Cisco CCDP 300-320 Practice Exam Questions,300-320 pdf | 100% Free

Latest updates Cisco CCDP Designing Cisco Network Service Architectures (ARCH v3.0) 300-320 exam questions and Answers! Free sharing 300-320 pdf online download, online exam Practice test, easy to improve skills! Get the full 300-320 exam dumps: https://www.leads4pass.com/300-320.html (Total questions:600 Q&A). Year-round updates! guarantee the first attempt to pass the exam!

[PDF] Free Cisco 300-320 pdf dumps download from Google Drive: https://drive.google.com/open?id=1CO03i-baRPjHkU54CVGIIfaTH2icYbXh

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/open?id=1CMo2G21nPLf7ZmI-3_hBpr4GDKRQWrGx

300-320 ARCH - Cisco: https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/arch-300-320.html

Latest effective Cisco 300-320 Exam Practice Tests

QUESTION 1
When designing data centers for multitenancy, which two benefits are provided by the implementation of VSAN and
zoning? (choose two)
A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from affecting
others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets
Correct Answer: DE

QUESTION 2
While configuring a QoS policy, analysis of the switching infrastructure indicates that the switches support 1P3Q3T
egress queuing. Which option describes the egress queuing in the infrastructure?
A. The threshold configuration allows for inter-queue QoS by utilizing buffers.
B. The priority queue must contain real-time traffic and network management traffic.
C. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds.
D. The priority queue should use less than 20% of the total bandwidth.
Correct Answer: B

QUESTION 3
Which three authentication services are supported by Cisco NAC Appliance? (Choose three.)
A. RADIUS
B. LDAP
C. Kerberos
D. TACACS+
E. local
F. SNMP
Correct Answer: ABC
Working with Existing Backend Authentication Servers When working with existing backend authentication servers,
Cisco supports the following authentication protocol types:
Kerberos
RADIUS (Remote Authentication Dial-In User Service)
Windows NT (NTLM Auth Server)
LDAP (Lightweight Directory Access Protocol)
https://www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/47/cam/ 47cam-book/m_auth.html

QUESTION 4
Design for data center where you don\\'t have to dedicate one switch per rack?
A. Top of rack
B. End of row
C. Blade Switch
D. Middle of row
Correct Answer: B

QUESTION 5
Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What are two
advantages of using Cisco FabricPath technology? (Choose two)
A. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load balancing
between redundant paths.
B. Cisco FabricPath provides MAC address scalability with conversational learning.
C. Loop mitigation is provided by the TTL field in the frame.
D. Cisco FabricPath is IETF-standard and is not used with Cisco products.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all campus
networks.
Correct Answer: BC

QUESTION 6
Which four primary attributes define a WAN service? (Choose four.)
A. bandwidth
B. bursting capacity
C. memory
D. CPU
E. QoS classes and policies
F. latency
G. multicast support
Correct Answer: ABEG

QUESTION 7
Which command can you enter to inject BGP routes into an IGP?
A. redistribute bgp
B. redistribute static
C. redistribute static subnet
D. default-information originate
Correct Answer: A

QUESTION 8
Refer to the exhibit.leads4pass 300-320 exam question - q8An engineer must apply IP addressing to five new WAN sites and choses the new subnets pictured. The previous
administrator applied the addressing at Headquarters. Whitch option is the minimum summary range to cover the
existing WAN sites while also allowing for three additional WAN sites of the same size, for future growth?
A. 10.0.60.0/18
B. 10.0.64.0/21
C. 10.0.64.0/17
D. 10.0.0.0/17
E. 10.0.64.0/18
Correct Answer: E

QUESTION 9
What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be queued later?
A. Shaping
B. Policing
C. Weighted Fair Queuing
D. Low Latency Queuing
Correct Answer: A

