[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 1-10

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 1

Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

  1. one IPsec SA for all encrypted traffic

  2. no requirement for an overlay routing protocol

  3. design for use over public or private WAN

  4. sequence numbers that enable scalable replay checking

  5. enabled use of ESP or AH

  6. preservation of IP protocol in outer header

Answer: A,B

Question No: 2

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which statement about the given IKE policy is true?

  1. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.

  2. It will use encrypted nonces for authentication.

  3. It has a keepalive of 60 minutes, checking every 5 minutes.

  4. It uses a 56-bit encryption algorithm.

Answer: B

Question No: 3

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?

  1. NHRP Event Publisher

  2. interface state control

  3. CAC

  4. NHRP Authentication

  5. ip nhrp connect

Answer: C

Question No: 4

An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

  1. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

    !

    group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist

  2. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

    !

    group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelall

    split-tunnel-network-list value splitlist

  3. group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified

    split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

    split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

  4. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

    !

    crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist

  5. crypto anyconnect vpn-tunnel-policy tunnelspecified

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

Answer: A

Question No: 5

An employee working from home sends all traffic to company server. Is there policy for him to use his local internet provider and VPN only for company data?

  1. tunnel all

  2. No such policy exist

  3. tunnel specified

  4. tunnel exclude

Answer: C

Question No: 6

Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?

  1. TLS and DTLS

  2. IKEv1

  3. L2TP over IPsec

  4. SSH over TCP

Answer: A

Question No: 7

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which action is demonstrated by this debug output?

  1. NHRP initial registration by a spoke.

  2. NHRP registration acknowledgement by the hub.

  3. Disabling of the DMVPN tunnel interface.

  4. IPsec ISAKMP phase 1 negotiation.

Answer: A

Question No: 8

In which situation would you enable the Smart Tunnel option with clientless SSL VPN?

  1. when a user is using an outdated version of a web browser

  2. when an application is failing in the rewrite process

  3. when IPsec should be used over SSL VPN

  4. when a user has a nonsupported Java version installed

  5. when cookies are disabled

Answer: B

Question No: 9

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

While configuring a site-to-site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter.

Assuming that static routes are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration?

  1. The local Cisco ASA advertises its default routes to the distant end of the site-to-site VPN tunnel.

  2. The local Cisco ASA advertises routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel.

  3. The local Cisco ASA advertises routes that are at the distant end of the site-to-site VPN tunnel.

  4. The local Cisco ASA advertises routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel.

Answer: C Explanation:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080 9d07de.shtml

Question No: 10

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem?

  1. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map

  2. Change the remote traffic selector on the remote ASA to 192.168.22.0/24

  3. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers

  4. Change the local traffic selector on the headquarter ASA to 0.0.0.0/0

  5. Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0

Answer: B

Explanation:

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24.

100% Ensurepass Free Download!
300-209 PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *