[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 111-120

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 111

Refer to the exhibit. A junior network engineer configured the corporate Cisco ASA appliance to accommodate a new temporary worker. For security reasons, the IT department wants to restrict the internal network access of the new temporary worker to the corporate server, with an IP address of 10.0.4.10. After the junior network engineer finished the configuration, an IT security specialist tested the account of the temporary worker. The tester was able to access the URLs of additional secure servers from the WebVPN user account of the temporary worker. What did the junior network engineer configure incorrectly?

 

clip_image002

 

A.

The ACL was configured incorrectly.

B.

The ACL was applied incorrectly or was not applied.

C.

Network browsing was not restricted on the temporary worker group policy.

D.

Network browsing was not restricted on the temporary worker user policy.

 

Correct Answer: B

 

 

QUESTION 112

What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?

 

A.

The hub sends back a resolution reply to the requesting spoke.

B.

The hub updates its own NHRP mapping.

C.

The hub forwards the request to the destination spoke.

D.

The hub waits for the second spoke to send a request so that it can respond to both spokes.

Correct Answer: C

 

 

QUESTION 113

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.)

 

A.

priority number

B.

hash algorithm

C.

encryption algorithm

D.

session lifetime

E.

PRF algorithm

 

Correct Answer: BC

 

 

QUESTION 114

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

 

A.

interface virtual-template number type template

B.

interface virtual-template number type tunnel

C.

interface template number type virtual

D.

interface tunnel-template number

 

Correct Answer: B

Explanation:

Here is a reference an explanation that can be included with this test.

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A

 

Configuring the Virtual Tunnel Interface on FlexVPN Spoke

 

SUMMARY STEPS

1. enable

2. configure terminal

3. interface virtual-template number type tunnel

4. ip unnumbered tunnel number

5. ip nhrp network-id number

6. ip nhrp shortcut virtual-template-number

7. ip nhrp redirect [timeout seconds]

8. exit

 

 

QUESTION 115

Which functionality is provided by L2TPv3 over FlexVPN?

 

A.

the extension of a Layer 2 domain across the FlexVPN

B.

the extension of a Layer 3 domain across the FlexVPN

C.

secure communication between servers on the FlexVPN

D.

a secure backdoor for remote access users through the FlexVPN

 

Correct Answer: A

 

QUESTION 116

Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?

 

A.

clear configure crypto

B.

clear configure crypto ipsec

C.

clear crypto map

D.

clear crypto ikev2 sa

 

Correct Answer: A

 

 

QUESTION 117

Which protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?

 

A.

TLS

B.

DTLS

C.

IKEv2

D.

ISAKMP

 

Correct Answer: D

 

 

QUESTION 118

Refer to the exhibit. What is the purpose of the given configuration?

 

clip_image003

 

A.

Establishing a GRE tunnel.

B.

Enabling IPSec to decrypt fragmented packets.

C.

Resolving access issues caused by large packet sizes.

D.

Adding the spoke to the routing table.

 

Correct Answer: C

 

 

QUESTION 119

Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

 

A.

SHA-512

B.

SHA-256

C.

SHA-192

D.

SHA-380

E.

SHA-192

F.

SHA-196

 

Correct Answer: AB

 

QUESTION 120

Which three settings are required for crypto map configuration? (Choose three.)

 

A.

match address

B.

set peer

C.

set transform-set

D.

set security-association lifetime

E.

set security-association level per-host

F.

set pfs

 

Correct Answer: ABC

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com