Latest Cisco CCNP Service Provider 300-209 EXAM QUESTIONS [Dec-2017 Dumps]

Cisco 300-209 exam is very helpful for applicants to identify Mobile Applications Developer, Oracle Mobile Development and Orientation and Mobility Specialist. Applicants will also learn how to improve Describe encryption, hashing, and Next Generation Encryption (NGE). Applicants, who will clear this 300-209 Cisco Certified Network Professional Service Provider certification exam, will receive CCNP Service Provider certifications. CCNPtips provides you updated 300-209 exam questions for your 300-209 exam preparation.

300-209 exam questions, 300-209 PDF dumps; 300-209 exam dumps:: https://www.dumpsschool.com/300-209-exam-dumps.html (276 Q&A) (New Questions Are 100% Available! Also Free Practice Test Software!)

Latest and Most Accurate Cisco 300-209 Exam Questions:

Question: 12

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.)

A. priority number
B. hash algorithm
C. encryption algorithm
D. session lifetime
E. PRF algorithm

Answer: B, C

Question: 13

Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.)

A. authentication
B. encryption
C. integrity
D. lifetime

Answer: B, C

Question: 14

In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require?

A. Virtual tunnel interface
B. Multipoint GRE interface
C. Point-to-point GRE interface
D. Loopback interface

Answer: B

Question: 15

New Updated 300-209 Exam Questions 300-209 PDF dumps 300-209 practice exam dumps: https://www.dumpsschool.com/300-209-exam-dumps.html

Refer to the exhibit.

After the configuration is performed, which combination of devices can connect?

A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of “cisco.com”
B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing “cisco.com”
C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing “cisco.com”
D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing “cisco.com”

Answer: D

Question: 16

Which three settings are required for crypto map configuration? (Choose three.)

A. match address
B. set peer
C. set transform-set
D. set security-association lifetime
E. set security-association level per-host
F. set pfs

Answer: A, B, C

Question: 17

A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889?

A. auto applet download
B. port forwarding
C. web-type ACL
D. HTTP proxy

Answer: B

Question: 18

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails.
What is a possible cause of the connection failure?

A. An invalid modulus was used to generate the initial key.
B. The VPN is using an expired certificate.
C. The Cisco ASA appliance was reloaded.
D. The Trusted Root Store is configured incorrectly.

Answer: C

Question: 19

In the Cisco ASDM interface, where do you enable the DTLS protocol setting?

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy
B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit
C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client
D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit

Answer: C

Question: 20

What are two forms of SSL VPN? (Choose two.)

A. port forwarding
B. Full Tunnel Mode
C. Cisco IOS WebVPN
D. Cisco AnyConnect

Answer: CD

Facebook Comments