Leave a Reply 4

Your email address will not be published. Required fields are marked *


Mustafa

Mustafa

New 300-209 Exam Questions and Answers Updated Recently:

NEW QUESTION 161
Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?

A. stronger encryption methods
B. Network Address Translation of encrypted traffic
C. traffic management based on original source and destination addresses
D. Tunnel Endpoint Discovery

Answer: C

NEW QUESTION 162
Which feature is available in IKEv1 but not IKEv2?

A. Layer 3 roaming
B. aggressive mode
C. EAP variants
D. sequencing

Answer: B

NEW QUESTION 163
Which feature is enabled by the use of NHRP in a DMVPN network?

A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution

Answer: C

NEW QUESTION 164
Which statement about the hub in a DMVPN configuration with iBGP is true?

A. It must be a route reflector client.
B. It must redistribute EIGRP from the spokes.
C. It must be in a different AS.
D. It must be a route reflector.

Answer: D

NEW QUESTION 165
……

NEW QUESTION 166
Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?

A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp

Answer: C

NEW QUESTION 167
Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to- Site VPN Wizard?

A. the local interface named “VPN_access”
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0

Answer: B

NEW QUESTION 168
You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?

A. show ip nhrp nhs detail
B. show ip nhrp tunnel
C. show ip nhrp incomplete
D. show ip nhrp incomplete tunnel tunnel_interface_number

Answer: A

NEW QUESTION 169
……

NEW QUESTION 170
Which three commands are included in the command show dmvpn detail? (Choose three.)

A. show ip nhrp nhs
B. show dmvpn
C. show crypto session detail
D. show crypto ipsec sa detail
E. show crypto sockets
F. show ip nhrp

Answer: ABC

NEW QUESTION 171
……

NEW QUESTION 172
Which option describes the purpose of the command show derived-config interface virtual-access 1?

A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.

Answer: A

NEW QUESTION 173
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)

A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0

Answer: AB

NEW QUESTION 174
Which functionality is provided by L2TPv3 over FlexVPN?

A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN

Answer: A

NEW QUESTION 175
When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?

A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.

Answer: D

P.S. These New 300-209 Exam Questions Were Updated By PassLeader, You Can Get The Newest 300-209 Dumps In PDF And VCE From — http://www.passleader.com/300-209.html (197q)

Good Luck !!!

Eric Albert

Eric Albert

New 300-209 Exam Questions and Answers Updated Recently (14/Mar/2016):

NEW QUESTION 198
Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0

Answer: BCD

NEW QUESTION 199
Which two statements about the Cisco ASA Clientless SSL VPN smart tunnels feature are true? (Choose two.)

A. Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses.
B. Smart tunnels require Administrative privileges to run on the client machine.
C. A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.
D. Smart tunnels offer better performance than the client-server plugins.
E. Smart tunnels are supported on Windows, Mac, and Linux.

Answer: CD

NEW QUESTION 200
As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which technology should you use?

A. IPsec DVTI
B. FlexVPN
C. DMVPN
D. IPsec SVTI
E. GET VPN

Answer: E

NEW QUESTION 201
Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)

A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate

Answer: ABG

NEW QUESTION 202
Which statement regarding GET VPN is true?

A. TEK rekeys can be load-balanced between two key servers operating in COOP.
B. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server.
C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
D. The configuration that defines which traffic to encrypt is present only on the key server.
E. The pseudotime that is used for replay checking is synchronized via NTP.

Answer: D

NEW QUESTION 203
Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?
Image URL: w w w.cipt2.com/wp-content/uploads/2016/03/2031.jpg (delete space)

A. PSK
B. Phase 1 policy
C. transform set
D. crypto access list

Answer: A

NEW QUESTION 204
Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)

A. Enable EIGRP next-hop-self on the hub.
B. Disable EIGRP next-hop-self on the hub.
C. Enable EIGRP split-horizon on the hub.
D. Add NHRP redirects on the hub.
E. Add NHRP shortcuts on the spoke.
F. Add NHRP shortcuts on the hub.

Answer: ADE

NEW QUESTION 205
Which algorithm provides both encryption and authentication for data plane communication?

A. SHA-96
B. SHA-384
C. 3DES
D. AES-256
E. AES-GCM
F. RC4

Answer: E

NEW QUESTION 206
Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.
F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
G. The IKE configuration that is set up on the active device must be duplicated on the standby device.

Answer: CEG

NEW QUESTION 207
Which two statements comparing ECC and RSA are true? (Choose two.)

A. ECC can have the same security as RSA but with a shorter key size.
B. ECC lags in performance when compared with RSA.
C. Key generation in ECC is slower and less CPU intensive.
D. ECC cannot have the same security as RSA, even with an increased key size.
E. Key generation in ECC is faster and less CPU intensive.

Answer: AE

NEW QUESTION 208
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

A. one IPsec SA for all encrypted traffic
B. no requirement for an overlay routing protocol
C. design for use over public or private WAN
D. sequence numbers that enable scalable replay checking
E. enabled use of ESP or AH
F. preservation of IP protocol in outer header

Answer: AB

NEW QUESTION 209
A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)

A. split exclude
B. use of an XML profile
C. full tunnel by default
D. split tunnel
E. split include

Answer: AB

NEW QUESTION 210
……

P.S. These New 300-209 Exam Questions Were Just Updated From The Real 300-209 Exam, You Can Get The Newest 300-209 Dumps In PDF And VCE From — http://bitly.com/300-209-dumps (237q)

Good Luck !!!