[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 11-20

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 11

Which two features are required when configuring a DMVPN network? (Choose two.)

 

A.

Dynamic routing protocol

B.

GRE tunnel interface

C.

Next Hop Resolution Protocol

D.

Dynamic crypto map

E.

IPsec encryption

 

Correct Answer: BC

 

QUESTION 12

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?

 

A.

NHRP Event Publisher

B.

interface state control

C.

CAC

D.

NHRP Authentication

E.

ip nhrp connect

 

Correct Ans
wer:
C

 

 

QUESTION 13

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

 

A.

Change DMVPN timeout values.

B.

Adjust the MTU size within the routers.

C.

Replace certificate on the RDP server.

D.

Add RDP port to the extended ACL.

 

Correct Answer: C

 

 

QUESTION 14

Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?

 

A.

The Cisco AnyConnect Secure Mobility Client must be installed in flash.

B.

A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway.

C.

A Cisco plug-in must be installed on a SiteMinder server.

D.

The Cisco Secure Desktop software package must be installed in flash.

 

Correct Answer: C

 

 

QUESTION 15

Refer to the exhibit. Which technology is represented by this configuration?

 

clip_image001

 

A.

AAA for FlexVPN

B.

AAA for EzVPN

C.

TACACS+ command authorization

D.

local command authorization

 

Correct Answer: A

QUESTION 16

Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?

 

A.

site-to-site

B.

business-to-business

C.

Clientless SSL

D.

DMVPN

 

Correct Answer: C

 

 

QUESTION 17

Which cryptographic algorithms are approved to protect Top Secret information?

 

A.

HIPPA DES

B.

AES-128

C.

RC4-128

D.

AES-256

 

Correct Answer: D

 

 

QUESTION 18

An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do?

 

A.

Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.

B.

Enable the local LAN access option on the IPsec client.

C.

Enable the IPsec over TCP option on the IPsec client.

D.

Enable the clientless SSL VPN option on the PC.

 

Correct Answer: C

Explanation:

IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls

 

 

QUESTION 19

You have been using pre-shared keys for IKE authentication on your VPN. Your network has grown rapidly, and now you need to create VPNs with numerous IPsec peers. How can you enable scaling to numerous IPsec peers?

 

A.

Migrate to external CA-based digital certificate authentication.

B.

Migrate to a load-balancing server.

C.

Migrate to a shared license server.

D.

Migrate from IPsec to SSL VPN client extended authentication.

 

Correct Answer: A

 

 

QUESTION 20

Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)

 

A.

Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

B.

Only crypto map configuration that is set up on the active device must be duplicated on the standby device.

C.

The IPsec configuration that is set up on the active device must be duplicated on the standby device.

D.

The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.

E.

The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.

F.

Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

G.

The IKE configuration that is set up on the active device must be duplicated on the standby device.

 

Correct Answer: CEG

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com