This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:20:03 2024 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Easily Pass 300-209 Exam By Training Lead2pass New Cisco VCE Dumps (201-220) --------------------------------------------------- 2017 November Cisco Official New Released 300-209 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! How to 100% pass 300-209 exam? Lead2pass 300-209 dump is unparalleled in quality and is 100% guaranteed to make you pass 300-209 exam. All the 300-209 exam questions are the latest. Here are some free share of Cisco 300-209 dumps. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-209.html QUESTION 201Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.) A.    transform setB.    ISAKMP policyC.    ACL that defines traffic to encryptD.    dynamic routing protocolE.    tunnel interfaceF.    IPsec profileG.    PSK or PKI trustpoint with certificateAnswer: ABG QUESTION 202Which statement regarding hashing is correct? A.    MD5 produces a 64-bit message digest.B.    SHA-1 produces a 160-bit message digest.C.    MD5 takes more CPU cycles to compute than SHA-1.D.    Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output. Answer: B QUESTION 203Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?  A.    PSKB.    Phase 1 policyC.    transform setD.    crypto access list Answer: A QUESTION 204Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.) A.    Enable EIGRP next-hop-self on the hub.B.    Disable EIGRP next-hop-self on the hub.C.    Enable EIGRP split-horizon on the hub.D.    Add NHRP redirects on the hub.E.    Add NHRP shortcuts on the spoke.F.    Add NHRP shortcuts on the hub. Answer: BDE QUESTION 205Which algorithm provides both encryption and authentication for data plane communication? A.    SHA-96B.    SHA-384C.    3DESD.    AES-256E.    AES-GCMF.    RC4 Answer: E QUESTION 206Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.) A.    Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.B.    Only crypto map configuration that is set up on the active device must be duplicated on the standby device.C.    The IPsec configuration that is set up on the active device must be duplicated on the standby device.D.    The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.E.    The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.F.    Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.G.    The IKE configuration that is set up on the active device must be duplicated on the standby device. Answer: CEG QUESTION 207Which two statements comparing ECC and RSA are true? (Choose two.) A.    ECC can have the same security as RSA but with a shorter key size.B.    ECC lags in performance when compared with RSA.C.    Key generation in ECC is slower and less CPU intensive than RSA..D.    ECC cannot have the same security as RSA, even with an increased key size.E.    Key generation in ECC is faster and less CPU intensive. Answer: AE QUESTION 208Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.) A.    one IPsec SA for all encrypted trafficB.    no requirement for an overlay routing protocolC.    design for use over public or private WAND.    sequence numbers that enable scalable replay checkingE.    enabled use of ESP or AHF.    preservation of IP protocol in outer header Answer: AB QUESTION 209A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.) A.    split excludeB.    use of an XML profileC.    full tunnel by defaultD.    split tunnelE.    split include Answer: AB QUESTION 210As network consultant, you are asked to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend? A.    DMVPNB.    FlexVPNC.    GET VPND.    SSL VPN Answer: B QUESTION 211Which protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? A.    TLSB.    DTLSC.    IKEv2D.    ISAKMP Answer: D QUESTION 212Refer to the exhibit. Which type of VPN implementation is displayed?  A.    IKEv2 reconnectB.    IKEv1 clusterC.    IKEv2 load balancerD.    IKEv1 clientE.    IPsec high availabilityF.    IKEv2 backup gateway Answer: C QUESTION 213An engineer is troubleshooting a DMVPN spoken router and sees a CRPTO-4-IKMP_BAD_MESSAGE debug message that a spoke router "failed its sanity check or is malformed" Which issue does the error message indicate? A.    mismatched preshared keyB.    unsupported transform propsalC.    invalid IP packet SPID.    incompatible transform set Answer: A QUESTION 214Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server? A.    enrollment profileB.    enrollment terminalC.    enrollment urlD.    enrollment selfsigned Answer: A QUESTION 215Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action can bring up the VPN tunnel?   A.    Increase the maximum SA limit on the local Cisco ASA.B.    Correct the crypto access list on both Cisco ASA devices.C.    Remove the maximum SA limit on the remote Cisco ASA.D.    Reduce the maximum SA limit on the local Cisco ASA.E.    Correct the IP address in the local and remote crypto maps.F.    Increase the maximum SA limit on the remote Cisco ASA. Answer: AExplanation:Since unknown request rejected by CAC. CAC is use to limit SA. QUESTION 216Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?  A.    DMVPN with dual hubB.    GET VPN with dual group memberC.    FlexVPN backup gatewayD.    GET VPN with COOP key serverE.    FlexVPN load balancer Answer: D QUESTION 217Which configuration is used to build a tunnel between a Cisco ASA and ISR? A.    crypto mapB.    DMVPNC.    GET VPND.    GRE with IPsecE.    GRE without IPsec Answer: A QUESTION 218Refer to the exhibit. What is the problem with the IKEv2 site-to-site VPN tunnel?   A.    incorrect PSKB.    crypto access list mismatchC.    incorrect tunnel groupD.    crypto policy mismatchE.    incorrect certificate Answer: B QUESTION 219Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.) A.    It is compatible with IKEv1.B.    It has at minimum a nine-packet exchange.C.    It uses aggressive mode.D.    NAT traversal is included in the RFC.E.    It uses main mode.F.    DPD is defined in RFC 4309.G.    It allows for EAP authentication. Answer: DG QUESTION 220Which DAP endpoint attribute checks for the matching MAC address of a client machine? A.    deviceB.    processC.    antispywareD.    BIA Answer: A Always up-to-date Lead2pass 300-209 VCE - everything you need for your Cisco 300-209 exam to pass. Our Cisco 300-209 software allows you to practise exam dumps in real 300-209 exam environment. Welcome to choose. More 300-209 new questions (with images) on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYnF5Vk16OS1tc1E 2017 Cisco 300-209 exam dumps (All 319 Q&As) from Lead2pass: https://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-11-01 07:07:10 Post date GMT: 2017-11-01 07:07:10 Post modified date: 2017-11-01 07:07:10 Post modified date GMT: 2017-11-01 07:07:10 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com