Cisco 300-209 Online Practice Questions and Exam Preparation

Cisco 300-209 Online Questions & Answers

• Question 141:

  An engineer is troubleshooting DMVPN and wants to check if traffic flows in only one direction

  A. show crypto ipsec sa
  B. show crypto lkev2 sa
  C. show crypto isakmp as
  D. show crypto angina accelerator statistics
  A. show crypto ipsec sa

• Question 142:

  When implementing GET VPN, which of these is a characteristic of GDOI IKE?

  A. GDOI IKE sessions are established between all peers in the network
  B. GDOI IKE uses UDP port 500
  C. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy
  D. Each pair of peers has a private set of IPsec security associations that is only shared between the two peers
  C. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy

• Question 143:

  In which situation would you enable the Smart Tunnel option with clientless SSL VPN?

  A. when a user is using an outdated version of a web browser
  B. when an application is failing in the rewrite process
  C. when IPsec should be used over SSL VPN
  D. when a user has a nonsupported Java version installed
  E. when cookies are disabled
  B. when an application is failing in the rewrite process

• Question 144:

  Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel.

  From the information that is shown, where should the engineer navigate to find the prelogin session attributes?

  

  A. "engineering" Group Policy
  B. "contractor" Connection Profile
  C. "engineer1" AAA/Local Users
  D. DfltGrpPolicy Group Policy
  B. "contractor" Connection Profile

• Question 145:

  An engineer wants to ensure that attacks from systems that use superposition and entanglement are resisted. Which algorithm must be used to accomplish this task?

  A. ECDSA-384
  B. RSA-3072
  C. SHA-384
  D. AES-192
  C. SHA-384

• Question 146:

  Which command is used to determine how many GMs have registered in a GETVPN environment?

  A. show crypto isakmp sa
  B. show crypto gdoi ks members
  C. show crypto gdoi gm
  D. show crypto ipsec sa
  E. show crypto isakmp sa count
  B. show crypto gdoi ks members

• Question 147:

  Which command will allow a referenced ASA interface to become accessible across a site-to-site VPN?

  A. access-list 101 extended permit ICMP any any
  B. crypto map vpn 10 match address 101
  C. crypto map vpn interface inside
  D. management-access
  D. management-access

• Question 148:

  Which protocol can be used for better throughput performance when using Cisco AnyConnect VPN?

  A. TLSv1
  B. TLSv1.1
  C. TLSv1.2
  D. DTLSv1
  D. DTLSv1

• Question 149:

  DRAG DROP

  Drag and drop the debug messages on the left onto the associated function during troubleshooting on the right.

  Select and Place:

  

  

• Question 150:

  A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)

  A. increased hash size
  B. DOS protection
  C. Preshared keys are used for authentication.
  D. RSA-Sig used for authentication
  E. native NAT traversal
  F. asymmetric authentication
  B. DOS protection
  E. native NAT traversal
  F. asymmetric authentication