aiotestking uk

300-209 Exam Questions - Online Test


300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Refer to the exhibit. 

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem? 

A. PSK 

B. crypto policy 

C. peer identity 

D. transform set 

Answer:

Q2. Refer to the exhibit. 

What technology does the given configuration demonstrate? 

A. Keyring used to encrypt IPSec traffic 

B. FlexVPN with IPV6 

C. FlexVPN with AnyConnect 

D. Crypto Policy to enable IKEv2 

Answer:

Q3. A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.) 

A. debug aaa authentication 

B. debug radius 

C. debug vpn authorization error 

D. debug ssl openssl errors 

E. debug webvpn aaa 

F. debug ssl error 

Answer: A,B,D 

Q4. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer:

Q5. Which feature do you include in a highly available system to account for potential site failures? 

A. geographical separation of redundant devices 

B. hot/standby failover pairs 

C. Cisco ACE load-balancing with VIP 

D. dual power supplies 

Answer:

Q6. Refer to the exhibit. 

Which action is demonstrated by this debug output? 

A. NHRP initial registration by a spoke. 

B. NHRP registration acknowledgement by the hub. 

C. Disabling of the DMVPN tunnel interface. 

D. IPsec ISAKMP phase 1 negotiation. 

Answer:

Q7. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) 

A. aes-cbc-192, sha256, 14 

B. 3des, md5, 5 

C. 3des, sha1, 1 

D. aes-cbc-128, sha, 5 

Answer: B,D 

Q8. Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices? 

A. IKEv2 Suite-B 

B. IKEv2 proposals 

C. IKEv2 profiles 

D. IKEv2 Smart Defaults 

Answer:

Q9. Which technology is FlexVPN based on? 

A. OER 

B. VRF 

C. IKEv2 

D. an RSA nonce 

Answer:

Q10. Refer to the exhibit. 

Which statement about the given IKE policy is true? 

A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds. 

B. It will use encrypted nonces for authentication. 

C. It has a keepalive of 60 minutes, checking every 5 minutes. 

D. It uses a 56-bit encryption algorithm. 

Answer: