aiotestking uk

300-209 Exam Questions - Online Test


300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

In what state is the IKE security association in on the Cisco ASA? 

A. There are no security associations in place 

B. MM_ACTIVE 

C. ACTIVE(ACTIVE) 

D. QM_IDLE 

Answer:

Explanation: 

This can be seen from the "show crypto isa sa" command: 

Q2. What is the default topology type for a GET VPN? 

A. point-to-point 

B. hub-and-spoke 

C. full mesh 

D. on-demand spoke-to-spoke 

Answer:

Q3. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 

Answer:

Q4. Which feature is enabled by the use of NHRP in a DMVPN network? 

A. host routing with Reverse Route Injection 

B. BGP multiaccess 

C. host to NBMA resolution 

D. EIGRP redistribution 

Answer:

Q5. You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template? 

A. tunnel protection ipsec 

B. ip virtual-reassembly 

C. tunnel mode ipsec 

D. ip unnumbered 

Answer:

Q6. Which option is one component of a Public Key Infrastructure? 

A. the Registration Authority 

B. Active Directory 

C. RADIUS 

D. TACACS+ 

Answer:

Q7. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27? 

A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list value splitlist 

B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelall 

split-tunnel-network-list value splitlist 

C. group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect vpn-tunnel-network-list splitlist 

E. crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

Answer:

Q8. A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.) 

A. split exclude 

B. use of an XML profile 

C. full tunnel by default 

D. split tunnel 

E. split include 

Answer: A,B 

Q9. Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution? 

A. AES-GCM and SHA-2 

B. 3DES and DH 

C. AES-CBC and SHA-1 

D. 3DES and SHA-1 

Answer:

Q10. Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN? 

A. DTLS 

B. SCTP 

C. DCCP 

D. SRTP 

Answer: