We provide real 300-209 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco 300-209 Exam quickly & easily. The 300-209 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 300-209 dumps pdf and vce product and material, you can easily pass the 300-209 exam.

Q1. Refer to the exhibit. 

An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure? 

A. IKEv2 routing requires certificate authentication, not pre-shared keys. 

B. An invalid administrative distance value was configured. 

C. The match identity command must refer to an access list of routes. 

D. The IKEv2 authorization policy is not referenced in the IKEv2 profile. 

Answer:


Q2. To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure? 

A. Cisco IOS WebVPN customization template 

B. Cisco IOS WebVPN customization general 

C. web-access-hlp.inc 

D. app-access-hlp.inc 

Answer:


Q3. Which feature do you include in a highly available system to account for potential site failures? 

A. geographical separation of redundant devices 

B. hot/standby failover pairs 

C. Cisco ACE load-balancing with VIP 

D. dual power supplies 

Answer:


Q4. Which cryptographic algorithms are approved to protect Top Secret information? 

A. HIPPA DES 

B. AES-128 

C. RC4-128 

D. AES-256 

Answer:


Q5. When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.) 

A. Clear the browser history. 

B. Clear the browser and Java cache. 

C. Collect the information from the computer event log. 

D. Enable and use HTML capture tools. 

E. Gather crypto debugs on the adaptive security appliance. 

F. Use Wireshark to capture network traffic. 

Answer: B,E,F 


Q6. Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used? 

A. stronger encryption methods 

B. Network Address Translation of encrypted traffic 

C. traffic management based on original source and destination addresses 

D. Tunnel Endpoint Discovery 

Answer:


Q7. What URL do you use to download a packet capture file in a format which can be used by a packet analyzer? 

A. ftp://<hostname>/capture/<capture_name>/ 

B. https://<asdm_enabled _interface:port>/<capture_name>/ 

C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap 

D. https://<hostname>/<capture_name>/pcap 

Answer:


Q8. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) 

A. crypto isakmp policy 10 

encryption aes 254 

B. crypto isakmp policy 10 

encryption aes 192 

C. crypto isakmp policy 10 

encryption aes 256 

D. crypto isakmp policy 10 

encryption aes 196 

E. crypto isakmp policy 10 

encryption aes 199 

F. crypto isakmp policy 10 

encryption aes 64 

Answer: B,C 


Q9. Which Cisco ASDM option configures forwarding syslog messages to email? 

A. Configuration > Device Management > Logging > E-Mail Setup 

B. Configuration > Device Management > E-Mail Setup > Logging Enable 

C. Select the syslogs to email, click Edit, and select the Forward Messages option. 

D. Select the syslogs to email, click Settings, and specify the Destination Email Address option. 

Answer:


Q10. Which configuration is used to build a tunnel between a Cisco ASA and ISR? 

A. crypto map 

B. DMVPN 

C. GET VPN 

D. GRE with IPsec 

E. GRE without IPsec 

Answer: