We provide real 300-209 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 300-209 Exam quickly & easily. The 300-209 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 300-209 dumps pdf and vce product and material, you can easily pass the 300-209 exam.
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for this exercise.
Which crypto map tag is being used on the Cisco ASA?
This is seen from the “show crypto ipsec sa” command on the ASA.
Q112. In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require?
A. Virtual tunnel interface
B. Multipoint GRE interface
C. Point-to-point GRE interface
D. Loopback interface
Q113. Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?
A. TLS and DTLS
C. L2TP over IPsec
D. SSH over TCP
Q114. Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)
A. authenticates group members
B. manages security policy
C. creates group keys
D. distributes policy/keys
E. encrypts endpoint traffic
F. receives policy/keys
G. defines group members
Q115. Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp
Q116. Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?
A. customization value dart
B. file-browsing enable
C. smart-tunnel enable dart
D. anyconnect module value dart
Q117. Refer to the exhibit.
Which technology is represented by this configuration?
A. AAA for FlexVPN
B. AAA for EzVPN
C. TACACS+ command authorization
D. local command authorization
Q118. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?
C. Clientless SSL
Q119. CORRECT TEXT
Answer: Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 126.96.36.199
tunnel protection ipsec profile default
Q120. Which algorithm provides both encryption and authentication for data plane communication?