QUESTION 41
Guaranteed success with TestInsides practice guides 22 Cisco 300-209 : Practice Test
Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?
A. group 20
B. group 24
C. group 5
D. group 20
Answer: D
QUESTION 42
What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes?
A. 1160 bytes
B. 1260 bytes
C. 1360 bytes
D. 1240 bytes
Answer: C
QUESTION 43
Which technology does a multipoint GRE interface require to resolve endpoints?
A. ESP
B. dynamic routing
C. NHRP
D. CEF
E. IPSec
Answer: C
QUESTION 44
Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)
A. SHA (HMAC variant)
B. Diffie-Hellman
C. DES
D. MD5 (HMAC variant)
Answer: AB
QUESTION 45
Which command configures IKEv2 symmetric identity authentication?
A. match identity remote address 0.0.0.0
B. authentication local pre-share
C. authentication pre-share
D. authentication remote rsa-sig
Answer: D
QUESTION 46
Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)
A. aes-cbc-192, sha256, 14
B. 3des, md5, 5
C. 3des, sha1, 1
D. aes-cbc-128, sha, 5
Answer: BD
QUESTION 47
What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN?
A. disk0:/webvpn/{context name}/
B. disk1:/webvpn/{context name}/
C. flash:/webvpn/{context name}/
D. nvram:/webvpn/{context name}/
Answer: C
QUESTION 48
Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?
A. vpn-filter none
B. no vpn-filter
C. filter value none
D. filter value ACLname
Answer: C
QUESTION 49
Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?
A. csd hostscan path image
B. csd hostscan image path
C. csd hostscan path
D. hostscan image path
Answer: B
When a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?
A. 1
B. 2
C. 5
D. 14
E. 19
Answer: C
Explanation:
Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.
If you want to pass Cisco 300-209 successfully, donot missing to read latest lead2pass Cisco 300-209 exam questions.
If you can master all lead2pass questions you will able to pass 100% guaranteed.