloud using Cisco vManage for C8000V or C8500L-8S4X devices. Drag and drop the steps from the left onto the order on the right to complete the configuration.



Answer :

DRAG DROP -
A redundant service-side IPsec tunnel is created between the on-premises data center SD-WAN edge router and AWS. An engineer must configure dynamic routing between the SD-WAN edge router and AWS over IPsec tunnels. These actions were performed: configured the BGP template with BGP parameters configured the unicast address family configured the BGP neighbors and the MPLS interface
Drag and drop the steps from the left onto the order on the right to complete the configuration.



Answer :

Page:    1 / 6   
Exam contains 84 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams