Valid Study Material For Cisco 300-209

You must have updated knowledge of implementing highly secure remote communications through VPN technology. DumpsSchool provides this knowledge in its valid Cisco 300-209 exam dumps.

Try it Latest DumpsSchool 300-209 Exam dumps. Buy Full File here: (394 As Dumps)

Download the DumpsSchool 300-209 braindumps from Google Drive: (FREE VERSION!!!)

Question No. 1

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?

1d00h: IPSec (validate_proposal): transform proposal

(port 3, trans 2, hmac_alg 2) not supported

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0

1d00h: ISAKMP (0:2) SA not acceptable

Answer: B

Question No. 2

What routing protocol is recommended by Cisco in DMVPN between company router and ISP router? (Choose Two)

Answer: D, E

Question No. 3

Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?

Answer: B

Question No. 4


You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task.

Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually.

* Enable Clientless SSL VPN on the outside interface

* Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.publica. You may notice a certificate error in the status bar, this can be ignored for this exercise

* b. Username: vpnuser

* c. Password: cisco123

* d. Logout of the portal once you have verified connectivity

* Configure two bookmarks with the following parameters:

* a. Bookmark List Name: MY-BOOKMARKS

* b. Use the: URL with GET or POST method

* c. Bookmark Title: HQ-Server

* i.

* d. Bookmark Title: DMZ-Server-FTP

* i.

* e. Assign the configured Bookmarks to:

* i. DfltGrpPolicy

* ii. DfltAccessPolicy

* iii. LOCAL User: vpnuser

* From the Guest PC, reconnect to the SSL VPN Portal

* Test both configured Bookmarks to ensure desired connectivity

You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity.


Answer: A

Question No. 5

Refer to the exhibit.

Refer to the exhibit. In this tunnel mode GRE multipoint example, which command on the hub router distinguishes one spoken form the other?

Answer: D

Question No. 6


When a tunnel is initiated by the headquarter ASA, which one of the following Diffie-Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?

Answer: C

Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.

Question No. 7

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

Answer: A

Below is a reference for this question:


If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command:

migrate {l2l | remote-access {ikev2 | ssl} | overwrite}

Things of note:

Keyword definitions:

l2l – This converts current IKEv1 l2l tunnels to IKEv2.

remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.

overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

Question No. 8

Which two components are required a Cisco IOS-based PKI solution?

Answer: A, D

Question No. 9

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

Answer: B

Here is a reference an explanation that can be included with this test.

Configuring the Virtual Tunnel Interface on FlexVPN Spoke


1. enable

2. configure terminal

3. interface virtual-template number type tunnel

4. ip unnumbered tunnel number

5. ip nhrp network-id number

6. ip nhrp shortcut virtual-template-number

7. ip nhrp redirect [timeout seconds]

8. exit

Question No. 10

Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

Answer: B

Question No. 11

Which purpose of configuring perfect Forward secret is true?

Answer: A

300-209 Dumps Google Drive: (Limited Version!!!)

Related Certification: CCNP Security dumps