Question No 10.
Using the Next Generation Encryption technologies, which is the minimum acceptable
encryption level to protect sensitive information?
A. AES 92 bits
B. AES 128 bits
C. AES 256 bits
D. AES 512 bits
Answer: C
Friday 12 January 2018
Latest Cisco 300-209 Question And Answers.
Question No 9.
What are two benefits of DMVPN Phase 3? (Choose two.)
A. Administrators can use summarization of routing protocol updates from hub to spokes.
B. It introduces hierarchical DMVPN deployments.
C. It introduces non-hierarchical DMVPN deployments.
D. It supports L2TP over IPSec as one of the VPN protocols.
Answer: A,B
What are two benefits of DMVPN Phase 3? (Choose two.)
A. Administrators can use summarization of routing protocol updates from hub to spokes.
B. It introduces hierarchical DMVPN deployments.
C. It introduces non-hierarchical DMVPN deployments.
D. It supports L2TP over IPSec as one of the VPN protocols.
Answer: A,B
Latest Cisco 300-209 Question And Answers.
Question No 8.
A spoke has two Internet connections for failover. How can you achieve optimum failover
without affecting any other router in the DMVPN cloud?
A. Create another DMVPN cloud by configuring another tunnel interface that is sourced
from the second ISP link.
B. Use another router at the spoke site, because two ISP connections on the same router
for the same hub is not allowed.
C. Configure SLA tracking, and when the primary interface goes down, manually change
the tunnel source of the tunnel interface.
D. Create another tunnel interface with same configuration except the tunnel source, and
configure the if-state nhrp and backup interface commands on the primary tunnel interface.
Answer: D
A spoke has two Internet connections for failover. How can you achieve optimum failover
without affecting any other router in the DMVPN cloud?
A. Create another DMVPN cloud by configuring another tunnel interface that is sourced
from the second ISP link.
B. Use another router at the spoke site, because two ISP connections on the same router
for the same hub is not allowed.
C. Configure SLA tracking, and when the primary interface goes down, manually change
the tunnel source of the tunnel interface.
D. Create another tunnel interface with same configuration except the tunnel source, and
configure the if-state nhrp and backup interface commands on the primary tunnel interface.
Answer: D
Latest Cisco 300-209 Question And Answers.
Question No 7.
After implementing the IKEv2 tunnel, it was observed that remote users on the
192.168.33.0/24 network are unable to access the internet. Which of the following can be
done to resolve this problem?
A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic
crypto map
B. Change the remote traffic selector on the remote ASA to 192.168.22.0/24
C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static
peers
D. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0
E. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0
Answer: B
Explanation:
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24
After implementing the IKEv2 tunnel, it was observed that remote users on the
192.168.33.0/24 network are unable to access the internet. Which of the following can be
done to resolve this problem?
A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic
crypto map
B. Change the remote traffic selector on the remote ASA to 192.168.22.0/24
C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static
peers
D. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0
E. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0
Answer: B
Explanation:
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24
Latest Cisco 300-209 Question And Answers.
Question No 6.
Which three types of SSO functionality are available on the Cisco ASA without any external
SSO servers? (Choose three.)
A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0
Answer: B,C,D
Which three types of SSO functionality are available on the Cisco ASA without any external
SSO servers? (Choose three.)
A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0
Answer: B,C,D
Latest Cisco 300-209 Question And Answers.
Question No 5.
Which algorithm provides both encryption and authentication for plane communication?Which algorithm provides both encryption and authentication for plane communication?
A. RC4
B. SHA-384
C. AES-256
D. SHA-96
E. 3DES
F. AES-GCM
Answer: F
Which algorithm provides both encryption and authentication for plane communication?Which algorithm provides both encryption and authentication for plane communication?
A. RC4
B. SHA-384
C. AES-256
D. SHA-96
E. 3DES
F. AES-GCM
Answer: F
Latest Cisco 300-209 Question And Answers.
Question No 4.
To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file
must you configure?
A. Cisco IOS WebVPN customization template
B. Cisco IOS WebVPN customization general
C. web-access-hlp.inc
D. app-access-hlp.inc
Answer: A
To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file
must you configure?
A. Cisco IOS WebVPN customization template
B. Cisco IOS WebVPN customization general
C. web-access-hlp.inc
D. app-access-hlp.inc
Answer: A
Subscribe to:
Posts (Atom)