300-209 Free Questions – Implementing Cisco Secure Mobility Solutions V19.02 – PassQuestion Free Questions To Test Online

1. What are two benefits of using DTLS when implementing a Cisco AnyConnect SSI VPN on a Cisco ASA or router? (Choose two.)

provides latency avoidance

has enhanced dead peer detection

uses TLS Only for the tunnel

provides greater security and integrity of the tunnel

establishes two simultaneous tunnels

2. You are configuring a Cisco ASA for Clientless SSL VPN.
Which command do you run to prevent web browsing from the Cisco SSL VPN portal page?

url-list disable

http server disable

http-proxy 0.0.0.0

url-entry disable

3. Which encryption algorithm does Cisco recommend that you avoid?

HMAC-SHA1

AES-CBC

DES

HMAC-MD5

4. An engineer is troubleshooting an IPsec site-to-site tunnel and verifies that the tunnel status is MM_WAIT_MSG6.
What can be determined from this message?

The PSK has not been confirmed by the responder.

The encryption policy has not been confirmed by the initiator.

The encryption policy has not been confirmed by the responder.

The PSk has not been confirmed by the initiator

5. Which benefit of ECC as compared to RSA is true?

requires multiple keys

supports Clientless SSL VPN

can provide higher security at a lower computational cost

can be used on Cisco ASA and Cisco IOS device

6. Which method dynamically advertises the network routes for remote tunnel endpoints?

dynamic routing

RRI

policy-based routing

CEF

7. Which two methods customize the installation of the Cisco AnyConnect client? (Choose two.)

installation profiles

command-line parameters

client profiles

resource profiles

installer transforms

8. Your company network security policy requires that all network traffic be tunneled to the corporate office. End users must be able to access local LAN resources when they connect to the corporate network.
Which two configurations do you implement in Cisco AnyConnect? (Choose two.)

split-exclude tunneling

local LAN access

static routes

Client Bypass Protocol

tunnel all

9. Which description of how DTLS improves application performance is true?

uses connection-oriented sessions

creates less overhead by using UDP

avoids bandwidth and latency issues

uses a flow control mechanism

10. Which command displays the NBMA IP addresses when DMVPN is configured with tunnel protection?

show crypto session

show ip nhrp

show ip interface tunnel

show crypto socket

11. Which VPN solution enables you to publish applications to users by using bookmarks?

IPsec client

SSL VPN full network access

Clientless SSL VPN

port forward

12. When configuring a FlexVPN, which two components must be configured for IKEv2? (Choose two.)

persistence

profile

proposal

preference

method

13. When a Cisco ASA is configured for Active/Standby failover, what is replicated between the devices?

HostScan images

Cisco AnyConnect profiles

VPN sessions

Cisco AnyConnect images

14. You must implement DMVPN Phase 3 by using EIGRP as the dynamic routing protocol for the tunnel overlay.
Which action do you take to allow EIGRP to advertise all routes between the hub and all the spokes?

Summarize routes from the hub to the spokes.

Disable split-horizon for EIGRP on the hub.

Configure the hub to set itself as the next hop when advertising networks to the spoke.

Add a distribute list to permit the spoke subnets and deny all other networks.

15. When using Clientless SSL VPN on a Cisco ASA, which authentication method is required for single sign-on?

TACACS

LOCAL

RADIUS

SAML 2.0

16. Which two descriptions of the characteristics of Cisco GET VPN are true? (Choose two.)

provides a tunnelless transport mechanism

encrypts the data payload and IP header of a packet

requires that GRE tunnels exist between participating routers

uses a common set of traffic encryption keys shared by group members

uses VTIs to establish IPsec tunnels

17. What is a functional difference between IKEv1 and IKEv2 on a router?

HSRP

RRI

DPD

Stateful Failover

18. Which cryptographic method provides passphrase protection while importing or exporting keys?

AES

RSA

Serpent

Blowfish

19. Which VPN technology preserves IP headers and prevents overlay routing?

site-to-site VPN

GET VPN

Cisco Easy VPN

DMVPN

20. Which two features are available in the Plus license for Cisco AnyConnect? (Choose two.)

Suite B cryptography

IPsec IKEv2

Clientless SSL VPN

Network Access Manager

posture services

21. You need to configure your company’s client VPN access to send antivirus client update traffic directly to a vendor’s cloud server. All other traffic must go to the corporate network.
Which feature do you configure?

split tunnel

smart tunnel

full tunnel

Split DNS

22. Where must an engineer configure a preshared key for site-to-site VPN tunnel configured on a Cisco ASA?

crypto map

group policy

tunnel group

isakmp policy

23. A network engineer is troubleshooting a VPN configured on an ASA and has found Phase 1 is not completing.
Which configured parameter must match for the IKE Phase 1 tunnel to get successfully negotiated/

SA lifetime

idle timeout

transform-set

DH group

24. An engineer is configuring a site-t-site VPM tunnel.
Which two IKV1 parameter must match on both peers? (Choose two.

encryption algorithm

access lists

encryption domains

QoS

hashing method

25. Which cryptographic algorithm is used for data integrity?

SHA-256

ECDH-384

ECDSA-256

RSA-3072

300-209 Free Questions – Implementing Cisco Secure Mobility Solutions V19.02

300-209 Free Questions – Implementing Cisco Secure Mobility Solutions V19.02

Leave a Reply Cancel reply