Cisco 300-209 Online Practice Questions and Exam Preparation

Cisco 300-209 Online Questions & Answers

• Question 161:

  What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

  A. CSCO_WEBVPN_OTP_PASSWORD
  B. CSCO_WEBVPN_INTERNAL_PASSWORD
  C. CSCO_WEBVPN_USERNAME
  D. CSCO_WEBVPN_RADIUS_USER
  B. CSCO_WEBVPN_INTERNAL_PASSWORD
  C. CSCO_WEBVPN_USERNAME

• Question 162:

  In a GET VPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)

  A. multicast UDP transmission
  B. multicast TCP transmission
  C. unicast UDP transmission
  D. unicast TCP transmission
  A. multicast UDP transmission
  C. unicast UDP transmission

• Question 163:

  Which header is used when a data plane IPsec packet is created?

  A. IKEv1
  B. AES
  C. SHA
  D. ESP
  D. ESP

• Question 164:

  Refer to the exhibit. The ABC Corporation is changing remote-user authentication from pre-shared keys to certificate-based authentication. For most employee authentication, its group membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers.

  

  As the network engineer, where would you look for the problem?

  A. Check the validity of the identity and root certificate on the PC of the finance manager.
  B. Change the Management Certificate to Connection Profile Maps > Rule Priority to a number that is greater than 10.
  C. Check if the Management Certificate to Connection Profile Maps > Rules is configured correctly.
  D. Check if the Certificate to Connection Profile Maps > Policy is set correctly.
  D. Check if the Certificate to Connection Profile Maps > Policy is set correctly.

• Question 165:

  When configuring a FlexVPN, which two components must be configured for IKEv2? (Choose two.)

  A. persistence
  B. profile
  C. proposal
  D. preference
  E. method
  B. profile
  C. proposal

• Question 166:

  What are two benefits of DMVPN Phase 3? (Choose two.)

  A. Administrators can use summarization of routing protocol updates from hub to spokes.
  B. It introduces hierarchical DMVPN deployments.
  C. It introduces non-hierarchical DMVPN deployments.
  D. It supports L2TP over IPSec as one of the VPN protocols.
  A. Administrators can use summarization of routing protocol updates from hub to spokes.
  B. It introduces hierarchical DMVPN deployments.

• Question 167:

  Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?

  A. vpn-filter none
  B. no vpn-filter
  C. filter value none
  D. filter value ACLname
  A. vpn-filter none

• Question 168:

  Refer to the exhibit. When the user "contractor" Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?

  

  A. full restrictions (no Cisco ASDM, no CLI, no console access)
  B. full restrictions (no read, no write, no execute permissions)
  C. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only)
  D. full access with no restrictions
  D. full access with no restrictions

• Question 169:

  Which header is used when a data plane IPsec packet is created?

  A. IKEv1
  B. AES
  C. SHA
  D. ESP
  D. ESP

• Question 170:

  A CISCO AnyConnect client establishes a SSL VPN connection with ASA at the corporate office. The client has not established SSL VPN connection in some time. An Engineer wants to make sure the client computer meets the enterprise security policy. Which feature can update a client to meet an enterprise security policy?

  A. FreePOWER Advanced Malware Production
  B. EndPoint Assessment
  C. Basic Host Scan
  D. Advanced Endpoint Assessment
  D. Advanced Endpoint Assessment