The Improved Guide To 300-209 practice test

Q1. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? 

A. group 10 

B. group 24 

C. group 5 

D. group 20 

View Answer

Q2. Which two are features of GETVPN but not DMVPN and FlexVPN?.(Choose two.) 

A. one IPsec SA for all encrypted traffic 

B. no requirement for an overlay routing protocol 

C. design for use over public or private WAN 

D. sequence numbers that enable scalable replay checking 

E. enabled use of ESP or AH 

F. preservation of IP protocol in outer header 

View Answer

Q3. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

Which crypto map tag is being used on the Cisco ASA? 

A. outside_cryptomap 

B. VPN-to-ASA 

C. L2L_Tunnel 

D. outside_map1 

View Answer

Q4. Refer to the exhibit. 

A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action can bring up the VPN tunnel? 

A. Increase the maximum SA limit on the local Cisco ASA. 

B. Correct the crypto access list on both Cisco ASA devices. 

C. Remove the maximum SA limit on the remote Cisco ASA. 

D. Reduce the maximum SA limit on the local Cisco ASA. 

E. Correct the IP address in the local and remote crypto maps. 

F. Increase the maximum SA limit on the remote Cisco ASA. 

View Answer

Q5. A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements? 

A. Clientless SSLVPN 

B. AnyConnect Client using SSLVPN 

C. AnyConnect Client using IKEv2 

D. FlexVPN Client 

E. Windows built-in PPTP client 

View Answer

Q6. Which option is an example of an asymmetric algorithm? 

A. 3DES 

B. IDEA 

C. AES 

D. RSA 

View Answer

Q7. Refer to the exhibit. 

What is the problem with the IKEv2 site-to-site VPN tunnel? 

A. incorrect PSK 

B. crypto access list mismatch 

C. incorrect tunnel group 

D. crypto policy mismatch 

E. incorrect certificate 

View Answer

Q8. In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces? 

A. interface virtual-template number type template 

B. interface virtual-template number type tunnel 

C. interface template number type virtual 

D. interface tunnel-template number 

View Answer

Q9. Which command clears all crypto configuration from a Cisco Adaptive Security Appliance? 

A. clear configure crypto 

B. clear configure crypto ipsec 

C. clear crypto map 

D. clear crypto ikev2 sa 

View Answer

Q10. Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) 

A. SHA-512 

B. SHA-256 

C. SHA-192 

D. SHA-380 

E. SHA-192 

F. SHA-196 

View Answer