Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to-
Site VPN Wizard?
A.
the local interface named “VPN_access”
B.
the local interface configured with crypto enable
C.
the local interface from which traffic originates
D.
the remote interface with security level 0
New 300-209 Exam Questions (Updated at 22th/11/2017):
QUESTION
When you are configuring a DMVPN network, which tunnel mode should you use for the hub router configuration?
A. GRE multipoint
B. classic point-to-point GRE
C. IPsec multipoint
D. nonbroadcast multiaccess
Answer: A
QUESTION
Which Cisco IOS feature provides secure, on-demand meshed connectivity?
A. Easy VPN
B. IPsec VPN
C. mGRE
D. DMVPN
Answer: D
QUESTION
Which of these is true regarding tunnel configuration when deploying a Cisco ISR as a DMVPN hub router?
A. Only one tunnel can be created per tunnel source interface.
B. Only one tunnel can be created and should be associated with a loopback interface for dynamic
redundancy
C. The GRE tunnel key is used to encrypt the traffic going through the tunnel through the hub.
D. You can run multiple parallel DMVPNs on the hub router, but each tunnel requires a unique tunnel key.
Answer: D
QUESTION
When you are configuring a hub-and-spoke DMVPN network, which tunnel mode should you use for the spoke router configuration?
A. GRE multipoint
B. Classis point-to-point GRE
C. IPsec multipoint
D. Nonbroadcast multiaccess
Answer: A
QUESTION
With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: A
QUESTION
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)
A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside
destinations to be translated with dynamic port address transmission using the outside interface
IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL
user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA
when accessing it via ASDM
Answer: AE
QUESTION
Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?
A. 1. Create a class map to identify which traffic to match.
2. Create a policy map and apply action(s) to the traffic class(es).
3. Apply the policy map to an interface or globally using a service policy.
B. 1. Create a service policy rule.
2. Identify which traffic to match.
3. Apply action(s) to the traffic.
C. 1. Create a Layer 3 and 4 type inspect policy map.
2. Create class map(s) within the policy map to identify which traffic to match.
3. Apply the policy map to an interface or globally using a service policy.
D. 1. Identify which traffic to match.
2. Apply action(s) to the traffic.
3. Create a policy map.
4. Apply the policy map to an interface or globally using a service policy.
Answer: B
QUESTION
By default, how does a Cisco ASA appliance process IP fragments?
A. Each fragment passes through the Cisco ASA appliance without any inspections.
B. Each fragment is blocked by the Cisco ASA appliance.
C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the
full IP packet is forwarded out.
D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet
have been received.
Answer: C
QUESTION
Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?
A. match tunnel-group
B. match access-list
C. match default-inspection-traffic
D. match port
E. match dscp
Answer: A
QUESTION
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map
Answer: D
More Free 300-209 Questions PDF: https://www.braindump2go.com/300-209.html
0
0
2018/Jan/6 new questions:
QUESTION
Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?
A. stronger encryption methods
B. Network Address Translation of encrypted traffic
C. traffic management based on original source and destination addresses
D. Tunnel Endpoint Discovery
Answer: C
QUESTION
Which feature is available in IKEv1 but not IKEv2?
A. Layer 3 roaming
B. aggressive mode
C. EAP variants
D. sequencing
Answer: B
QUESTION
Which feature is enabled by the use of NHRP in a DMVPN network?
A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution
Answer: C
QUESTION
Which statement about the hub in a DMVPN configuration with iBGP is true?
A. It must be a route reflector client.
B. It must redistribute EIGRP from the spokes.
C. It must be in a different AS.
D. It must be a route reflector.
Answer: D
QUESTION
Refer to the exhibit. Which technology is represented by this configuration?
A. AAA for FlexVPN
B. AAA for EzVPN
C. TACACS+ command authorization
D. local command authorization
Answer: A
QUESTION
Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp
Answer: C
QUESTION 167
Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to- Site VPN Wizard?
A. the local interface named “VPN_access”
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0
Answer: B
QUESTION 168
You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?
A. show ip nhrp nhs detail
B. show ip nhrp tunnel
C. show ip nhrp incomplete
D. show ip nhrp incomplete tunnel tunnel_interface_number
Answer: A
QUESTION 169
Refer to the exhibit. What is the purpose of the given configuration?
A. Establishing a GRE tunnel.
B. Enabling IPSec to decrypt fragmented packets.
C. Resolving access issues caused by large packet sizes.
D. Adding the spoke to the routing table.
Answer: C
QUESTION 170
Which three commands are included in the command show dmvpn detail? (Choose three.)
A. show ip nhrp nhs
B. show dmvpn
C. show crypto session detail
D. show crypto ipsec sa detail
E. show crypto sockets
F. show ip nhrp
Answer: ABC
QUESTION 171
Refer to the exhibit. Which action is demonstrated by this debug output?
A. NHRP initial registration by a spoke.
B. NHRP registration acknowledgement by the hub.
C. Disabling of the DMVPN tunnel interface.
D. IPsec ISAKMP phase 1 negotiation.
Answer: A
0
0