[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 231-240

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 231

An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application#39;s network requirement? (Choose two.)

  1. FlexVPN

  2. DMVPN

  3. Group Encrypted Transport VPN

  4. Crypto-map based Site-to-Site IPsec VPNs

  5. AnyConnect VPN

Answer: A,B

Question No: 232

Which two features are required when configuring a DMVPN network? (Choose two.)

  1. Dynamic routing protocol

  2. GRE tunnel interface

  3. Next Hop Resolution Protocol

  4. Dynamic crypto map

  5. IPsec encryption

Answer: B,C

Question No: 233

An engineer is configuring an IPsec VPN with IKEv2. Which three components are part of the IKEv2 proposal for this implementation? (Choos three.)

  1. key ring

  2. DH group

  3. integrity

  4. tunnel name

  5. encryption

Answer: B,C,E

Question No: 234

Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?

  1. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download

  2. instructing users to use the corporate proxy server for all web browsing

  3. disabling split tunneling

  4. permitting local LAN access

Answer: C

Question No: 235

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel.

From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?

  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. DefaultWEBVPNGroup Group Policy

  4. DefaultRAGroup Group Policy

  5. quot;engineer1quot; AAA/Local Users

Answer: A Explanation:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054618

The policy group is a container that defines the presentation of the portal and the permissions for resources that are configured for a group of remote users. Entering the policy group command places the router in webvpn group policy configuration mode. After it is configured, the group policy is attached to the SSL VPN context configuration by configuring the default-group-policy command.

The following tasks are accomplished in this configuration:

-> The presentation of the SSL VPN portal page is configured.

-> A NetBIOS server list is referenced.

-> A port-forwarding list is referenced.

-> The idle and session timers are configured.

-> A URL list is referenced.

Question No: 236

Which purpose of configuring perfect Forward secret is true?

  1. For every negotiation of a new phase 1 SA, the two gateways generate a new set of phase 2 keys.

  2. For every negotiation of a new phase 2 SA, the two gateways generate a new set of phase 1 keys.

  3. For every negotiation of a new phase 1 SA, the two gateways generate a new set of phase 1 keys.

  4. For every negotiation of a new phase 2 SA, the two gateways generate a new set of phase 2 keys.

Answer: A

Question No: 237

A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud?

  1. Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link.

  2. Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed.

  3. Configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.

  4. Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface.

Answer: D

Question No: 238

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails.

What is a possible cause of the connection failure?

  1. An invalid modulus was used to generate the initial key.

  2. The VPN is using an expired certificate.

  3. The Cisco ASA appliance was reloaded.

  4. The Trusted Root Store is configured incorrectly.

Answer: C

Question No: 239

Scenario:

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for this exercise.

Topology:

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Which crypto map tag is being used on the Cisco ASA?

  1. outside_cryptomap

  2. VPN-to-ASA

  3. L2L_Tunnel

  4. outside_map1

Answer: D Explanation:

This is seen from the 鈥渟how crypto ipsec sa鈥?command on the ASA.

Ensurepass 2018 PDF and VCE

Question No: 240

Which two options are purposes of the key server in Cisco IOS GETVPN? (Choose two.)

  1. to define group members.

  2. to distribute static routing information.

  3. to distribute dynamic routing information.

  4. to encrypt transit traffic.

Answer: A,D

100% Ensurepass Free Download!
300-209 PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *