300-209 Exam Dumps | Scenario: You are the senior network security administrator for your organization. Recently and junior

<< Prev Question Next Question >>

Question 3/194

Scenario:
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Topology:

What is being used as the authentication method on the branch ISR?

A. Certificates

B. Pre-shared keys

C. RSA public keys

D. Diffie-Hellman Group 2

Question List (194q): Question 1: Which two command are included in the command show dmvpn det...; Question 2: A company needs to provide secure access to its remote workf...; Question 3: Scenario: You are the senior network security administrator ...; Question 4: An engineer has integrated a new DMVPN to link remote office...; Question 5: (Exhibit) After implementing the IKEv2 tunnel, it was observ...; Question 6: A Cisco IOS SSL VPN gateway is configured to operate in clie...; Question 7: Which two statements comparing ECC and RSA are true? (Choose...; Question 8: Which two examples of transform sets are contained in the IK...; Question 9: Refer to the exhibit. (Exhibit) Which two characteristics of...; Question 10: Refer to the exhibit. Given the partial configuration shown,...; Question 11: Which two features are required when configuring a DMVPN net...; Question 12: Which command clears all Cisco AnyConnect VPN sessions on a ...; Question 13: Which two statements about the Cisco ASA Clientless SSL VPN ...; Question 14: A private wan connection is suspected of intermittently corr...; Question 15: Refer to the exhibit. (Exhibit) Which two statements about t...; Question 16: Which statement regarding GET VPN is true?...; Question 17: An engineer wants to ensure that employees cannot access cor...; Question 18: A Cisco router may have a fan issue that could increase its ...; Question 19: (Exhibit) Refer to the exhibit. Client 1 cannot communicate ...; Question 20: Which two options are purposes of the key server in Cisco IO...; Question 21: Which three changes must be made to migrate from DMVPN Phase...; Question 22: Which Cisco ASA SSL VPN feature provides support for PCI com...; Question 23: Refer to the exhibit. (Exhibit) Which statement about the gi...; Question 24: Which two troubleshooting steps should be taken when Cisco A...; Question 25: Which technology is FlexVPN based on?...; Question 26: Refer to the exhibit. (Exhibit) Which type of VPN implementa...; Question 27: Which application does the Application Access feature of Cli...; Question 28: Refer to the exhibit. Based on the partial configuration sho...; Question 29: When troubleshooting established clientless SSL VPN issues, ...; Question 30: Refer to the exhibit. (Exhibit) Which type of mismatch is ca...; Question 31: Which three types of web resources or protocols are enabled ...; Question 32: Which are two main use cases for Clientless SSL VPN? (Choose...; Question 33: You are troubleshooting a site-to-site VPN issue where the t...; Question 34: With Cisco ASA active/standby failover, by default, how many...; Question 35: Which protocol must be enabled on the inside interface to us...; Question 36: (Exhibit) A network administrator is running DMVPN with EIGR...; Question 37: In which situation would you enable the Smart Tunnel option ...; Question 38: Scenario Your organization has just implemented a Cisco AnyC...; Question 39: Refer to the exhibit. What is the problem with the IKEv2 sit...; Question 40: Refer to the exhibit. (Exhibit) Which VPN solution does this...; Question 41: Which DAP endpoint attribute checks for the matching MAC add...; Question 42: On which Cisco platform are dynamic virtual template interfa...; Question 43: Which statement about plug-ins is false?...; Question 44: Which type of NHRP packet is unique to Phase 3 DMVPN topolog...; Question 45: (Exhibit) Refer to the exhibit. VPN load balancing provides ...; Question 46: In DMVPN phase 2, which two EIGRP features need to be disabl...; Question 47: Scenario: You are the senior network security administrator ...; Question 48: Which two Cisco ASA licensing features are correct with Cisc...; Question 49: Which option is a possible solution if you cannot access a U...; Question 50: What are two benefits of DMVPN Phase 3? (Choose two.)...; Question 51: What action does the hub take when it receives a NHRP resolu...; Question 52: Which two statements regarding IKEv2 are true per RFC 4306? ...; Question 53: Which Cisco ASA configuration is used to configure the TCP i...; Question 54: Which command enables the router to form EIGRP neighbor adja...; Question 55: The Cisco AnyConnect client fails to connect via IKEv2 but w...; Question 56: A custom desktop application needs to access an internal ser...; Question 57: What is the Cisco recommended TCP maximum segment on a DMVPN...; Question 58: Which command can be used to troubleshoot an IPv6 FlexVPN sp...; Question 59: Which configuration construct must be used in a FlexVPN tunn...; Question 60: Refer to the exhibit. (Exhibit) A customer cannot establish ...; Question 61: (Exhibit) Which option shows the correct traffic selectors f...; Question 62: Authorization of a clientless SSL VPN defines the actions th...; Question 63: Which algorithm provides both encryption and authentication ...; Question 64: Which feature enforces the corporate policy for Internet acc...; Question 65: (Exhibit) Refer to the exhibit. An engineer encounters a deb...; Question 66: What is the default storage location of user-level bookmarks...; Question 67: Which VPN solution is best for a collection of branch office...; Question 68: Which IKEv2 feature minimizes the configuration of a FlexVPN...; Question 69: Which encryption and authentication algorithms does Cisco re...; Question 70: Which two are features of GETVPN but not DMVPN and FlexVPN? ...; Question 71: Which cryptographic algorithms are a part of the Cisco NGE s...; Question 72: An internet-based VPN solution is being considered to replac...; Question 73: An administrator desires that when work laptops are not conn...; Question 74: Which alogrithm is an example of asymmetric encryption?...; Question 75: Which two statements about the running configuration of the ...; Question 76: Refer to the exhibit. The IKEv2 site-to-site VPN tunnel betw...; Question 77: Refer to the exhibit. (Exhibit) You have implemented an SSL ...; Question 78: Refer to the exhibit. (Exhibit) The customer needs to launch...; Question 79: Refer to the exhibit. (Exhibit) The customer can establish a...; Question 80: An engineer notices that while an employee is connected remo...; Question 81: Scenario: You are the senior network security administrator ...; Question 82: Which NGE IKE Diffie-Hellman group identifier has the strong...; Question 83: After adding a remote-access IPsec tunnel via the VPN wizard...; Question 84: You are configuring a Cisco IOS SSL VPN gateway to operate w...; Question 85: A user is trying to connect to a Cisco IOS device using clie...; Question 86: Which feature is a benefit of Dynamic Multipoint VPN?...; Question 87: Refer to the exhibit. (Exhibit) Which type of VPN is being c...; Question 88: Which algorithm is replaced by elliptic curve cryptography i...; Question 89: You are troubleshooting a site-to-site VPN issue where the t...; Question 90: Which other match command is used with the match flow ip des...; Question 91: When you configure IPsec VPN High Availability Enhancements,...; Question 92: The Cisco AnyConnect client is unable to download an updated...; Question 93: (Exhibit) Based on the provided ASDM configuration for the r...; Question 94: Which hash algorithm is required to protect classified infor...; Question 95: The following configuration steps have been completeD. WebVP...; Question 96: Which Cisco firewall platform supports Cisco NGE?...; Question 97: After completing a site-to-site VPN setup between two router...; Question 98: Which technology does a multipoint GRE interface require to ...; Question 99: Refer to the exhibit. (Exhibit) The network administrator is...; Question 100: As network security architect, you must implement secure VPN...; Question 101: Which technology supports tunnel interfaces while remaining ...; Question 102: Which equation describes an elliptic curve?...; Question 103: Which three actions can be applied to a traffic class within...; Question 104: (Exhibit) When a tunnel is initiated by the headquarter ASA,...; Question 105: Which technology must be installed on the client computer to...; Question 106: Which two changes must be made to migrate from DMVPN Phase 2...; Question 107: Refer to the exhibit. (Exhibit) Which authentication method ...; Question 108: Regarding licensing, which option will allow IKEv2 connectio...; Question 109: Which two operational advantages does GetVPN offer over site...; Question 110: (Exhibit) If the IKEv2 tunnel were to establish successfully...; Question 111: In the Diffie-Hellman protocol, which type of key is the sha...; Question 112: As network consultant, you are asked to suggest a VPN techno...; Question 113: SIMULATION Scenario You are the network security administrat...; Question 114: Refer to the exhibit. (Exhibit) You executed the show crypto...; Question 115: Where do you configure AnyConnect certificate-based authenti...; Question 116: You have been using pre-shared keys for IKE authentication o...; Question 117: Which command is used to determine how many GMs have registe...; Question 118: A customer requires all traffic to go through a VPN. However...; Question 119: Which two qualify as Next Generation Encryption integrity al...; Question 120: Remote users want to access internal servers behind an ASA u...; Question 121: Refer to the exhibit. (Exhibit) The ABC Corporation is chang...; Question 122: Refer to the exhibit. (Exhibit) A new NOC engineer, while vi...; Question 123: The Cisco ASA software image has been erased from flash memo...; Question 124: Refer to the exhibit. (Exhibit) An IPsec peer is exchanging ...; Question 125: An engineer is troubleshooting a DMVPN spoke router and sees...; Question 126: Which protocol supports high availability in a Cisco IOS SSL...; Question 127: Which three configuration parameters are mandatory for an IK...; Question 128: (Exhibit) Refer to the exhibit. An engineer is troubleshooti...; Question 129: Refer to the exhibit. (Exhibit) The "level_2" digital certif...; Question 130: Which statement is correct concerning the trusted network de...; Question 131: Which protocols does the Cisco AnyConnect client use to buil...; Question 132: Refer to the exhibit. (Exhibit) Which exchange does this deb...; Question 133: What does NHRP stand for?; Question 134: Which adaptive security appliance command can be used to see...; Question 135: A spoke has two Internet connections for failover. How can y...; Question 136: Which Cisco IOS feature provides secure, on-demand meshed co...; Question 137: Refer to the exhibit. (Exhibit) An administrator had the abo...; Question 138: Which is used by GETVPN, FlexVPN and DMVPN?...; Question 139: Which three types of SSO functionality are available on the ...; Question 140: Which cryptographic algorithms are approved to protect Top S...; Question 141: Refer to the exhibit. (Exhibit) What technology does the giv...; Question 142: An engineer has configured Cisco AnyConnect VPN using IKEv2 ...; Question 143: Which protocol does DTLS use for its transport?...; Question 144: Refer to the exhibit. (Exhibit) Which technology does this c...; Question 145: Which two technologies are considered to be Suite B cryptogr...; Question 146: Which command configures IKEv2 symmetric identity authentica...; Question 147: Which protocol can be used for better throughput performance...; Question 148: Which Cisco IOS VPN feature simplifies IPsec VPN configurati...; Question 149: When an IPsec SVTI is configured, which technology processes...; Question 150: Which option describes what address preservation with IPsec ...; Question 151: A rogue static route is installed in the routing table of a ...; Question 152: A network administrator is configuring AES encryption for th...; Question 153: Refer to the exhibit. (Exhibit) While configuring a site-to-...; Question 154: Which transform set is contained in the IKEv2 default propos...; Question 155: SIMULATION (Exhibit); Question 156: Which two cryptographic technologies are recommended for use...; Question 157: When attempting to tunnel FTP traffic through a stateful fir...; Question 158: Refer to the exhibit. (Exhibit) An administrator is adding I...; Question 159: Which three configurations are prerequisites for stateful fa...; Question 160: Refer to the exhibit. (Exhibit) The IKEv2 tunnel between Rou...; Question 161: Which technology can provide high availability for an SSL VP...; Question 162: Which three parameters must match on all routers in a DMVPN ...; Question 163: When implementing GET VPN, which of these is a characteristi...; Question 164: Which two statements are true when designing a SSL VPN solut...; Question 165: Which two types of authentication are supported when you use...; Question 166: By default, how does a Cisco ASA appliance process IP fragme...; Question 167: Which option lists the main tasks in the correct order to co...; Question 168: Which technology can rate-limit the number of tunnels on a D...; Question 169: A user is experiencing issues connecting to a Cisco AnyConne...; Question 170: An administrator wishes to limit the networks reachable over...; Question 171: In a GET VPN solution, which two ways can the key server dis...; Question 172: Scenario: You are the senior network security administrator ...; Question 173: When you are configuring a DMVPN network, which tunnel mode ...; Question 174: Which Cisco adaptive security appliance command can be used ...; Question 175: Which type of communication in a FlexVPN implementation uses...; Question 176: Which three configurations are required for both IPsec VTI a...; Question 177: Which statement is true when implementing a router with a dy...; Question 178: Which PKI enrollment method allows the user to separate auth...; Question 179: Refer to the exhibit. (Exhibit) Which VPN solution does this...; Question 180: Using the Next Generation Encryption technologies, which is ...; Question 181: An IOS SSL VPN is configured to forward TCP ports. A remote ...; Question 182: Which of these is true regarding tunnel configuration when d...; Question 183: Which Cisco ASA platform should be selected if the requireme...; Question 184: Which of these are the two types of keys used when implement...; Question 185: Refer to the exhibit. (Exhibit) A NOC engineer needs to tune...; Question 186: Which two parameters help to map a VPN session to a tunnel g...; Question 187: Which command will prevent a group policy from inheriting a ...; Question 188: Which command specifies the path to the Host Scan package in...; Question 189: On which type of encrypted traffic can a Cisco ASA appliance...; Question 190: Which option describes the purpose of the shared argument in...; Question 191: Which Cisco adaptive security appliance command can be used ...; Question 192: Which benefit of FlexVPN is not offered by DMVPN using IKEv1...; Question 193: Which two statements about the Cisco ASA Clientless SSL VPN ...; Question 194: SIMULATION Scenario: You are the network security manager fo...

Question 3/194

LEAVE A REPLY

Download PDF File