♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 300-209 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/300-209-exam-dumps.html

Q41. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using 

Cisco ASDM, answer the questions regarding the implementation. Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

Which address pool is being assigned to the users connecting via the AnyConnect client? 

A. AC_Address_Pool 

B. Remote_Address_Pool 

C. Outside_Address_Pool 

D. VPN_Address_Pool 

Answer:

Explanation: 

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below: 

Capture 

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below: 

Capture 

From here we can see that the Client Address Pools in use is the “VPN_Access_Pool” 


Q42. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.) 

A. No action will be taken, they will keep their original assigned addresses 

B. The source address will use the outside-nat-pool 

C. The source NAT type will be a static translation 

D. The source NAT type will be a dynamic translation 

E. DNS will be translated on rule matches 

Answer: A,C 

Explanation: 

First, navigate to the Configuration ->NAT Rules tab to see this: 

Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following: 

Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated. 


Q43. A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? 

A. AES-128 

B. RSA Certificates 

C. SHA2-HMAC 

D. 3DES 

E. Diffie-Helman Key Generation 

Answer:


Q44. Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.) 

A. The client initiates a VPN connection upon detection of an untrusted network. 

B. The client initiates a VPN connection upon detection of a trusted network. 

C. The always-on feature is enabled. 

D. The always-on feature is disabled. 

E. The client does not automatically initiate any VPN connection. 

Answer: A,D 


Q45. CORRECT TEXT 

Answer: Here are the steps as below: 

Step 1: configure key ring 

crypto ikev2 keyring mykeys 

peer SiteB.cisco.com 

address 209.161.201.1 

pre-shared-key local $iteA 

pre-shared key remote $iteB 

Step 2: Configure IKEv2 profile 

Crypto ikev2 profile default 

identity local fqdn SiteA.cisco.com 

Match identity remote fqdn SiteB.cisco.com 

Authentication local pre-share 

Authentication remote pre-share 

Keyring local mykeys 

Step 3: Create the GRE Tunnel and apply profile 

crypto ipsec profile default 

set ikev2-profile default 

Interface tunnel 0 

ip address 10.1.1.1 255.255.255.0 

Tunnel source eth 0/0 

Tunnel destination 209.165.201.1 

tunnel protection ipsec profile default 

end 


Q46. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. DMVPN 

B. GETVPN 

C. FlexVPN 

D. site-to-site 

Answer:


Q47. Which type of communication in a FlexVPN implementation uses an NHRP shortcut? 

A. spoke to hub 

B. spoke to spoke 

C. hub to spoke 

D. hub to hub 

Answer:


Q48. Refer to the exhibit. 

The IKEv2 site-to-site VPN tunnel between two routers is down. Based on the debug output, which type of mismatch might be the problem? 

A. PSK 

B. crypto policy 

C. peer identity 

D. transform set 

Answer:


Q49. Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) 

A. SHA-512 

B. SHA-256 

C. SHA-192 

D. SHA-380 

E. SHA-192 

F. SHA-196 

Answer: A,B 


Q50. Which Cisco ASDM option configures WebVPN access on a Cisco ASA? 

A. Configuration > WebVPN > WebVPN Access 

B. Configuration > Remote Access VPN > Clientless SSL VPN Access 

C. Configuration > WebVPN > WebVPN Config 

D. Configuration > VPN > WebVPN Access 

Answer: