CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 300-440

Free 300-440 Exam Braindumps (page: 4)

Page 4 of 10
PDF with 38 Questions



Refer to the exhibits. An engineer needs to configure a site-to-site IPsec VPN connection between an on premises Cisco IOS XE router and Amazon Web Services (AWS).
Which two IP prefixes should be used to configure the AWS routing options? (Choose two.)

  1. 30.30.30.0/30
  2. 20.20.20.0/24
  3. 30.30.30.0/24
  4. 50.50.50.0/30
  5. 40.40.40.0/24

Answer(s): A,E

Explanation:

The correct answer is A and E because they are the IP prefixes that match the tunnel interfaces on the Cisco IOS XE router. The AWS routing options should include the local and remote IP prefixes that are used for the IPsec tunnel endpoints. The other options are either the public IP addresses of the routers or the LAN subnets that are not relevant for the IPsec tunnel configuration. Reference := Designing and Implementing Cloud Connectivity (ENCC) v1.0, Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services, Site-to-Site VPN with Amazon Web Services





Refer to the exhibits. An engineer must redistribute OSPF internal routes into BGP to connect an on- premises network to a cloud provider without introducing extra routes.
Which two commands must be configured on router R2? (Choose two.)

  1. router ospf 1
  2. router bgp 100
  3. redistribute ospf 1
  4. redistribute bgp 100
  5. redistribute ospf 1 match internal external

Answer(s): B,E

Explanation:

To redistribute OSPF internal routes into BGP, the engineer needs to configure two commands on router R2. The first command is router bgp 100, which enables BGP routing process and specifies the autonomous system number of 100. The second command is redistribute ospf 1 match internal external, which redistributes the routes from OSPF process 1 into BGP, and matches both internal and external OSPF routes. This way, the engineer can avoid introducing extra routes that are not part of OSPF process 1, such as the default route or the connected routes.


Reference:

= Designing and Implementing Cloud Connectivity (ENCC) v1.0, [ENCC: Configuring IPsec VPN from Cisco IOS XE to AWS], [Deploying Cisco IOS VTI-Based Point-to-Point IPsec VPNs]



An engineer must configure an IPsec tunnel to the cloud VPN gateway.
Which Two actions send traffic into the tunnel? (Choose two.)

  1. Configure access lists that match the interesting user traffic.
  2. Configure a static route.
  3. Configure a local policy in Cisco vManage.
  4. Configure an IPsec profile and match the remote peer IP address.
  5. Configure policy-based routing.

Answer(s): A,E

Explanation:

To send traffic into an IPsec tunnel to the cloud VPN gateway, the engineer must configure two actions:
Configure access lists that match the interesting user traffic. This is the traffic that needs to be encrypted and sent over the IPsec tunnel. The access lists are applied to the crypto map that defines the IPsec parameters for the tunnel.
Configure policy-based routing (PBR). This is a technique that allows the engineer to override the routing table and forward packets based on a defined policy. PBR can be used to send specific traffic to the IPsec tunnel interface, regardless of the destination IP address. This is useful when the cloud VPN gateway has a dynamic IP address or when multiple cloud VPN gateways are available for load balancing or redundancy.


Reference:

Designing and Implementing Cloud Connectivity (ENCC) v1.0, Module 3: Implementing Cloud Connectivity, Lesson 3: Implementing IPsec VPNs to the Cloud, Topic: Configuring IPsec VPNs on Cisco IOS XE Routers
Security for VPNs with IPsec Configuration Guide, Cisco IOS XE, Chapter: Configuring IPsec VPNs, Topic: Configuring Crypto Maps
[Cisco IOS XE Gibraltar 16.12.x Feature Guide], Chapter: Policy-Based Routing, Topic: Policy-Based Routing Overview



Refer to the exhibit.



Which Cisco lKEv2 configuration brings up the IPsec tunnel between the remote office router and the AWS virtual private gateway?
A)



B)



C)

  1. Option A
  2. Option B
  3. Option C

Answer(s): C

Explanation:

Option C is the correct answer because it configures the IKEv2 profile with the correct match identity, authentication, and keyring parameters. It also configures the IPsec profile with the correct transform set and lifetime parameters. Option A is incorrect because it does not specify the match identity remote address in the IKEv2 profile, which is required to match the AWS virtual private gateway IP address. Option B is incorrect because it does not specify the authentication pre-share in the IKEv2 profile, which is required to authenticate the IKEv2 peers using a pre-shared key. Option C also matches the configuration example provided by AWS1 and Cisco2 for setting up an IKEv2 IPsec site-to-site VPN between a Cisco IOS-XE router and an AWS virtual private gateway. Reference :=
1: AWS VPN Configuration Guide for Cisco IOS-XE
2: Configure IOS-XE Site-to-Site VPN Connection to Amazon Web Services



Page 4 of 10



Post your Comments and Discuss Cisco® 300-440 exam with other Community members:

Meraj commented on October 12, 2024
The exam is super duper hard. You use these exam dumps to only pass. If you don't have the questions it is not easy to pass.
INDIA
upvote

Lucas commented on October 12, 2024
Its so good.
Anonymous
upvote

Iwada commented on October 12, 2024
The answers and questions are valid. I believe this site trusted and anyone preparing for this exam needs to go the this materials.
Anonymous
upvote

Ramesh commented on October 12, 2024
All are very Good Questios
Anonymous
upvote

Sandy commented on October 12, 2024
I found this exam dumps questions and answers very helpful despite some questions do not have the complete answers. Overall it helped me pass.
Anonymous
upvote

P commented on October 11, 2024
So glad to have found this site
CANADA
upvote

Michal commented on October 11, 2024
I hope it will worth it
POLAND
upvote

Bannor commented on October 11, 2024
This exam is valid and legit. I purchased the full version last week and managed to pass. There are 2 or 3 wrong answers which I reported to the admin and they fixed it right away.
CANADA
upvote

Marko commented on October 11, 2024
Been using this website for a while now. I am a big fun as it has helped me pass 3 exams so far. I hope they can keep the site live.
EUROPEAN UNION
upvote

Ngoni commented on October 11, 2024
Great resource
ZIMBABWE
upvote

jeffrey commented on October 11, 2024
this is great
Anonymous
upvote

Soniksha commented on October 10, 2024
I purchased the full version of this exam and it turned out quire accurate. I passed with the help of this exam.
UNITED STATES
upvote

Sadiq commented on October 10, 2024
Test questions
Anonymous
upvote

Viktor commented on October 10, 2024
Respect to the owners and operators of this site for providing this free exam site.
CANADA
upvote

Deep commented on October 10, 2024
Good questions
INDIA
upvote

Goben commented on October 10, 2024
Passed in one shot.
GERMANY
upvote

Neo commented on October 10, 2024
Gets easier as you go along
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Violet commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Challenging
SOUTH AFRICA
upvote

Kopano commented on October 10, 2024
Prep going well
SOUTH AFRICA
upvote

Harika Mudumby commented on October 10, 2024
great content
Anonymous
upvote

Neo commented on October 10, 2024
Happy with the material
SOUTH AFRICA
upvote

Emily commented on October 09, 2024
A bit challe
SOUTH AFRICA
upvote

a commented on October 09, 2024
SIMPLE QUESTIONS
Anonymous
upvote

Emily commented on October 09, 2024
grt resource
SOUTH AFRICA
upvote

robin commented on October 09, 2024
Im' done with clear in my mind
Anonymous
upvote

EDC commented on October 09, 2024
Passed this exam with a freaking 95% today.
Anonymous
upvote

Divyesh Arya commented on October 09, 2024
Nice questions
UNITED STATES
upvote

Harry commented on October 09, 2024
This platform is the best out of the exam dumps sites. I love it.
UNITED STATES
upvote

Ursela commented on October 09, 2024
Invested in the full version of this exam dump PDF version and it paid off. Passed with 89%.
UNITED STATES
upvote

Rakesh commented on October 08, 2024
The best dump with best price, join this site for proof. 100% guarantee of passing with 90% score
UNITED STATES
upvote

Rakesh commented on October 08, 2024
good The best dump with best price, join this site for proof. 100% guarantee of passing with 90% score
UNITED STATES
upvote

Rakesh commented on October 08, 2024
Good The best dump with best price, join this site for proof. 100% guarantee of passing with 90% score
UNITED STATES
upvote