★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/300-209-dumps.html
Q21. Refer to the exhibit.
The customer needs to launch AnyConnect in the RDP machine. Which configuration is correct?
A. crypto vpn anyconnect profile test flash:RDP.xml
policy group default
svc profile test
B. crypto vpn anyconnect profile test flash:RDP.xml
webvpn context GW_1
browser-attribute import flash:/swj.xml
C. crypto vpn anyconnect profile test flash:RDP.xml
policy group default
svc profile flash:RDP.xml
D. crypto vpn anyconnect profile test flash:RDP.xml
webvpn context GW_1
browser-attribute import test
Answer: A
Q22. Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.)
A. IKEv1
B. IKEv2
C. SSL client
D. SSL clientless
E. ESP
F. L2TP
Answer: B,C,D
Q23. The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem?
A. User profile updates are not allowed with IKEv2.
B. IKEv2 is not enabled on the group policy.
C. A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
D. Client Services is not enabled on the adaptive security appliance.
Answer: C
Q24. Which feature do you include in a highly available system to account for potential site failures?
A. geographical separation of redundant devices
B. hot/standby failover pairs
C. Cisco ACE load-balancing with VIP
D. dual power supplies
Answer: A
Q25. CORRECT TEXT
Answer: Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end
Q26. Which cryptographic algorithms are a part of the Cisco NGE suite?
A. HIPPA DES
B. AES-CBC-128
C. RC4-128
D. AES-GCM-256
Answer: D
Explanation: Reference:
https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf
Q27. Which protocol does DTLS use for its transport?
A. TCP
B. UDP
C. IMAP
D. DDE
Answer: B
Q28. Refer to the exhibit.
You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate?
A. IKEv2 failed to establish a phase 2 negotiation.
B. The Crypto ACL is different on the peer device.
C. ISAKMP was unable to find a matching SA.
D. IKEv2 was used in aggressive mode.
Answer: B
Q29. A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)
A. crypto ikev2 keyring keyring-name
peer peer1
address 209.165.201.1 255.255.255.255
pre-shared-key local key1
pre-shared-key remote key2
B. crypto ikev2 transform-set transform-set-name
esp-3des esp-md5-hmac
esp-aes esp-sha-hmac
C. crypto ikev2 map crypto-map-name
set crypto ikev2 tunnel-group tunnel-group-name
set crypto ikev2 transform-set transform-set-name
D. crypto ikev2 tunnel-group tunnel-group-name
match identity remote address 209.165.201.1
authentication local pre-share
authentication remote pre-share
E. crypto ikev2 profile profile-name
match identity remote address 209.165.201.1
authentication local pre-share
authentication remote pre-share
Answer: A,E
Q30. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?
A. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splitlist
B. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelall
split-tunnel-network-list value splitlist
C. group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
D. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect vpn-tunnel-network-list splitlist
E. crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
Answer: A