Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 71-80

By | April 22, 2015

Ensurepass

 

QUESTION 71

clip_image002

clip_image004

clip_image006

 

If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic?

 

A.

DES

B.

3DES

C.

AES

D.

AES192

E.

AES256

 

Correct Answer: E

Explanation:

Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 72

clip_image007

clip_image008

clip_image006[1]

 

After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem?

 

A.

Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map

B.

Change the remote tra
ffic selector on the remote ASA to 192.168.22.0/24

C.

Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers

D.

Change the local traffic selector on the headquarter ASA to 0.0.0.0/0

E.

Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0

 

Correct Answer: B

Explanation:

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 73

clip_image007[1]

clip_image008[1]

clip_image006[2]

 

Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?

 

A.

Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0-192.168.20.255/65535

B.

Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535

C.

Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0-192.168.33.255/65535

D.

Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0-0.0.0.0/65535

E.

Local selector 0.0.0.0/0-0.0.0.0/65535 Remote selector 192.168.22.0/0-192.168.22.255/65535

 

Correct Answer: B

Explanation:

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 74

clip_image010

clip_image012

clip_image013

 

Correct Answer:

Here are the steps as below:

Step 1: configure key ring

crypto ikev2 keyring mykeys

peer SiteB.cisco.com

address 209.161.201.1

pre-shared-key local $iteA

pre-shared key remote $iteB

Step 2: Configure IKEv2 profile

Crypto ikev2 profile default

identity local fqdn SiteA.cisco.com

Match identity remote fqdn SiteB.cisco.com

Authentication local pre-share

Authentication remote pre-share

Keyring local mykeys

Step 3: Create the GRE Tunnel and apply profile

crypto ipsec profile default

set ikev2-profile default

Interface tunnel 0

ip address 10.1.1.1 255.255.255.0

Tunnel source eth 0/0

Tunnel destination 209.165.201.1

tunnel protection ipsec profile default

end

 

 

 

 

 

QUESTION 75

A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company’s SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company’s requirement? (Choose two).

 

A.

AnyConnect client

B.

Smart Tunnels

C.

Email Proxy

D.

Content Rewriter

E.

Portal Customizations

 

Correct Answer: AB

 

 

QUESTION 76

A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing traffic to be blackholed. Which command should be used to identify the peer from which that route originated?

 

A.

show crypto ikev2 sa detail

B.

show crypto route

C.

show crypto ikev2 client flexvpn

D.

show ip route eigrp

E.

show crypto isakmp sa detail

 

Correct Answer: A

 

 

QUESTION 77

Refer to the exhibit. Which authentication method was used by the remote peer to prove its identity?

 

clip_image015

 

A.

Extensible Authentication Protocol

B.

certificate authentication

C.

pre-shared key

D.

XAUTH

 

Correct Answer: C

 

 

QUESTION 78

Refer to the exhibit. An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure?

 

clip_image016

 

A.

IKEv2 routing requires certificate authentication, not pre-shared keys.

B.

An invalid administrative distance value was configured.

C.

The match identity command must refer to an access list of routes.

D.

The IKEv2 authorization policy is not referenced in the IKEv2 profile.

 

Correct Answer: B

 

 

 

 

 

 

 

 

 

QUESTION 79

Refer to the exhibit. An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed?

 

clip_image017

 

A.

No configuration change is necessary. Everything is working correctly.

B.

OSPFv3 needs to be configured on the interface.

C.

NHRP needs to be configured to provide NBMA mapping.

D.

Tunnel mode needs to be changed to GRE IPv4.

E.

Tunnel mode needs to be changed to GRE IPv6.

 

Correct Answer: D

 

 

QUESTION 80

Refer to the exhibit. The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly?

 

clip_image019

A.

The address command on Router2 must be narrowed down to a /32 mask.

B.

The local and remote keys on Router2 must be switched.

C.

The pre-shared key must be altered to use only lowercase letters.

D.

The local and remote keys on Router2 must be the same.

 

Correct Answer: B

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …