All About High quality 300-209 examcollection

Q1. In FlexVPN, what is the role of a NHRP resolution request? 

A. It allows these entities to directly communicate without requiring traffic to use an intermediate hop 

B. It dynamically assigns VPN users to a group 

C. It blocks these entities from to directly communicating with each other 

D. It makes sure that each VPN spoke directly communicates with the hub 

View Answer

Q2. Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions? 

A. show vpn-sessiondb summary 

B. show crypto ikev1 sa 

C. show vpn-sessiondb ratio encryption 

D. show iskamp sa detail 

E. show crypto protocol statistics all 

View Answer

Q3. Which two statements.about the Cisco ASA Clientless SSL VPN smart tunnels feature are true? (Choose two.) 

A. Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses. 

B. Smart tunnels require Administrative privileges to run on the client machine. 

C. A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway. 

D. Smart tunnels offer better performance than the client-server plugins. 

E. Smart tunnels are supported on Windows, Mac, and Linux. 

View Answer

Q4. Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.) 

A. It is compatible with IKEv1. 

B. It has at minimum a nine-packet exchange. 

C. It uses aggressive mode. 

D. NAT traversal is included in the RFC. 

E. It uses main mode. 

F. DPD is defined in RFC 4309. 

G. It allows for EAP authentication. 

View Answer

Q5. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer? 

A. ftp://<hostname>/capture/<capture_name>/ 

B. https://<asdm_enabled _interface:port>/<capture_name>/ 

C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap 

D. https://<hostname>/<capture_name>/pcap 

View Answer

Q6. Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) 

A. authenticates group members 

B. manages security policy 

C. creates group keys 

D. distributes policy/keys 

E. encrypts endpoint traffic 

F. receives policy/keys 

G. defines group members 

View Answer

Q7. Which feature is enabled by the use of NHRP in a DMVPN network? 

A. host routing with Reverse Route Injection 

B. BGP multiaccess 

C. host to NBMA resolution 

D. EIGRP redistribution 

View Answer

Q8. Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface? 

A. ip unnumbered interface 

B. eigrp router-id 

C. passive-interface interface name 

D. ip split-horizon eigrp as number 

View Answer

Q9. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

Which transform set is being used on the branch ISR? 

A. Default 

B. ESP-3DES ESP-SHA-HMAC 

C. ESP-AES-256-MD5-TRANS mode transport 

D. TSET 

View Answer

Q10. Which command identifies an AnyConnect profile that was uploaded to the router flash? 

A. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml 

B. svc import profile SSL_profile flash:simos-profile.xml 

C. anyconnect profile SSL_profile flash:simos-profile.xml 

D. webvpn import profile SSL_profile flash:simos-profile.xml 

View Answer