Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 51-60

By | April 22, 2015

Ensurepass

 

QUESTION 51

You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template?

 

A.

tunnel protection ipsec

B.

ip virtual-reassembly

C.

tunnel mode ipsec

D.

ip unnumbered

 

Correct Answer: D

 

 

QUESTION 52

Which protocol supports high availability in a Cisco IOS SSL VPN environment?

 

A.

HSRP

B.

VRRP

C.

GLBP

D.

IRDP

 

Correct Answer: A

 

 

 

 

QUESTION 53

When you configure IPsec VPN High Availability Enhancements, which technology does Cisco recommend that you enable to make reconvergence faster?

 

A.

EOT

B.

IP SLAs

C.

periodic IKE keepalives

D.

VPN fast detection

 

Correct Answer: C

 

 

QUESTION 54

Which hash algorithm is required to protect classified information?

 

A.

MD5

B.

SHA-1

C.

SHA-256

D.

SHA-384

 

Correct Answer: D

 

 

QUESTION 55

Which cryptographic algorithms are approved to protect Top Secret information?

 

A.

HIPPA DES

B.

AES-128

C.

RC4-128

D.

AES-256

 

Correct Answer: D

 

 

QUESTION 56

Which Cisco firewall platform supports Cisco NGE?

 

A.

FWSM

B.

Cisco ASA 5505

C.

Cisco ASA 5580

D.

Cisco ASA 5525-X

 

Correct Answer: D

 

 

QUESTION 57

Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?

 

A.

3DES

B.

AES

C.

DES

D.

RSA

 

Correct Answer: D

 

 

QUESTION 58

Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution?

 

A.

AES-GCM and SHA-2

B.

3DES and DH

C.

AES-CBC and SHA-1

D.

3DES and SHA-1

 

Correct Answer: A

 

 

QUESTION 59

An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

 

A.

access-list splitlist standard permit 209.165.201.0 255.255.255.224

access-list splitlist standard permit 209.165.202.128 255.255.255.224

!

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splitlist

B.

access-list splitlist standard permit 209.165.201.0 255.255.255.224

access-list splitlist standard permit 209.165.202.128 255.255.255.224

!

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

split-tunnel-policy tunnelall

split-tunnel-network-list value splitlist

C.

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

D.

access-list splitlist standard permit 209.165.201.0 255.255.255.224

access-list splitlist standard permit 209.165.202.128 255.255.255.224

!

crypto anyconnect vpn-tunnel-policy tunnelspecified

crypto anyconnect vpn-tunnel-network-list splitlist

E.

crypto anyconnect vpn-tunnel-policy tunnelspecified

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

 

Correct Answer: A

 

 

 

 

 

QUESTION 60

Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?

 

A.

group 10

B.

group 24

C.

group 5

D.

group 20

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …