All About Accurate 300-209 examcollection

Q1. If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic? 

A. DES 

B. 3DES 

C. AES 

D. AES192 

E. AES256 

View Answer

Q2. Which feature is available in IKEv1 but not IKEv2? 

A. Layer 3 roaming 

B. aggressive mode 

C. EAP variants 

D. sequencing 

View Answer

Q3. Which statement regarding GET VPN is true? 

A. TEK rekeys can be load-balanced between two key servers operating in COOP. 

B. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server. 

C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration. 

D. The configuration that defines which traffic to encrypt is present only on the key server. 

E. The pseudotime that is used for replay checking is synchronized via NTP. 

View Answer

Q4. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) 

A. transform set 

B. ISAKMP policy 

C. ACL that defines traffic to encrypt 

D. dynamic routing protocol 

E. tunnel interface 

F. IPsec profile 

G. PSK or PKI trustpoint with certificate 

View Answer

Q5. Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.) 

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically. 

B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device. 

C. The IPsec configuration that is set up on the active device must be duplicated on the standby device. 

D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device. 

E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device. 

F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically. 

G. The IKE configuration that is set up on the active device must be duplicated on the standby device. 

View Answer

Q6. Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions? 

A. show vpn-sessiondb summary 

B. show crypto ikev1 sa 

C. show vpn-sessiondb ratio encryption 

D. show iskamp sa detail 

E. show crypto protocol statistics all 

View Answer

Q7. Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? 

A. The Cisco AnyConnect Secure Mobility Client must be installed in flash. 

B. A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway. 

C. A Cisco plug-in must be installed on a SiteMinder server. 

D. The Cisco Secure Desktop software package must be installed in flash. 

View Answer

Q8. Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy? 

A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download 

B. instructing users to use the corporate proxy server for all web browsing 

C. disabling split tunneling 

D. permitting local LAN access 

View Answer

Q9. A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company's SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company's requirement? (Choose two). 

A. AnyConnect client 

B. Smart Tunnels 

C. Email Proxy 

D. Content Rewriter 

E. Portal Customizations 

View Answer

Q10. In the Diffie-Hellman protocol, which type of key is the shared secret? 

A. a symmetric key 

B. an asymmetric key 

C. a decryption key 

D. an encryption key 

View Answer