Cisco 300-209 Online Practice Questions and Exam Preparation

Cisco 300-209 Online Questions & Answers

• Question 231:

  Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?

  A. show crypto ipsec sa
  B. show crypto isakmp sa
  C. show crypto ikev2 sa
  D. show ip nhrp
  C. show crypto ikev2 sa

• Question 232:

  Remote users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal?

  A. 1. Configure a static pat rule for TCP port 3389 2. Configure an inbound access-list to allow traffic from remote users to the servers 3. Assign this access-list rule to the group policy
  B. 1. Configure a bookmark of the type http:// server-IP :3389 2. Enable Smart tunnel on this bookmark 3. Assign the bookmark to the desired group policy
  C. 1. Configure a Smart Tunnel application list 2. Add the rdp.exe process to this list 3. Assign the Smart Tunnel application list to the desired group policy
  D. 1. Upload an RDP plugin to the ASA 2. Configure a bookmark of the type rdp:// server-IP 3. Assign the bookmark list to the desired group policy
  D. 1. Upload an RDP plugin to the ASA 2. Configure a bookmark of the type rdp:// server-IP 3. Assign the bookmark list to the desired group policy

• Question 233:

  Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

  A. one IPsec SA for all encrypted traffic
  B. no requirement for an overlay routing protocol
  C. design for use over public or private WAN
  D. sequence numbers that enable scalable replay checking
  E. enabled use of ESP or AH
  F. preservation of IP protocol in outer header
  A. one IPsec SA for all encrypted traffic
  B. no requirement for an overlay routing protocol

• Question 234:

  Refer to the exhibit. Which action is demonstrated by this debug output?

  

  A. NHRP initial registration by a spoke.
  B. NHRP registration acknowledgement by the hub.
  C. Disabling of the DMVPN tunnel interface.
  D. IPsec ISAKMP phase 1 negotiation.
  A. NHRP initial registration by a spoke.

• Question 235:

  Which must be configured for a Cisco Anyconnect client to determine the trustworthiness of a wireless network?

  A. Trusted network detection
  B. allow local proxy connections
  C. start before login
  D. allow VPN disconnect
  A. Trusted network detection

• Question 236:

  Refer to the exhibit. Based on the partial configuration shown, which the GET VPN group member GDOI configuration?

  ! crypto gdoi group CLASSROOM

  identity number 12345! crypto map GETVPN_MAP 10 gdoi

  set group CLASSROOM

  ! interface Serial0/0/0ip address 192.168.1.2 255.255.255.252crypto map GETVPN_MAP

  !

  A. key server IP address
  B. local priority
  C. mapping of the IPsec profile to the IPsec SA
  D. mapping of the IPsec transform set to the GDOI group
  A. key server IP address

• Question 237:

  Which two NHRP functions are specific to DMVPN Phase 3 Implementation? (Choose two)

  A. resolution reply
  B. redirect
  C. resolution request
  D. registration reply
  E. registration request
  A. resolution reply
  C. resolution request

• Question 238:

  Which VPN technology is preferred to reduce latency and provide encryption over MPLS without the use of a central hub?

  A. DMVPN
  B. GET VPN
  C. IPsec
  D. FlexVPN
  B. GET VPN

• Question 239:

  An engineer is troubleshooting IPsec VPN and wants to check the inbound and outbound data plane security association built between peers. Which command must be run?

  A. show crypto esp sa
  B. show crypto isakmp sa
  C. show crypto ipsec sa
  D. show crypto ike sa
  C. show crypto ipsec sa

• Question 240:

  Refer to the exhibit. An engineer encounters a debug message. Which action can the engineer take to eliminate this error message?

  

  A. Use stronger encryption suite.
  B. Correct the VPN peer address.
  C. Make adjustment to IPSec replay window.
  D. Change the preshared key to match.
  C. Make adjustment to IPSec replay window.