Updated 300-209: Testking real bundle from 11 to 20
Your success in Cisco 300-209 is our sole target and we develop all our 300-209 braindumps in a way that facilitates the attainment of this target. Not only is our 300-209 study material the best you can find, it is also the most detailed and the most updated. 300-209 Practice Exams for Cisco CCNP Security 300-209 are written to the highest standards of technical accuracy.
Q11. Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?
A. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
B. IKEv2 sessions are not licensed.
C. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
D. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.
Q12. Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to-Site VPN Wizard?
A. the local interface named "VPN_access"
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0
Q13. After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem?
A. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map
B. Change the remote traffic selector on the remote ASA to 192.168.22.0/24
C. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers
D. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0
E. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24.
Q14. Which cryptographic algorithms are a part of the Cisco NGE suite?
A. HIPPA DES
Q15. When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?
B. IP routing
D. front door VPN routing and forwarding
Q16. Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?
A. TLS and DTLS
C. L2TP over IPsec
D. SSH over TCP
Q17. Which feature is enabled by the use of NHRP in a DMVPN network?
A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution
Q18. Refer to the exhibit.
The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem?
B. crypto policy
C. peer identity
D. transform set
Q19. Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)
A. aes-cbc-192, sha256, 14
B. 3des, md5, 5
C. 3des, sha1, 1
D. aes-cbc-128, sha, 5
Q20. A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)
A. Client's public IP address
B. Client's operating system
C. Client's default gateway IP address
D. Client's username
E. ASA's public IP address