aiotestking uk

300-209 Exam Questions - Online Test


300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Refer to the exhibit. 

Which two characteristics of the VPN implementation are evident? (Choose two.) 

A. dual DMVPN cloud setup with dual hub 

B. DMVPN Phase 3 implementation 

C. single DMVPN cloud setup with dual hub 

D. DMVPN Phase 1 implementation 

E. quad DMVPN cloud with quadra hub 

F. DMVPN Phase 2 implementation 

Answer: B,C 

Q2. Which cryptographic algorithms are a part of the Cisco NGE suite? 

A. HIPPA DES 

B. AES-CBC-128 

C. RC4-128 

D. AES-GCM-256 

Answer:

Explanation: Reference: 

https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf 

Q3. A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing 

traffic to be blackholed. Which command should be used to identify the peer from which that route originated? 

A. show crypto ikev2 sa detail 

B. show crypto route 

C. show crypto ikev2 client flexvpn 

D. show ip route eigrp 

E. show crypto isakmp sa detail 

Answer:

Q4. Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.) 

A. SHA (HMAC variant) 

B. Diffie-Hellman 

C. DES 

D. MD5 (HMAC variant) 

Answer: A,B 

Q5. When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case? 

A. Show applet Lifecycle exceptions. 

B. Disable cookies. 

C. Enable the WebVPN cache. 

D. Collect a DART bundle. 

Answer:

Q6. Which configuration construct must be used in a FlexVPN tunnel? 

A. multipoint GRE tunnel interface 

B. IKEv1 policy 

C. IKEv2 profile 

D. EAP configuration 

Answer:

Q7. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel? 

A. show crypto ipsec sa 

B. show crypto isakmp sa 

C. show crypto ikev2 sa 

D. show ip nhrp 

Answer:

Q8. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

Answer:

Q9. The following configuration steps have been completeD. 

. WebVPN was enabled on the ASA outside interface. 

. SSL VPN client software was loaded to the ASA. 

. A DHCP scope was configured and applied to a WebVPN Tunnel Group. 

What additional step is required if the client software fails to load when connecting to the ASA SSL page? 

A. The SSL client must be loaded to the client by an ASA administrator 

B. The SSL client must be downloaded to the client via FTP 

C. The SSL VPN client must be enabled on the ASA after loading 

D. The SSL client must be enabled on the client machine before loading 

Answer:

Q10. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) 

A. crypto isakmp policy 10 

encryption aes 254 

B. crypto isakmp policy 10 

encryption aes 192 

C. crypto isakmp policy 10 

encryption aes 256 

D. crypto isakmp policy 10 

encryption aes 196 

E. crypto isakmp policy 10 

encryption aes 199 

F. crypto isakmp policy 10 

encryption aes 64 

Answer: B,C