100% Guarantee CCNP Security 300-209 dumps

Q1. What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? 

A. disk0:/webvpn/{context name}/ 

B. disk1:/webvpn/{context name}/ 

C. flash:/webvpn/{context name}/ 

D. nvram:/webvpn/{context name}/ 

View Answer

Q2. What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.) 

A. CSCO_WEBVPN_OTP_PASSWORD 

B. CSCO_WEBVPN_INTERNAL_PASSWORD 

C. CSCO_WEBVPN_USERNAME 

D. CSCO_WEBVPN_RADIUS_USER 

View Answer

Q3. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27? 

A. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

! 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list value splitlist 

B. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

! 

group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelall 

split-tunnel-network-list value splitlist 

C. group-policy GroupPolicy1 internal 

group-policy GroupPolicy1 attributes 

split-tunnel-policy tunnelspecified 

split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

D. access-list splitlist standard permit 209.165.201.0 255.255.255.224 

access-list splitlist standard permit 209.165.202.128 255.255.255.224 

! 

crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect vpn-tunnel-network-list splitlist 

E. crypto anyconnect vpn-tunnel-policy tunnelspecified 

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224 

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224 

View Answer

Q4. Refer to the exhibit. 

Which authentication method was used by the remote peer to prove its identity? 

A. Extensible Authentication Protocol 

B. certificate authentication 

C. pre-shared key 

D. XAUTH 

View Answer

Q5. Refer to the exhibit. 

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem? 

A. PSK 

B. crypto policy 

C. peer identity 

D. transform set 

View Answer

Q6. Which application does the Application Access feature of Clientless VPN support? 

A. TFTP 

B. VoIP 

C. Telnet 

D. active FTP 

View Answer

Q7. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) 

A. crypto isakmp policy 10 

encryption aes 254 

B. crypto isakmp policy 10 

encryption aes 192 

C. crypto isakmp policy 10 

encryption aes 256 

D. crypto isakmp policy 10 

encryption aes 196 

E. crypto isakmp policy 10 

encryption aes 199 

F. crypto isakmp policy 10 

encryption aes 64 

View Answer

Q8. Which two technologies are considered to be Suite B cryptography? (Choose two.) 

A. MD5 

B. SHA2 

C. Elliptical Curve Diffie-Hellman 

D. 3DES 

E. DES 

View Answer

Q9. Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN? 

A. The router must be configured with a dynamic crypto map. 

B. Certificates are always used for phase 1 authentication. 

C. The tunnel establishment will fail if the router is configured as a responder only. 

D. The router and the peer router must have NAT traversal enabled. 

View Answer

Q10. Which technology does a multipoint GRE interface require to resolve endpoints? 

A. ESP 

B. dynamic routing 

C. NHRP 

D. CEF 

E. IPSec 

View Answer