♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-209 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-209-exam-dumps.html
Q91. Which benefit of FlexVPN is not offered by DMVPN using IKEv1?
A. Dynamic routing protocols can be configured.
B. IKE implementation can install routes in routing table.
C. GRE encapsulation allows for forwarding of non-IP traffic.
D. NHRP authentication provides enhanced security.
Answer: B
Q92. Refer to the exhibit.
The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly?
A. The address command on Router2 must be narrowed down to a /32 mask.
B. The local and remote keys on Router2 must be switched.
C. The pre-shared key must be altered to use only lowercase letters.
D. The local and remote keys on Router2 must be the same.
Answer: B
Q93. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: A,B,G
Q94. A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address
209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)
A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any
B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80
C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10
D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10
E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic
Answer: A,B
Q95. Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?
A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download
B. instructing users to use the corporate proxy server for all web browsing
C. disabling split tunneling
D. permitting local LAN access
Answer: C
Q96. To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?
A. Cisco IOS WebVPN customization template
B. Cisco IOS WebVPN customization general
C. web-access-hlp.inc
D. app-access-hlp.inc
Answer: A
Q97. In the Diffie-Hellman protocol, which type of key is the shared secret?
A. a symmetric key
B. an asymmetric key
C. a decryption key
D. an encryption key
Answer: A
Q98. Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?
A. clear configure crypto
B. clear configure crypto ipsec
C. clear crypto map
D. clear crypto ikev2 sa
Answer: A
Q99. Which two statements comparing.ECC and RSA are true? (Choose two.)
A. ECC can have the same security as RSA but with a shorter key size.
B. ECC lags in performance when compared with RSA.
C. Key generation in ECC is slower and less CPU intensive.
D. ECC cannot have the same security as RSA, even with an increased key size.
E. Key generation in ECC is faster and less CPU intensive.
Answer: A,E
Q100. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?
A. TLS
B. DTLS
C. IKEv2
D. ISAKMP
Answer: D