QUESTION 10
An engineer is redesigning the infrastructure for a campus environment. The engineer must maximize the use of the
links between the core and distribution layers. By which two methods can this usage be maximized? (Choose two.)
A. Design the links between the core and distribution layers to use RPVSTP+
B. Design with multiple unequal-cost links between the core and distribution layers.
C. Design the links between the core and distribution layers to use an IGP
D. Design the links between the core and distribution layers to use HSRP.
E. Design with multiple equal-cost links between the core and distribution layers.
Correct Answer: AD

QUESTION 11
An CSPF router should have a maximum of how many adjacent neighbors?
A. 80
B. 60
C. 100
D. 50
Correct Answer: B

QUESTION 12
DRAG DROP
Drag and Drop question with regards to Cisco Application-Centric Infrastructure ACI .
Select and Place:leads4pass 300-320 exam question - q12 leads4pass 300-320 exam question - q12-1

QUESTION 13
What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?
A. IPX
B. microsoft Netbios
C. IPv6
D. IPv4
Correct Answer: C

QUESTION 14
Which one of these could you implement to sustain a large DDoS attack?
A. Stateful firewall
B. uRPF
C. Connections limits and timeouts
D. Access-lists
Correct Answer: C

QUESTION 15
Which statement about Fibre Channel communications is correct?
A. N_Port to N_Port connections use logical node connection points.
B. Flow control is only provided by QoS.
C. It must be implemented in an arbitrated loop.
D. Communication methods are similar to those of an Ethernet bus.
Correct Answer: A
Fibre Channel supports a logical node connection point between node ports (N_ports). This is similar to TCP and UDP
sockets.

QUESTION 16
What location are security policies enforced in ACI?
A. End Point
B. Spine
C. Leaf
D. APIC
Correct Answer: C

QUESTION 17
L2 extention through IP in the data center (MAC-in-IP)
A. fiberpath
B. TRILL
C. OTV
D. Vxlan
Correct Answer: C

QUESTION 18
What is an advantage of having an out-of-band management?
A. It is less expensive to have an out-of-band management.
B. Network devices can still be managed, even in case of network outage.
C. There is no separation between the production network and the management network.
D. SSH protocol must be used to manage network devices.
Correct Answer: B

QUESTION 19
Which two of these are characteristics of multicast routing? (Choose two.)
A. multicast routing uses RPF.
B. multicast routing is connectionless.
C. In multicast routing, the source of a packet is known.
D. When network topologies change, multicast distribution trees are not rebuilt, but use the original path
E. Multicast routing is much like unicast routing, with the only difference being that it has a a group of receivers rather
than just one destination
Correct Answer: AC

QUESTION 20
Which statement about the ToR design model is true?
A. It can shorten cable runs and simplify rack connectivity.
B. Each ToR switch must be individually managed.
C. Multiple ToR switches can be interconnected to provide a loop-free spanning-tree infrastructure.
D. It can connect servers that are located in separate racks.
Correct Answer: A

QUESTION 21
Which Cisco feature can be run on a Cisco router that terminates a WAN connection, to gather and provide WAN circuit
information that helps switchover to dynamically back up the WAN circuit?
A. Cisco Express Forwarding
B. IP SLA
C. passive interface
D. traffic shaping
Correct Answer: B

QUESTION 22
A company needs to configure a new firewall and have only one public IP address to use in this firewall. The engineer
need to configure the firewall with NAT to handle inbound traffic to the mail server in addition to internet outbound
traffic.leads4pass 300-320 exam question - q22Which options could he use ? (Choose Two)
A. Static NAT for inbound traffic on port 25
B. Dynamic NAT for outbound traffic
C. Static NAT for outbound traffic on port 25
D. Dynamic NAT for inbound traffic
E. NAT overload for outbound traffic
F. NAT overload for inboud traffic on port 25
Correct Answer: AE

QUESTION 23
Which two key components are related to one firewall per ISP design option for e-commerce? (Choose two.)
A. It is a common approach to single-homing.
B. This approach is commonly used in large sites.
C. Any failure on an edge router results in a loss of session.
D. It has one NAT to two ISP-assigned blocks.
E. It is difficult to set up and administer.
Correct Answer: CD

QUESTION 24
Which technology should a network designer combine with VSS to ensure a loop free topology with optimal
convergence time?
A. Portfast
B. UplinkFast
C. RPVST +
D. Mulitchassis EtherChannel
Correct Answer: D

QUESTION 25
A Network administrator want to increase the security level in the core layer and want to confirm that the users that have
their default GW on an interface in the core switch can access specific networks and can\\'t access the remaining
networks.
Which feature can help him to achieve this?
A. vlan access control list
B. https://www.leads4pass.com/300-320.html
C. https://www.leads4pass.com/300-320.html
D. https://www.leads4pass.com/300-320.html
Correct Answer: A

QUESTION 26
A company have single ASA hardware box and they need to separate company departments in way that they can apply
different rules on them, ACL, NAT, and so on... Which mode is needed?
A. routed mode
B. transparent mode
C. multiple context mode
D. active failover mode
Correct Answer: C

QUESTION 27
` the rule on the left to match the appropriate activity on the right.
Select and Place:leads4pass 300-320 exam question - q27Correct Answer: leads4pass 300-320 exam question - q27-1

QUESTION 28
DRAG DROP
Select and Place:leads4pass 300-320 exam question - q28Correct Answer: leads4pass 300-320 exam question - q28-1Enable specifically at the network edge >STP Manually prune unused VLANs >Trunks Use specifically on fiber-optic
interconnections that link switches >UDLD Ensure that an individual link failure will not result in an STP failure
>Etherchannel Always use a number of links that is a power of 2 (2, 4, 8) to optimize the load balancing of traffic> VSS

QUESTION 29
A network design engineer has been asked to reduce the size of the SPT on an IS-IS broadcast network. Which option
should the engineer recommend to accomplish this task?
A. Configure the links as point-to-multipoint.
B. Configure QoS in all links.
C. Configure a new NET address.
D. Configure the links as point-to-point.
Correct Answer: D

QUESTION 30
An engineer is designing a multi cluster bgp network, each cluster has 2 RRs and 4 RR clients which 2 options must be
considered?
A. Clients from all clusters should peer with all RRs
B. All route reflectors should be non client peers and topology partially meshed
C. All RRs must be non client peers in a fully meshed topology
D. Clients must not peer with IBGP speakers outside the client router
E. Clients should peer with at least one other client outside it\\'s cluster
Correct Answer: DE
Route reflectors must still be fully IBGP meshed with nonclients. Therefore, route reflectors reduce meshing within
clusters, but all mesh links outside the cluster must be maintained on the route reflector. The route reflector clients get
information from IBGP speakers outside the cluster via the route reflector.

QUESTION 31
What is an advantage of using the VPC feature in data center environment ?
A. All available uplinks bandwidth is used.
B. FHRP is not required
C. A single IP is used for management of both devices
D. The two switches form a single control plane
Correct Answer: A

QUESTION 32
What command essentially turns on auto summarization for EIGRP?
A. area 0 range 10.0.0.0 255.0.0.0.0
B. router eigrp 1
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. ip summary-address 10.0.0.0 255.0.0.0
E. eigrp stub
Correct Answer: B

QUESTION 33
An engineer has an implemented a QOS architecture that requires a signaling protocol to tell routers which flows of
packets require special treatment. Which two mechanisms are important to establish and maintaining QOS
architecture? (choose two)
A. classification
B. tagging
C. packet scheduling
D. admission control
E. resource reservation
Correct Answer: DE

QUESTION 34
A customer with a single Cisco Adaptive Security Appliance wants to separate multiple segments of the e-commerce
network to allow for different security policies. What firewall technology accommodates these design requirements?
A. Routed mode
B. Virtual-context
C. Transparent mode
D. Virtual private network
E. private VLANs
F. admission control
Correct Answer: B

QUESTION 35
OTV to interconnect three data centers and what should there be in each data center
A. VTEP
B. vxlan ?
Correct Answer: A

QUESTION 36
A customer requires resiliency and availability for applications hosted in the data center. What two technologies meet
this requirement? (Choose two)
A. SLB
B. LTM
C. GLBP
D. GTM
E. HSRP
Correct Answer: BD

QUESTION 37
Which option prevents the dropping of asymmetrically routed packets in active/active failover paired firewalls?
A. Nothing can be done to prevent this from happening.
B. Configure different policies on both firewalls.
C. Assign similar interfaces on each firewall to the same asymmetric routing group.
D. Assign similar interfaces on each firewall to a different asymmetric routing group.
Correct Answer: C

QUESTION 38
Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
C. It is removed by the Cisco ISE before reaching the endpoint.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal services
E. Best Practice dictates that deployments should include a security group for common services such as DNS and
DHCP
Correct Answer: AE

QUESTION 39
In which OSI layer does IS-IS operate?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Correct Answer: B

QUESTION 40
When is a first-hop redundancy protocol needed in the distribution layer?
A. when the design implements Layer 2 between the access and distribution blocks
B. when multiple vendor devices need to be supported
C. when preempt tuning of the default gateway is needed
D. when a robust method of backing up the default gateway is needed
E. when the design implements Layer 2 between the access switch and the distribution blocks
Correct Answer: A

This is the latest update released by the Cisco CCDP Designing Cisco Network Service Architectures (ARCH v3.0) 300-320 exam questions and answers,and we share 40 exam questions and answers for free to help you improve your skills! You can download 300-320 pdf or watch the 300-320 YouTube video tutorial online! Get the full 300-320 exam dumps: https://www.leads4pass.com/300-320.html (Total questions:600 Q&A). Help you pass the exam quickly!

[PDF] Free Cisco 300-320 pdf dumps download from Google Drive: https://drive.google.com/open?id=1CO03i-baRPjHkU54CVGIIfaTH2icYbXh

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/open?id=1CMo2G21nPLf7ZmI-3_hBpr4GDKRQWrGx

leads4pass Promo Code 12% Off

leads4pass 300-320 dumps

We share more practical and effective exam dumps (Cisco,Microsoft,Oracle,Citrix,Comptia…) The latest citrix cce-v 1y0-401 exam dumps help you improve your skills

Cisco CCNP Security 300-209 Practice Exam Questions,300-209 pdf | 100% Free

Latest updates Cisco CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS v1.0) 300-209 exam questions and Answers! Free sharing 300-209 pdf online download, online exam Practice test, easy to improve skills! Get the full 300-209 exam dumps: https://www.leads4pass.com/300-209.html (Total questions:393 Q&A). Year-round updates! guarantee the first attempt to pass the exam!

[PDF] Free Cisco 300-209 pdf dumps download from Google Drive: https://drive.google.com/open?id=1cqN80_ksLXlLmH-XmP-JP8ejIScAfH8G

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/open?id=1CMo2G21nPLf7ZmI-3_hBpr4GDKRQWrGx

300-209 SIMOS - Cisco: https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/specialist-simos.html

Latest effective Cisco 300-209 Exam Practice Tests

QUESTION 1
Which header is used when a data plane IPsec packet is created?
A. IKEv1
B. AES
C. SHA
D. ESP
Correct Answer: D

QUESTION 2
Which algorithm is replaced by elliptic curve cryptography in Cisco NGE?
A. 3DES
B. AES
C. DES
D. RSA
Correct Answer: D

QUESTION 3
Which two operational advantages does GetVPN offer over site-to-site IPsec tunnel in a private MPLS-based core
network? (Choose two.)
A. Key servers perform encryption and decryption of all the data in the network, which allows for tight security policies.
B. Traffic uses one VRF to encrypt data and a different on to decrypt data, which allows for multicast traffic isolation.
C. GETVPN is tunnel-less, which allows any group member to perform decryption and routing around network failures.
D. Packets carry original source and destination IP addresses, which allows for optimal routing of encrypted traffic.
E. Group Domain of Interpretation protocol allows for homomorphic encryption, which allows group members to operate
on messages without decrypting them
Correct Answer: CD
http://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-
vpn/deployment_guide_c07_554713.html

QUESTION 4
An engineer must set up DMPN Phase2 with EIGRP to ensure spoke-to-spoke communication. Which two EIGRP
features must be disabled?
A. stub routing
B. split horizon
C. route redistribution
D. auto-summary
E. next-hop self
Correct Answer: BE

QUESTION 5
Which command clears all Cisco AnyConnect VPN sessions on a Cisco ASA?
A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. clear crypto isakmp sa
D. vpn-sessiondb logoff l2l
Correct Answer: A

QUESTION 6
Which two option, are benefits of AES compared to 3DES? (Choose two.)
A. switches encryption keys every 32 GB of data transfer
B. faster encryption
C. shorter encryption keys
D. longer encryption block length
E. repeating encryption keys
Correct Answer: BD

QUESTION 7
The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What
is the most likely cause of this problem?
A. User profile updates are not allowed with IKEv2.
B. IKEv2 is not enabled on the group policy.
C. A new profile must be created so that the adaptive security appliance can push it to the client on the next connection
attempt.
D. Client Services is not enabled on the adaptive security appliance.
Correct Answer: D

QUESTION 8
A company has acquired a competitor whose network infrastructure uses only IPv6. An engineer must configure VPN
access sourced from the new company. Which remote access VPN solution must be used?
A. GET VPN
B. Any Connect
C. EzVPN
D. DMVPN
Correct Answer: C

QUESTION 9
What does DART stand for?
A. Device and report tool
B. Diagnostic Anyconnect Reporting Tool
C. Delivery and Reporting Tool
D. Diagnostics and Reporting Tool
Correct Answer: D

QUESTION 10
Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec
profile ProfileName shared?
A. shares a single profile between multiple tunnel interfaces
B. allows multiple authentication types to be used on the tunnel interface
C. shares a single profile between a tunnel interface and a crypto map
D. shares a single profile between IKEv1 and IKEv2
Correct Answer: A

QUESTION 11
Using the Next Generation Encryption technologies, which is the minimum acceptable encryption level to protect
sensitive information?
A. AES 92 bits
B. AES 128 bits
C. AES 256 bits
D. AES 512 bits
Correct Answer: B

QUESTION 12
Refer to the exhibit. What is the problem with the IKEv2 site-to-site VPN tunnel?leads4pass 300-209 exam question - q12A. incorrect PSK
B. crypto access list mismatch
C. incorrect tunnel group
D. crypto policy mismatch
E. incorrect certificate
Correct Answer: B

QUESTION 13
You have been using pre-shared keys for IKE authentication on your VPN.
Your network has grown rapidly, and now you need to create VPNs with numerous IPsec peers.
How can you enable scaling to numerous IPsec peers?
A. Migrate to external CA-based digital certificate authentication.
B. Migrate to a load-balancing server.
C. Migrate to a shared license server.
D. Migrate from IPsec to SSL VPN client extended authentication.
Correct Answer: A

QUESTION 14
Which functionality is provided by L2TPv3 over FlexVPN?
A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN
Correct Answer: A

QUESTION 15
A company has a Flex VPN solution for remote access and one of their Cisco any Connect remote clients is having
trouble connecting property. Which command verifies that packets are being encrypted and decrypted?
A. show crypto session active
B. show crypto ikev2 stats
C. show crypto ikev1 sa
D. show crypto ikev2 sa
E. show crypto session detail
Correct Answer: E

QUESTION 16
Which option is one of the difference between FlexVPN and DMVPN?
A. flexvpn uses ikev2 and dmvpn can use ikev1 or ikev2
B. dmvpn can use ikev1 and ikev2 where flexvpn only uses ikev1
C. flexvpn can use ikev1 and ikev2 where dmvpn uses only ikev2
D. dmvp uses ikev1 and flexvpn use ikev3
Correct Answer: A

QUESTION 17
An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web
browser. What is a possible reason for the failure?
A. The user\\'s FTP application is not supported.
B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.
C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.
D. The user\\'s operating system is not supported.
Correct Answer: B
http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html
Thin-Client SSL VPN (Port Forwarding)
A remote client must download a small, Java-based applet for secure access of TCP applications that use static port
numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs
local
administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not
work with applications that use dynamic port assignments, for example, several FTP applications.

QUESTION 18
Which protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?
A. TLS
B. DTLS
C. IKEv2
D. ISAKMP
Correct Answer: D

QUESTION 19
An engineer is configuring SSL VPN for remote access. A real-time application that is sensitive to packet delays will be
used. Which feature should the engineer confirm is enabled to avoid latency and bandwidth problems associated with
SSL connections?
A. DTLS
B. DPD
C. SVC
D. IKEv2
Correct Answer: A

QUESTION 20
A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal
corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the
temporary
user is restricted to the one internal corporate server, 10.0.4.18.
You are the network engineer who is responsible for the network access of the temporary user.
What should you do to restrict SSH access to the one projects.xyz.com server?
A. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.
B. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.
C. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.
D. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN
portal of the temporary worker.
Correct Answer: C

QUESTION 21
Refer to the exhibit. Which VPN solution does this configuration represent?leads4pass 300-209 exam question - q21

A. Cisco AnyConnect
B. IPsec
C. L2TP
D. SSL VPN
Correct Answer: B

QUESTION 22
Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)
A. key encryption key
B. group encryption key
C. user encryption key
D. traffic encryption key
Correct Answer: AD

QUESTION 23
Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?
A. show vpn-sessiondb summary
B. show crypto ikev1 sa
C. show vpn-sessiondb ratio encryption
D. show iskamp sa detail
E. show crypto protocol statistics all
Correct Answer: A

QUESTION 24
Refer to the exhibit. Given the partial configuration shown, which two statements are correct? (Choose two.)
crypto ipsec transform-set MY_TRANSFORM esp-aes 128 esp-sha-hmac! crypto ipsec profile MYPROFILE
set transform-set MY_TRANSFORM ! interface Tunnel0
ip unnumbered GigabitEthernet1/1
tunnel source GigabitEthernet1/1
tunnel destination 192.168.2.200
tunnel mode ipsec ipv4
tunnel protection ipsec profile MYPROFILE! ip route 10.1.2.0 255.255.255.0 Tunnel0
A. The tunnel will use the routing protocol configured for GigabitEthemet 1/1 for all tunnel communication with the peer.
B. The IP route statement to reach the remote network behind the DMVPN peer is incorrect, it should be ip route
192.168.2.0 255.255.255.0 tunnel 0.
C. This is an example of a static point-to-point VTI tunnel.
D. The tunnel will use esp-sha-hmac encryption in ESP tunnel mode.
E. The tunnel will use 128-bit AES encryption in ESP tunnel mode.
Correct Answer: CE

QUESTION 25
Which option describes the purpose of the command show derived-config interface virtual-access 1?
A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.
Correct Answer: A

QUESTION 26
What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?
A. ftp:///capture//
B. https:////
C. https:///admin/capture//pcap
D. https:////pcap
Correct Answer: C

QUESTION 27
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)
A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar,
the client uses the local DNS to perform FQDN resolution.
B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that
feature is disabled by default.
C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions
and AnyConnect client sessions.
D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.
E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.
Correct Answer: CD

QUESTION 28
Which feature is enabled by the use of NHRP in a DMVPN network?
A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution
Correct Answer: C

QUESTION 29
Which Cisco IOS VPN feature simplifies IPsec VPN configuration and design by using on- demand virtual access
interfaces that are cloned from a virtual template configuration?
A. GET VPN
B. dynamic VTI
C. static VTI
D. GRE tunnels
E. GRE over IPsec tunnels
F. DMVPN
Correct Answer: B

QUESTION 30
Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?
A. clear configure crypto
B. clear configure crypto ipsec
C. clear crypto map
D. clear crypto ikev2 sa
Correct Answer: A

QUESTION 31
Which VPN feature allows remote access clients to print documents to local network printers?
A. Reverse Route Injection
B. split tunneling
C. loopback addressing
D. dynamic virtual tunnels
Correct Answer: B

QUESTION 32
Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified
percentage?
A. NHRP Event Publisher
B. interface state control
C. CAC
D. NHRP Authentication
E. ip nhrp connect
Correct Answer: C

QUESTION 33
When initiating a new SSL or TLS session, the client receives the server SSL certificate and validates it. After validating
the server certificate, what does the client use the certificate for?
A. The client and server use the server public key to encrypt the SSL session data.
B. The server creates a separate session key and sends it to the client. The client decrypts the session key by using the
server public key.
C. The client and server switch to a DH key exchange to establish a session key.
D. The client generates a random session key, encrypts it with the server public key, and then sends it to the server.
Correct Answer: D

QUESTION 34
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)
A. drop
B. priority
C. log
D. pass
E. inspect
F. reset
Correct Answer: ACF

QUESTION 35
Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing
table on spoken 1 it displays a route to the hub only.
Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?leads4pass 300-209 exam question - q35

A. no inverse arp
B. neighbor (ip address)
C. no ip split-horizon egrp 1
D. redistribute static
Correct Answer: C

QUESTION 36
A company\\'s remote locations connect to data centers via MPLS.
A new request requires that unicast traffic that exist the remote location be encrypted.
Which no tunneled technology can be used to satisfy this requirement?
A. SSL
B. GET VPN
C. DMVPN
D. EzVPN
Correct Answer: B

QUESTION 37
Which type of communication in a FlexVPN implementation uses an NHRP shortcut?
A. spoke to hub
B. spoke to spoke
C. hub to spoke
D. hub to hub
Correct Answer: B

QUESTION 38
Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while
SSL works fine? (Choose two.)
A. Verify that the primary protocol on the client machine is set to IPsec.
B. Verify that AnyConnect is enabled on the correct interface.
C. Verify that the IKEv2 protocol is enabled on the group policy.
D. Verify that ASDM and AnyConnect are not using the same port.
E. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.
Correct Answer: AC

QUESTION 39
Refer to the exhibit. The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which
action will allow the session to establish correctly?leads4pass 300-209 exam question - q39

A. The address command on Router2 must be narrowed down to a /32 mask.
B. The local and remote keys on Router2 must be switched.
C. The pre-shared key must be altered to use only lowercase letters.
D. The local and remote keys on Router2 must be the same.
Correct Answer: B

QUESTION 40
Which three parameters are specified in the isakmp (IKEv1) policy? (Choose three.)
A. the hashing algorithm
B. the authentication method
C. the lifetime
D. the session key
E. the transform-set
F. the peer
Correct Answer: ABC

This is the latest update released by the Cisco CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS v1.0) 300-209 exam questions and answers, and we share 40 exam questions and answers for free to help you improve your skills! You can download 300-209 pdf or watch the 300-209 YouTube video tutorial online! Get the full 300-209 exam dumps: https://www.leads4pass.com/300-209.html (Total questions:393 Q&A). Help you pass the exam quickly!

[PDF] Free Cisco 300-209 pdf dumps download from Google Drive: https://drive.google.com/open?id=1cqN80_ksLXlLmH-XmP-JP8ejIScAfH8G

[PDF] Free Full Cisco pdf dumps download from Google Drive: https://drive.google.com/open?id=1CMo2G21nPLf7ZmI-3_hBpr4GDKRQWrGx

leads4pass Promo Code 12% Off

leads4pass 300-209 dumps

We share more practical and effective exam dumps
(Cisco,Microsoft,Oracle,Citrix,Comptia…) The latest citrix CCP-M 1y0-371 exam dumps help you improve your skills

TOP