aiotestking uk

300-209 Exam Questions - Online Test


300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 

Answer:

Q2. The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem? 

A. User profile updates are not allowed with IKEv2. 

B. IKEv2 is not enabled on the group policy. 

C. A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt. 

D. Client Services is not enabled on the adaptive security appliance. 

Answer:

Q3. Which statement about the hub in a DMVPN configuration with iBGP is true? 

A. It must be a route reflector client. 

B. It must redistribute EIGRP from the spokes. 

C. It must be in a different AS. 

D. It must be a route reflector. 

Answer:

Q4. Refer to the exhibit. 

Which statement about the given IKE policy is true? 

A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds. 

B. It will use encrypted nonces for authentication. 

C. It has a keepalive of 60 minutes, checking every 5 minutes. 

D. It uses a 56-bit encryption algorithm. 

Answer:

Q5. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest? 

interfacE. Tunnel100 

Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10 

protected vrF. (none) 

local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0) 

remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0) 

current_peer 209.165.200.230 port 500 

PERMIT, flags={origin_is_acl,} 

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836 

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211 

#pkts compresseD. 0, #pkts decompresseD. 0 

#pkts not compresseD. 0, #pkts compr. faileD. 0 

#pkts not decompresseD. 0, #pkts decompress faileD. 0 

#send errors 0, #recv errors 0 

A. The VPN has established and is functioning normally. 

B. There is an asymmetric routing issue. 

C. The remote peer is not receiving encrypted traffic. 

D. The remote peer is not able to decrypt traffic. 

E. Packet corruption is occurring on the path between the two peers. 

Answer:

Q6. You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters? 

A. show ip nhrp nhs detail 

B. show ip nhrp tunnel 

C. show ip nhrp incomplete 

D. show ip nhrp incomplete tunnel tunnel_interface_number 

Answer:

Q7. In which situation would you enable the Smart Tunnel option with clientless SSL VPN? 

A. when a user is using an outdated version of a web browser 

B. when an application is failing in the rewrite process 

C. when IPsec should be used over SSL VPN 

D. when a user has a nonsupported Java version installed 

E. when cookies are disabled 

Answer:

Q8. Which command clears all Cisco AnyConnect VPN sessions? 

A. vpn-sessiondb logoff anyconnect 

B. vpn-sessiondb logoff webvpn 

C. vpn-sessiondb logoff l2l 

D. clear crypto isakmp sa 

Answer:

Q9. Refer to the exhibit. 

What technology does the given configuration demonstrate? 

A. Keyring used to encrypt IPSec traffic 

B. FlexVPN with IPV6 

C. FlexVPN with AnyConnect 

D. Crypto Policy to enable IKEv2 

Answer:

Q10. In the Cisco ASDM interface, where do you enable the DTLS protocol setting? 

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy 

B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit 

C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit 

Answer:

Reference: 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect20/admini strative/guide/admin/admin5.html 

Shows where DTLS can be configured as: 

. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client 

. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

.Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client