10 Tips For Most recent 300-209 practice test

Q1. When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption? 

A. ACL 

B. IP routing 

C. RRI 

D. front door VPN routing and forwarding 

View Answer

Q2. To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure? 

A. Cisco IOS WebVPN customization template 

B. Cisco IOS WebVPN customization general 

C. web-access-hlp.inc 

D. app-access-hlp.inc 

View Answer

Q3. Refer to the exhibit. 

Which two characteristics of the VPN implementation are evident? (Choose two.) 

A. dual DMVPN cloud setup with dual hub 

B. DMVPN Phase 3 implementation 

C. single DMVPN cloud setup with dual hub 

D. DMVPN Phase 1 implementation 

E. quad DMVPN cloud with quadra hub 

F. DMVPN Phase 2 implementation 

View Answer

Q4. Refer to the exhibit. 

You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate? 

A. IKEv2 failed to establish a phase 2 negotiation. 

B. The Crypto ACL is different on the peer device. 

C. ISAKMP was unable to find a matching SA. 

D. IKEv2 was used in aggressive mode. 

View Answer

Q5. Which cryptographic algorithms are approved to protect Top Secret information? 

A. HIPPA DES 

B. AES-128 

C. RC4-128 

D. AES-256 

View Answer

Q6. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? 

A. Determine whether the Cisco ASA can resolve the DNS names. 

B. Determine whether the Cisco ASA has DNS forwarders set up. 

C. Determine whether an ACL is present to permit DNS forwarding. 

D. Replace the DNS name with an IP address. 

View Answer

Q7. The following configuration steps have been completeD. 

. WebVPN was enabled on the ASA outside interface. 

. SSL VPN client software was loaded to the ASA. 

. A DHCP scope was configured and applied to a WebVPN Tunnel Group. 

What additional step is required if the client software fails to load when connecting to the ASA SSL page? 

A. The SSL client must be loaded to the client by an ASA administrator 

B. The SSL client must be downloaded to the client via FTP 

C. The SSL VPN client must be enabled on the ASA after loading 

D. The SSL client must be enabled on the client machine before loading 

View Answer

Q8. Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) 

A. authentication 

B. encryption 

C. integrity 

D. lifetime 

View Answer

Q9. After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem? 

A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map 

B. Change the remote traffic selector on the remote ASA to 192.168.22.0/24 

C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers 

D. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0 

E. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0 

View Answer

Q10. Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.) 

A. Verify that the primary protocol on the client machine is set to IPsec. 

B. Verify that AnyConnect is enabled on the correct interface. 

C. Verify that the IKEv2 protocol is enabled on the group policy. 

D. Verify that ASDM and AnyConnect are not using the same port. 

E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint. 

View Answer