300-209 Exam Questions - Online Test
300-209 Premium VCE File
150 Lectures, 20 Hours
Q1. Refer to the exhibit.
The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem?
A. PSK
B. crypto policy
C. peer identity
D. transform set
Answer: C
Q2. Refer to the exhibit.
What technology does the given configuration demonstrate?
A. Keyring used to encrypt IPSec traffic
B. FlexVPN with IPV6
C. FlexVPN with AnyConnect
D. Crypto Policy to enable IKEv2
Answer: B
Q3. A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.)
A. debug aaa authentication
B. debug radius
C. debug vpn authorization error
D. debug ssl openssl errors
E. debug webvpn aaa
F. debug ssl error
Answer: A,B,D
Q4. Refer to the exhibit.
An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed?
A. No configuration change is necessary. Everything is working correctly.
B. OSPFv3 needs to be configured on the interface.
C. NHRP needs to be configured to provide NBMA mapping.
D. Tunnel mode needs to be changed to GRE IPv4.
E. Tunnel mode needs to be changed to GRE IPv6.
Answer: E
Q5. Which feature do you include in a highly available system to account for potential site failures?
A. geographical separation of redundant devices
B. hot/standby failover pairs
C. Cisco ACE load-balancing with VIP
D. dual power supplies
Answer: A
Q6. Refer to the exhibit.
Which action is demonstrated by this debug output?
A. NHRP initial registration by a spoke.
B. NHRP registration acknowledgement by the hub.
C. Disabling of the DMVPN tunnel interface.
D. IPsec ISAKMP phase 1 negotiation.
Answer: A
Q7. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)
A. aes-cbc-192, sha256, 14
B. 3des, md5, 5
C. 3des, sha1, 1
D. aes-cbc-128, sha, 5
Answer: B,D
Q8. Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?
A. IKEv2 Suite-B
B. IKEv2 proposals
C. IKEv2 profiles
D. IKEv2 Smart Defaults
Answer: D
Q9. Which technology is FlexVPN based on?
A. OER
B. VRF
C. IKEv2
D. an RSA nonce
Answer: C
Q10. Refer to the exhibit.
Which statement about the given IKE policy is true?
A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.
B. It will use encrypted nonces for authentication.
C. It has a keepalive of 60 minutes, checking every 5 minutes.
D. It uses a 56-bit encryption algorithm.
Answer: B
- [2021-New] Cisco 200-310 Dumps With Update Exam Questions (1-10)
- Approved 500-651 Free Practice Questions 2021
- [2021-New] Cisco 210-060 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 642-996 Dumps With Update Exam Questions (31-40)
- Printable 300-465 Rapidshare 2021
- [2021-New] Cisco 400-051 Dumps With Update Exam Questions (13-22)
- [2021-New] Cisco 300-101 Dumps With Update Exam Questions (1-10)
- [2021-New] Cisco 400-051 Dumps With Update Exam Questions (91-100)
- [2021-New] Cisco 300-075 Dumps With Update Exam Questions (71-80)
- Best Quality 810-440 Free Practice Questions 2021