Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?

Which option describes the purpose of the shared argument in the DMVPN interface command
tunnel protection IPsec profile ProfileName shared?

Which option describes the purpose of the shared argument in the DMVPN interface command
tunnel protection IPsec profile ProfileName shared?

A.
shares a single profile between multiple tunnel interfaces

B.
allows multiple authentication types to be used on the tunnel interface

C.
shares a single profile between a tunnel interface and a crypto map

D.
shares a single profile between IKEv1 and IKEv2

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

sixteen + 18 =

Ace

Ace

“The Sharing IPsec with Tunnel Protection feature allows an IP Security (IPsec) Security Association Database (SADB) to be shared between two or more generic routing encapsulation (GRE) tunnel interfaces when tunnel protection is used. These tunnel interfaces share a single underlying cryptographic SADB, cryptographic map, and IPsec profile in the Dynamic Multipoint Virtual Private Network (DMVPN) configuration.” – http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-3s/sec-conn-dmvpn-xe-3s-book/sec-conn-dmvpn-share-ipsec-w-tun-protect.html

Reply

Joel Westerlund

Joel Westerlund

Passed 300-209 last Sunday with a score of 950! (The passing score is 845/1000)

Total 54 questions, most of the questions were about DMVPN, advanteges of IKEV2 over IKEV1, etc.

Got ASDM S2S Lab and ASDM SSL clientless Lab.

Learned valid 300-209 dumps from here:

http://www.passleader.com/300-209.html (237q VCE and PDF) (All Labs were from it!)

Reply

Alex Silva

Alex Silva

New 300-209 Exam Questions and Answers Updated Recently (4/July/2017):

NEW QUESTION 295
An engineer is attempting to establish a new site-to-site VPN connection. The tunnel terminates on an ASA 5506-X which is behind an ASA 5515-X. The engineer notices that the tunnel is not establishing. Which option is a potential cause?

A. Certificates were not configured
B. Diffie – Helman Group is not set
C. Access lists were not applied
D. NAT – traversal is not configured

Answer: D

NEW QUESTION 296
Which algorithm does ISAKMP use to securely derive encryption and integrity keys?

A. Diffie – Hellman
B. AES
C. ECDSA
D. RSA
E. 3DES

Answer: D

NEW QUESTION 297
Which purpose of configuring perfect Forward secret is true?

A. For every negotiation of a new phase 1 SA, the two gateways generate a new set of phase 2 keys.
B. For every negotiation of a new phase 2 SA, the two gateways generate a new set of phase 1 keys.
C. For every negotiation of a new phase 1 SA, the two gateways generate a new set of phase 1 keys.
D. For every negotiation of a new phase 2 SA, the two gateways generate a new set of phase 2 keys.

Answer: A

NEW QUESTION 298
An engineer has successfully established a phase 1 tunnel, but notices that no packets are decrypted on the head end side of the tunnel. What is a potential cause for this issue?

A. different phase 2 encryption
B. misconfigured DH group
C. disabled PFS
D. firewall blocking Phase 2 ESP or AH

Answer: A

NEW QUESTION 299
Which option describes traffic that will initiate a VPN connection?

A. trusted
B. external
C. internal
D. interesting

Answer: D

NEW QUESTION 300
……

P.S. These New 300-209 Exam Questions Were Just Updated From The Real 300-209 Exam, You Can Get The Newest 300-209 Dumps In PDF And VCE From — http://www.passleader.com/300-209.html (307q VCE and PDF)

Good Luck!

Reply