[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 211-220

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 211

An engineer has successfully established a phase 1 tunnel, but notices that no packets are decrypted on the head end side of the tunnel. What is a potential cause for this issue?

1. different phase 2 encryption

2. misconfigured DH group

3. disabled PFS

4. firewall blocking Phase 2 ESP or AH

Answer: A

Question No: 212

Where do you configure AnyConnect certificate-based authentication in ASDM?

1. group policies

2. AnyConnect Connection Profile

3. AnyConnect Client Profile

4. Advanced Network (Client) Access

Answer: B

Question No: 213

Scenario

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.

Note: Not all screens or option selections are active for this exercise.

Topology

Default_Home

Which two networks will be included in the secured VPN tunnel? (Choose two.)

A. 10.10.0.0/16

1. All networks will be securely tunneled

2. Networks with a source of any4 D. 10.10.9.0/24

E. DMZ network

Answer: A,E Explanation:

Navigate to the Configuration -gt; Remote Access -gt; Group Policies tab to observe the following:

Then, click on the DlftGrpPolicy to see the following:

On the left side, select ??plit Tunneling??to get to this page:

Here you see that the Network List called ??nside Subnets??is being tunneled (secured). Select Manage to see the list of networks

Here we see that the 10.10.0.0/16 and DMZ networks are being secured over the tunnel.

Question No: 214

Which two statements comparing ECC and RSA are true? (Choose two.)

1. ECC can have the same security as RSA but with a shorter key size.

2. ECC lags in performance when compared with RSA.

3. Key generation in ECC is slower and less CPU intensive.

4. ECC cannot have the same security as RSA, even with an increased key size.

5. Key generation in ECC is faster and less CPU intensive.

Answer: A,E

Question No: 215

Which statement regarding GET VPN is true?

1. TEK rekeys can be load-balanced between two key servers operating in COOP.

2. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server.

3. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

4. The configuration that defines which traffic to encrypt is present only on the key server.

5. The pseudotime that is used for replay checking is synchronized via NTP.

Answer: D

Question No: 216

On which Cisco platform are dynamic virtual template interfaces available?

1. Cisco Adaptive Security Appliance 5585-X

2. Cisco Catalyst 3750X

3. Cisco Integrated Services Router Generation 2

4. Cisco Nexus 7000

Answer: C

Question No: 217

Which are two main use cases for Clientless SSL VPN? (Choose two.)

1. In kiosks that are part of a shared environment

2. When the users do not have admin rights to install a new VPN client

3. When full tunneling is needed to support applications that use TCP, UDP, and ICMP

4. To create VPN site-to-site tunnels in combination with remote access

Answer: A,B

Question No: 218

Which command identifies an AnyConnect profile that was uploaded to the router flash?

1. crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml

2. svc import profile SSL_profile flash:simos-profile.xml

3. anyconnect profile SSL_profile flash:simos-profile.xml

4. webvpn import profile SSL_profile flash:simos-profile.xml

Answer: A

Question No: 219

Which feature is a benefit of Dynamic Multipoint VPN?

1. geographic filtering of spoke devices

2. translation PAT

3. rotating wildcard preshared keys

4. dynamic spoke-to spoke tunnel establishment

Answer: D

Question No: 220

Refer to the exhibit.

Which technology is represented by this configuration?

1. AAA for FlexVPN

2. AAA for EzVPN

3. TACACS command authorization

4. local command authorization

Answer: A

100% Ensurepass Free Download!
–300-209 PDF
100% Ensurepass Free Guaranteed!
–300-209 Dumps

	EnsurePass	ExamCollection	Testking
Lowest Price Guarantee	Yes	No	No
Up-to-Dated	Yes	No	No
Real Questions	Yes	No	No
Explanation	Yes	No	No
PDF VCE	Yes	No	No
Free VCE Simulator	Yes	No	No
Instant Download	Yes	No	No