Improve Cisco 300-209 exam question

Q1. You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem? 

A. Configure start before logon in the client profile. 

B. Configure a group policy to prompt the user to download the updated module. 

C. Define the modules for download in the client profile. 

D. Define the modules for download in the group policy. 

View Answer

Q2. What must be enabled in the web browser of the client computer to support Clientless SSL VPN? 

A. cookies 

B. ActiveX 

C. Silverlight 

D. popups 

View Answer

Q3. Refer to the exhibit. 

An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem? 

A. IPsec will not work in conjunction with a group URL. 

B. The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this. 

C. If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). 

D. A new XML profile should be created instead of modifying the existing profile, so that the clients force the update. 

View Answer

Q4. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer? 

A. ftp://<hostname>/capture/<capture_name>/ 

B. https://<asdm_enabled _interface:port>/<capture_name>/ 

C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap 

D. https://<hostname>/<capture_name>/pcap 

View Answer

Q5. Which type of communication in a FlexVPN implementation uses an NHRP shortcut? 

A. spoke to hub 

B. spoke to spoke 

C. hub to spoke 

D. hub to hub 

View Answer

Q6. Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.) 

A. group-alias 

B. certificate map 

C. use gateway command 

D. group-url 

E. AnyConnect client version 

View Answer

Q7. Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel? 

A. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535 

B. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535 

C. Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535 

D. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 -0.0.0.0/65535 

E. Local selector 0.0.0.0/0 - 0.0.0.0/65535 Remote selector 192.168.22.0/0 -192.168.22.255/65535 

View Answer

Q8. A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server? 

A. HTTPS 

B. NetBIOS 

C. CIFS 

D. HTTP 

View Answer

Q9. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. Cisco AnyConnect (IKEv2) 

B. site-to-site 

C. DMVPN 

D. SSL VPN 

View Answer

Q10. Refer to the exhibit. 

You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate? 

A. IKEv2 failed to establish a phase 2 negotiation. 

B. The Crypto ACL is different on the peer device. 

C. ISAKMP was unable to find a matching SA. 

D. IKEv2 was used in aggressive mode. 

View Answer