300-209 PDF

How to use our free PDF

Our Free PDF is based on the full mock exams which is available on our Web Site. The PDF consists in an extract of questions and answers with detailed explanations that are available to be:

Question 1
Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) A. SHA-512
B. SHA-256
C. SHA-192
D. SHA-380 E. SHA-192 F. SHA-196
Answers A, B
Question 2
Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?
  https://www.certification-questions.com/
 
A. The router must be configured with a dynamic crypto map.
B. Certificates are always used for phase 1 authentication.
C. The tunnel establishment will fail if the router is configured as a responder only. D. The router and the peer router must have NAT traversal enabled.
Answers c
Question 3
Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.)
A. The VPN server must have a self-signed certificate.
B. A SSL group pre-shared key must be configured on the server.
C. Server side certificate is optional if using AAA for client authentication. D. The VPN IP address pool can overlap with the rest of the LAN networks. E. DTLS can be enabled for better performance.
Answer D, E
Question 4
Which two features are required when configuring a DMVPN network? (Choose two.) A. Dynamic routing protocol
B. GRE tunnel interface
C. Next Hop Resolution Protocol
D. Dynamic crypto map E. IPsec encryption Answer B, C
Question 5
What are two benefits of DMVPN Phase 3? (Choose two.)
A. Administrators can use summarization of routing protocol updates from hub to spokes. B. It introduces hierarchical DMVPN deployments.
https://www.certification-questions.com/
 
C. It introduces non-hierarchical DMVPN deployments.
D. It supports L2TP over IPSec as one of the VPN protocols. Answer A, B
Question 6
Which are two main use cases for Clientless SSL VPN? (Choose two.)
A. In kiosks that are part of a shared environment
B. When the users do not have admin rights to install a new VPN client
C. When full tunneling is needed to support applications that use TCP, UDP, and ICMP D. To create VPN site-to-site tunnels in combination with remote access
Answer A, B
Question 7
Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?
A. NHRP Event Publisher B. interface state control C. CAC
D. NHRP Authentication E. ip nhrp connect Answer C
Question 8
Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?
A. FlexVPN B. DMVPN C. GET VPN D. SSL VPN Answer A
https://www.certification-questions.com/
 
Question 9
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices? A. IKEv2 Suite-B
B. IKEv2 proposals
C. IKEv2 profiles
D. IKEv2 Smart Defaults
Answer D
Question 10
When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption? A. ACL
B. IP routing
C. RRI
D. front door VPN routing and forwarding
Answer B
Would you like to see more? Don’t miss our 300-209 PDF file at:
https://www.certification-question.com/cisco-pdf/300-209-pdf.html