Cisco 300-209 Online Practice Questions and Exam Preparation

Cisco 300-209 Online Questions & Answers

• Question 251:

  Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

  A. one IPsec SA for all encrypted traffic
  B. no requirement for an overlay routing protocol
  C. design for use over public or private WAN
  D. sequence numbers that enable scalable replay checking
  E. enabled use of ESP or AH
  F. preservation of IP protocol in outer header
  A. one IPsec SA for all encrypted traffic
  B. no requirement for an overlay routing protocol

• Question 252:

  Refer to the exhibit. Given the partial configuration shown, which two statements are correct? (Choose two.)

  crypto ipsec transform-set MY_TRANSFORM esp-aes 128 esp-sha-hmac! crypto ipsec profile MYPROFILE

  set transform-set MY_TRANSFORM ! interface Tunnel0

  ip unnumbered GigabitEthernet1/1

  tunnel source GigabitEthernet1/1

  tunnel destination 192.168.2.200

  tunnel mode ipsec ipv4

  tunnel protection ipsec profile MYPROFILE

  ! ip route 10.1.2.0 255.255.255.0 Tunnel0

  A. The tunnel will use the routing protocol configured for GigabitEthemet 1/1 for all tunnel communication with the peer.
  B. The IP route statement to reach the remote network behind the DMVPN peer is incorrect, it should be ip route 192.168.2.0 255.255.255.0 tunnel 0.
  C. This is an example of a static point-to-point VTI tunnel.
  D. The tunnel will use esp-sha-hmac encryption in ESP tunnel mode.
  E. The tunnel will use 128-bit AES encryption in ESP tunnel mode.
  C. This is an example of a static point-to-point VTI tunnel.
  E. The tunnel will use 128-bit AES encryption in ESP tunnel mode.

• Question 253:

  Which option is one component of a Public Key Infrastructure?

  A. the Registration Authority
  B. Active Directory
  C. RADIUS
  D. TACACS+
  A. the Registration Authority

• Question 254:

  Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?

  A. DTLS
  B. SCTP
  C. DCCP
  D. SRTP
  A. DTLS

• Question 255:

  Which VPN solution enables you to publish applications to users by using bookmarks?

  A. IPsec client
  B. SSL VPN full network access
  C. Clientless SSL VPN
  D. port forward
  C. Clientless SSL VPN

• Question 256:

  Which Cisco firewall platform supports Cisco NGE?

  A. FWSM
  B. Cisco ASA 5505
  C. Cisco ASA 5580
  D. Cisco ASA 5525-X
  D. Cisco ASA 5525-X

• Question 257:

  Which two statements comparing ECC and RSA are true? (Choose two.)

  A. ECC can have the same security as RSA but with a shorter key size.
  B. ECC lags in performance when compared with RSA.
  C. Key generation in ECC is slower and less CPU intensive.
  D. ECC cannot have the same security as RSA, even with an increased key size.
  E. Key generation in ECC is faster and less CPU intensive.
  A. ECC can have the same security as RSA but with a shorter key size.
  E. Key generation in ECC is faster and less CPU intensive.

• Question 258:

  Where do you configure AnyConnect certificate-based authentication in ASDM?

  A. group policies
  B. AnyConnect Connection Profile
  C. AnyConnect Client Profile
  D. Advanced Network (Client) Access
  B. AnyConnect Connection Profile

• Question 259:

  Which two descriptions of the characteristics of Cisco GET VPN are true? (Choose two.)

  A. provides a tunelless transport mechanism
  B. encrypts the data payload and IP header of a packet
  C. requires that GRE tunnels exist between participating routers
  D. uses a common set of traffic encryption keys shared by group members
  E. uses VTIs to establish Ipsec tunnels
  A. provides a tunelless transport mechanism
  D. uses a common set of traffic encryption keys shared by group members

• Question 260:

  Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?

  A. appl ssh putty.exe win
  B. appl ssh putty.exe windows
  C. appl ssh putty
  D. appl ssh putty.exe
  B. appl ssh putty.exe windows