aiotestking uk

300-209 Exam Questions - Online Test


300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which algorithm is replaced by elliptic curve cryptography in Cisco NGE? 

A. 3DES 

B. AES 

C. DES 

D. RSA 

Answer:

Q2. Which algorithm provides both encryption and authentication for data plane communication? 

A. SHA-96 

B. SHA-384 

C. 3DES 

D. AES-256 

E. AES-GCM 

F. RC4 

Answer:

Q3. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) 

A. key encryption key 

B. group encryption key 

C. user encryption key 

D. traffic encryption key 

Answer: A,D 

Q4. What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke? 

A. The hub sends back a resolution reply to the requesting spoke. 

B. The hub updates its own NHRP mapping. 

C. The hub forwards the request to the destination spoke. 

D. The hub waits for the second spoke to send a request so that it can respond to both spokes. 

Answer:

Q5. Which hash algorithm is required to protect classified information? 

A. MD5 

B. SHA-1 

C. SHA-256 

D. SHA-384 

Answer:

Q6. The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed: 

"Login Denied, unauthorized connection mechanism, contact your administrator" 

What is the most possible cause of this problem? 

A. DAP is terminating the connection because IKEv2 is the protocol that is being used. 

B. The client endpoint does not have the correct user profile to initiate an IKEv2 connection. 

C. The AAA server that is being used does not authorize IKEv2 as the connection mechanism. 

D. The administrator is restricting access to this specific user. 

E. The IKEv2 protocol is not enabled in the group policy of the VPN headend. 

Answer:

Q7. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect 

B. IPsec 

C. L2TP 

D. SSL VPN 

Answer:

Q8. What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? 

A. disk0:/webvpn/{context name}/ 

B. disk1:/webvpn/{context name}/ 

C. flash:/webvpn/{context name}/ 

D. nvram:/webvpn/{context name}/ 

Answer:

Q9. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

Answer:

Explanation: 

The show crypto isakmp key command shows the preshared key of “cisco”. 

Q10. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer? 

A. ftp://<hostname>/capture/<capture_name>/ 

B. https://<asdm_enabled _interface:port>/<capture_name>/ 

C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap 

D. https://<hostname>/<capture_name>/pcap 

Answer: