What Vivid 300-209 exam question Is?

Q1. Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. 

What is a possible cause of the connection failure? 

A. An invalid modulus was used to generate the initial key. 

B. The VPN is using an expired certificate. 

C. The Cisco ASA appliance was reloaded. 

D. The Trusted Root Store is configured incorrectly. 

View Answer

Q2. Which two are characteristics of GETVPN? (Choose two.) 

A. The IP header of the encrypted packet is preserved 

B. A key server is elected among all configured Group Members 

C. Unique encryption keys are computed for each Group Member 

D. The same key encryption and traffic encryption keys are distributed to all Group Members 

View Answer

Q3. Refer to the exhibit. 

Which authentication method was used by the remote peer to prove its identity? 

A. Extensible Authentication Protocol 

B. certificate authentication 

C. pre-shared key 

D. XAUTH 

View Answer

Q4. Which functionality is provided by L2TPv3 over FlexVPN? 

A. the extension of a Layer 2 domain across the FlexVPN 

B. the extension of a Layer 3 domain across the FlexVPN 

C. secure communication between servers on the FlexVPN 

D. a secure backdoor for remote access users through the FlexVPN 

View Answer

Q5. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.) 

A. No action will be taken, they will keep their original assigned addresses 

B. The source address will use the outside-nat-pool 

C. The source NAT type will be a static translation 

D. The source NAT type will be a dynamic translation 

E. DNS will be translated on rule matches 

View Answer

Q6. If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting? 

A. Determine whether the Cisco ASA can resolve the DNS names. 

B. Determine whether the Cisco ASA has DNS forwarders set up. 

C. Determine whether an ACL is present to permit DNS forwarding. 

D. Replace the DNS name with an IP address. 

View Answer

Q7. A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.) 

A. debug aaa authentication 

B. debug radius 

C. debug vpn authorization error 

D. debug ssl openssl errors 

E. debug webvpn aaa 

F. debug ssl error 

View Answer

Q8. Refer to the exhibit. 

Which technology is represented by this configuration? 

A. AAA for FlexVPN 

B. AAA for EzVPN 

C. TACACS+ command authorization 

D. local command authorization 

View Answer

Q9. A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.) 

A. Client's public IP address 

B. Client's operating system 

C. Client's default gateway IP address 

D. Client's username 

E. ASA's public IP address 

View Answer

Q10. Which three settings are required for crypto map configuration? (Choose three.) 

A. match address 

B. set peer 

C. set transform-set 

D. set security-association lifetime 

E. set security-association level per-host 

F. set pfs 

View Answer