300-209 Exam Questions - Online Test

300-209 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Actualtests 300-209 Questions are updated and all 300-209 answers are verified by experts. Once you have completely prepared with our 300-209 exam prep kits you will be ready for the real 300-209 exam without a problem. We have Updated Cisco 300-209 dumps study guide. PASSED 300-209 First attempt! Here What I Did.

Q111. Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.) 

A. SHA (HMAC variant) 

B. Diffie-Hellman 

C. DES 

D. MD5 (HMAC variant) 

Answer: A,B 

Q112. You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem? 

A. Configure start before logon in the client profile. 

B. Configure a group policy to prompt the user to download the updated module. 

C. Define the modules for download in the client profile. 

D. Define the modules for download in the group policy. 

Answer: A 

Q113. On which Cisco platform are dynamic virtual template interfaces available? 

A. Cisco Adaptive Security Appliance 5585-X 

B. Cisco Catalyst 3750X 

C. Cisco Integrated Services Router Generation 2 

D. Cisco Nexus 7000 

Answer: C 

Q114. Which Cisco firewall platform supports Cisco NGE? 

A. FWSM 

B. Cisco ASA 5505 

C. Cisco ASA 5580 

D. Cisco ASA 5525-X 

Answer: D 

Q115. What are two benefits of DMVPN Phase 3? (Choose two.) 

A. Administrators can use summarization of routing protocol updates from hub to spokes. 

B. It introduces hierarchical DMVPN deployments. 

C. It introduces non-hierarchical DMVPN deployments. 

D. It supports L2TP over IPSec as one of the VPN protocols. 

Answer: A,B 

Q116. Which two technologies are considered to be Suite B cryptography? (Choose two.) 

A. MD5 

B. SHA2 

C. Elliptical Curve Diffie-Hellman 

D. 3DES 

E. DES 

Answer: B,C 

Q117. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

Answer: B 

Explanation: 

The show crypto isakmp key command shows the preshared key of “cisco”. 

Q118. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using 

Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

Which address pool is being assigned to the users connecting via the AnyConnect client? 

A. AC_Address_Pool 

B. Remote_Address_Pool 

C. Outside_Address_Pool 

D. VPN_Address_Pool 

Answer: D 

Explanation: 

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below: 

Capture 

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below: 

Capture 

From here we can see that the Client Address Pools in use is the “VPN_Access_Pool” 

Q119. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel? 

A. show crypto ipsec sa 

B. show crypto isakmp sa 

C. show crypto ikev2 sa 

D. show ip nhrp 

Answer: C 

Q120. Refer to the exhibit. 

You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS? 

A. HTTP proxy 

B. AAA 

C. policy 

D. port forwarding 

Answer: B