[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 121-130

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 121

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?

 

1d00h: IPSec (validate_proposal): transform proposal

 

(port 3, trans 2, hmac_alg 2) not supported

 

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0

 

1d00h: ISAKMP (0:2) SA not acceptable

 

A.

Phase 1 policy does not match on both sides.

B.

The Phase 2 transform set does not match on both sides.

C.

ISAKMP is not enabled on the remote peer.

D.

The crypto map is not applied on the remote peer.

E.

The Phase 1 transform set does not match on both sides.

 

Correct Answer: B

 

 

QUESTION 122

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest?

 

1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0

 

1d00h: ISAKMP (0:1); no offers accepted!

 

1d00h: ISAKMP (0:1): SA not acceptable!

 

1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10

 

A.

Phase 1 policy does not match on both sides.

B.

The transform set does not match on both sides.

C.

ISAKMP is not enabled on the remote peer.

D.

There is a mismatch in the ACL that identifies interesting traffic.

 

Correct Answer: A

 

 

QUESTION 123

Which feature is enabled by the use of NHRP in a DMVPN network?

 

A.

host routing with Reverse Route Injection

B.

BGP multiaccess

C.

host to NBMA resolution

D.

EIGRP redistribution

 

Correct Answer: C

 

 

QUESTION 124

Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)

 

A.

aes-cbc-192, sha256, 14

B.

3des, md5, 5

C.

3des, sha1, 1

D.

aes-cbc-128, sha, 5

 

Correct Answer: BD

 

 

QUESTION 125

A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)

 

A.

increased hash size

B.

DOS protection

C.

Preshared keys are used for authentication.

D.

RSA-Sig used for authentication

E.

native NAT traversal

F.

asymmetric authentication

 

Correct Answer: BCD

 

 

QUESTION 126

Refer to the exhibit. What technology does the given configuration demonstrate?

 

clip_image001

 

A.

Keyring used to encrypt IPSec traffic

B.

FlexVPN with IPV6

C.

FlexVPN with AnyConnect

D.

Crypto Policy to enable IKEv2

 

Correct Answer: B

 

 

QUESTION 127

Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

 

A.

Configuration > WebVPN > WebVPN Access

B.

Configuration > Remote Access VPN > Clientless SSL VPN Access

C.

Configuration > WebVPN > WebVPN Config

D.

Configuration > VPN > WebVPN Access

 

Correct Answer: B

 

 

QUESTION 128

Refer to the exhibit. The ABC Corporation is changing remote-user authentication from pre-shared keys to certificate-based authentication. For most employee authentication, its group membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers. As the network engineer, where would you look for the problem?

 

clip_image003

 

A.

Check the validity of the identity and root certificate on the PC of the finance manager.

B.

Change the Management Certificate to Connection Profile Maps > Rule Priority to a number that is greater than 10.

C.

Check if the Management Certificate to Connection Profile Maps > Rules is configured correctly.

D.

Check if the Certificate to Connection Profile Maps > Policy is set correctly.

 

Correct Answer: D

Explanation:

Cisco ASDM User Guide Version 6.1

 

clip_image005

 

 

QUESTION 129

An engineer is troubleshooting a DMVPN spoken router and sees a CRPTO-4- IKMP_BAD_MESSAGE debug message that a spoke router “failed its sanity check or is malformed” Which issue does the error message indicate?

 

A.

mismatched preshared key

B.

unsupported transform propsal

C.

invalid IP packet SPI

D.

incompatible transform set

 

Correct Answer: A

 

 

QUESTION 130

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

 

A.

enrollment profile

B.

enrollment terminal

C.

enrollment url

D.

enrollment selfsigned

 

Correct Answer: A

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com