Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 61-70

By | April 22, 2015

Ensurepass

 

QUESTION 61

What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes?

 

A.

1160 bytes

B.

1260 bytes

C.

1360 bytes

D.

1240 bytes

 

Correct Answer: C

 

 

QUESTION 62

Which technology does a multipoint GRE interface require to resolve endpoints?

 

A.

ESP

B.

dynamic routing

C.

NHRP

D.

CEF

E.

IPSec

 

Correct Answer: C

 

 

QUESTION 63

Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)

 

A.

SHA (HMAC variant)

B.

Diffie-Hellman

C.

DES

D.

MD5 (HMAC variant)

 

Correct Answer: AB

 

 

QUESTION 64

Which command configures IKEv2 symmetric identity authentication?

 

A.

match identity remote address 0.0.0.0

B.

authentication local pre-share

C.

authentication pre-share

D.

authentication remote rsa-sig

 

Correct Answer: D

 

 

QUESTION 65

Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)

 

A.

aes-cbc-192, sha256, 14

B.

3des, md5, 5

C.

3des, sha1, 1

D.

aes-cbc-128, sha, 5

 

Correct Answer: BD

 

 

QUESTION 66

What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN?

 

A.

disk0:/webvpn/{context name}/

B.

disk1:/webvpn/{context name}/

C.

flash:/webvpn/{context name}/

D.

nvram:/webvpn/{context name}/

 

Correct Answer: C

 

 

QUESTION 67

Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?

 

A.

vpn-filter none

B.

no vpn-filter

C.

filter value none

D.

filter value ACLname

 

Correct Answer: C

 

 

QUESTION 68

Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?

 

A.

csd hostscan path image

B.

csd hostscan image path

C.

csd hostscan path

D.

hostscan image path

 

Correct Answer: B

 

 

 

 

 

QUESTION 69

clip_image002

clip_image004

clip_image006

 

When a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?

 

A.

1

B.

2

C.

5

D.

14

E.

19

 

Correct Answer: C

Explanation:

Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.

 

clip_image008

 

 

 

 

QUESTION 70

clip_image009

clip_image010

clip_image006[1]

 

Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?

 

A.

An access-list must be configured on the outside interface to permit inbound VPN traffic

B.

A route to 192.168.22.0/24 will not be automatically installed in the routing table

C.

The ASA will use a window of 128 packets (64×2) to perform the anti-replay check _

D.

The tunnel can also be established on TCP port 10000

 

Correct Answer: C

Explanation:

Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.

 

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …