1.|2018 Latest 300-209 Exam Dumps (PDF & VCE) 319Q&As Download:|2018 Latest 300-209 Exam Questions & Answers Download: 209A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)A. split excludeB. use of an XML profileC. full tunnel by defaultD. split tunnelE. split includeAnswer: ABQUESTION 210As network consultant, you are asked to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend?A. DMVPNB. FlexVPNC. GET VPND. SSL VPNAnswer: BQUESTION 211Which protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?A. TLSB. DTLSC. IKEv2D. ISAKMPAnswer: DQUESTION 212Refer to the exhibit. Which type of VPN implementation is displayed? A. IKEv2 reconnectB. IKEv1 clusterC. IKEv2 load balancerD. IKEv1 clientE. IPsec high availabilityF. IKEv2 backup gatewayAnswer: CQUESTION 213An engineer is troubleshooting a DMVPN spoken router and sees a CRPTO-4-IKMP_BAD_MESSAGE debug message that a spoke router "failed its sanity check or is malformed" Which issue does the error message indicate?A. mismatched preshared keyB. unsupported transform propsalC. invalid IP packet SPID. incompatible transform setAnswer: AQUESTION 214Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?A. enrollment profileB. enrollment terminalC. enrollment urlD. enrollment selfsignedAnswer: AQUESTION 215Refer to the exhibit. A customer cannot establish an IKEv2 site-to-site VPN tunnel between two Cisco ASA devices. Based on the syslog message, which action can bring up the VPN tunnel? A. Increase the maximum SA limit on the local Cisco ASA.B. Correct the crypto access list on both Cisco ASA devices.C. Remove the maximum SA limit on the remote Cisco ASA.D. Reduce the maximum SA limit on the local Cisco ASA.E. Correct the IP address in the local and remote crypto maps.F. Increase the maximum SA limit on the remote Cisco ASA.Answer: AExplanation:Since unknown request rejected by CAC. CAC is use to limit SA.QUESTION 216Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet? A. DMVPN with dual hubB. GET VPN with dual group memberC. FlexVPN backup gatewayD. GET VPN with COOP key serverE. FlexVPN load balancerAnswer: DQUESTION 217Which configuration is used to build a tunnel between a Cisco ASA and ISR?A. crypto mapB. DMVPNC. GET VPND. GRE with IPsecE. GRE without IPsecAnswer: AQUESTION 218Refer to the exhibit. What is the problem with the IKEv2 site-to-site VPN tunnel? A. incorrect PSKB. crypto access list mismatchC. incorrect tunnel groupD. crypto policy mismatchE. incorrect certificateAnswer: BQUESTION 219Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.)A. It is compatible with IKEv1.B. It has at minimum a nine-packet exchange.C. It uses aggressive mode.D. NAT traversal is included in the RFC.E. It uses main mode.F. DPD is defined in RFC 4309.G. It allows for EAP authentication.Answer: DG