Cisco 300-209 Online Practice Questions and Exam Preparation

Cisco 300-209 Online Questions & Answers

• Question 171:

  Which three settings are required for crypto map configuration? (Choose three.)

  A. match address
  B. set peer
  C. set transform-set
  D. set security-association lifetime
  E. set security-association level per-host
  F. set pfs
  A. match address
  B. set peer
  C. set transform-set

• Question 172:

  Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

  A. SHA-512
  B. SHA-256
  C. SHA-192
  D. SHA-380
  E. SHA-192
  F. SHA-196
  A. SHA-512
  B. SHA-256

• Question 173:

  An engineer has successfully established a phase 1 tunnel, but notices that no packets are decrypted on the head end side of the tunnel. What is a potential cause for this issue?

  A. different phase 2 encryption
  B. misconfigured DH group
  C. disabled PFS
  D. firewall blocking Phase 2 ESP or AH
  D. firewall blocking Phase 2 ESP or AH

• Question 174:

  Which method dynamically advertises the network routes for remote tunnel endpoints?

  A. dynamic routing
  B. RRI
  C. policy-based routing
  D. CEF
  B. RRI

• Question 175:

  Refer to the exhibit. While troubleshooting on a remote-access VPN application, a new NOC engineer received the message that is shown.

  

  What is the most likely cause of the problem?

  A. The IP address that is assigned to the PC of the VPN user is not within the range of addresses that are assigned to the SVC connection.
  B. The IP address that is assigned to the PC of the VPN user is in use. The remote user needs to select a different host address within the range.
  C. The IP address that is assigned to the PC of the VPN user is in the wrong subnet. The remote user needs to select a different host number within the correct subnet.
  D. The IP address pool for contractors was not applied to their connection profile.
  D. The IP address pool for contractors was not applied to their connection profile.

• Question 176:

  Scenario:

  You are the senior network security administrator for your organization. Recently and junior

  engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco

  ASA and a remote branch office.

  You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly

  configured according to designated parameters. Using the CLI on both the Cisco ASA and

  branch ISR, verify the IPsec configuration is properly configured between the two sites.

  NOTE: the show running-config command cannot be used for this exercise.

  Topology:

  

  What is being used as the authentication method on Die branch ISR?

  A. Certificates
  B. Pre-shared keys
  C. RSA public keys
  D. Diffie-Hellman Group 2
  D. Diffie-Hellman Group 2

• Question 177:

  Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

  A. NHRP network ID
  B. GRE tunnel key
  C. NHRP authentication string
  D. tunnel VRF
  E. EIGRP process name
  F. EIGRP split-horizon setting
  A. NHRP network ID
  B. GRE tunnel key
  C. NHRP authentication string

• Question 178:

  An Engineer must deploy a VPN solution to provide simple configuration, per-peer policy, cross-site communication, and third party interoperability. Which VPN technology is best to accommodate this requirement?

  A. DMVPN
  B. FlexVPN
  C. GETVPN
  D. IPsec
  B. FlexVPN

• Question 179:

  Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?

  A. 3DES
  B. AES
  C. DES
  D. RSA
  D. RSA

• Question 180:

  After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?

  A. IPsec user profile
  B. Crypto Map
  C. Group Policy
  D. IPsec Policy
  E. IKE Policy
  B. Crypto Map