350-701 Question #150: Real Exam Question with Answer & Explanation

The correct answer is D: DTLSv1. By default, group policies on ASAs are configured to attempt establishing a DTLS tunnel. If UDP 443 traffic is blocked between the VPN headend and the AnyConnect client, it will automatically fallback to TLS. It is recommended to use DTLS or IKEv2 to increase maximum VPN throughp

Submitted by satoshi_tk· Mar 30, 2026DOMAIN_LIST_MISSING

Question

Which protocol provides the strongest throughput performance when using Cisco AnyConnect VPN?

Options

ATLSv1.2
BTLSv1
CTLSv1.1
DDTLSv1

Explanation

By default, group policies on ASAs are configured to attempt establishing a DTLS tunnel. If UDP 443 traffic is blocked between the VPN headend and the AnyConnect client, it will automatically fallback to TLS. It is recommended to use DTLS or IKEv2 to increase maximum VPN throughput performance. DTLS offers better performance than TLS due to less protocol overhead. IKEv2 also offers better throughput than TLS. Additionally, using AES-GCM ciphers may slightly improve performance. These ciphers are available in TLS 1.2, DTLS 1.2 and IKEv2.

Topics

#Cisco AnyConnect#VPN protocols#DTLS#Throughput performance

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice Browse All 350-701 Questions