[2021-New] Cisco 300-209 Dumps With Update Exam Questions (31-40)

300-209 Dumps

300-209 Exam Questions - Online Test

300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?

A. TLS and DTLS

B. IKEv1

C. L2TP over IPsec

D. SSH over TCP

Answer: A

Q2. Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?

A. clear configure crypto

B. clear configure crypto ipsec

C. clear crypto map

D. clear crypto ikev2 sa

Answer: A

Q3. On which Cisco platform are dynamic virtual template interfaces available?

A. Cisco Adaptive Security Appliance 5585-X

B. Cisco Catalyst 3750X

C. Cisco Integrated Services Router Generation 2

D. Cisco Nexus 7000

Answer: C

Q4. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)

A. transform set

B. ISAKMP policy

C. ACL that defines traffic to encrypt

D. dynamic routing protocol

E. tunnel interface

F. IPsec profile

G. PSK or PKI trustpoint with certificate

Answer: A,B,G

Q5. Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

A. ASDM

B. Connection-profile CLI command

C. Host-scan CLI command under the VPN group policy

D. Pre-login-check CLI command

Answer: A

Q6. What are two benefits of DMVPN Phase 3? (Choose two.)

A. Administrators can use summarization of routing protocol updates from hub to spokes.

B. It introduces hierarchical DMVPN deployments.

C. It introduces non-hierarchical DMVPN deployments.

D. It supports L2TP over IPSec as one of the VPN protocols.

Answer: A,B

Q7. Which protocol can be used for better throughput performance when using.Cisco AnyConnect VPN?

A. TLSv1

B. TLSv1.1

C. TLSv1.2

D. DTLSv1

Answer: D

Q8. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?

1d00h: IPSec (validate_proposal): transform proposal

(port 3, trans 2, hmac_alg 2) not supported

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0

1d00h: ISAKMP (0:2) SA not acceptable

A. Phase 1 policy does not match on both sides.

B. The Phase 2 transform set does not match on both sides.

C. ISAKMP is not enabled on the remote peer.

D. The crypto map is not applied on the remote peer.

E. The Phase 1 transform set does not match on both sides.

Answer: B

Q9. Scenario

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.

Note: Not all screens or option selections are active for this exercise.

Topology

Default_Home

Which address range will be assigned to the AnyConnect users?

A. 10.10.15.40-50/24

B. 209.165.201.20-30/24

C. 192.168.1.100-150/24

D. 10.10.15.20-30/24

Answer: D

Explanation:

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below:

C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below:

C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png

From here, click the Select button on the “VPN_Address_Pool” and you will see the following pools defined:

Here we see that the VPN_Address_Pool contains the IP address range of 10.10.15.20-10.10.15.30/24.

Q10. Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

A. SAML

B. HTTP POST

C. HTTP Basic

D. NTLM

E. Kerberos

F. OAuth 2.0

Answer: B,C,D