[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 141-150

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 141

Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes?

 

clip_image002

 

A.

“engineering” Group Policy

B.

“contractor” Connection Profile

C.

“engineer1” AAA/Local Users

D.

DfltGrpPolicy Group Policy

 

Correct Answer: B

Explanation:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac05hostscanposture.html#wp1039696

 

 

QUESTION 142

Which command configures IKEv2 symmetric identity authentication?

 

A.

match identity remote address 0.0.0.0

B.

authentication local pre-share

C.

authentication pre-share

D.

authentication remote rsa-sig

 

Correct Answer: D

 

 

QUESTION 143

Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN users?

 

A.

Trusted Network Detection

B.

Datagram Transport Layer Security

C.

Cisco AnyConnect Customization

D.

banner message

 

Correct Answer: A

 

 

QUESTION 144

Refer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?

 

clip_image004

 

A.

same-security-traffic permit inter-interface

B.

same-security-traffic permit intera-interface

C.

dns-server value 10.1.1.3

D.

split-tunnel-network list

 

Correct Answer: C

 

 

QUESTION 145

Which application does the Application Access feature of Clientless VPN support?

 

A.

TFTP

B.

VoIP

C.

Telnet

D.

active FTP

 

Correct Answer: C

 

 

QUESTION 146

Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

 

A.

NHRP network ID

B.

GRE tunnel key

C.

NHRP authentication string

D.

tunnel VRF

E.

EIGRP process name

F.

EIGRP split-horizon setting

 

Correct Answer: ABC

 

 

QUESTION 147

Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct?

 

clip_image005

 

A.

The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.

B.

The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2.

C.

CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.

D.

The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.

E.

With split tunneling enabled, the Cisco VPN Client registers no decrypted packets.

 

Correct Answer: B

 

 

QUESTION 148

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. What is a possible cause of the connection failure?

 

A.

An invalid modulus was used to generate the initial key.

B.

The VPN is using an expired certificate.

C.

The Cisco ASA appliance was reloaded.

D.

The Trusted Root Store is configured incorrectly.

 

Correct Answer: C

 

 

QUESTION 149

Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?

 

clip_image006

 

A.

DMVPN with dual hub

B.

GET VPN with dual group member

C.

FlexVPN backup gateway

D.

GET VPN with COOP key server

E.

FlexVPN load balancer

 

Correct Answer: D

 

 

QUESTION 150

In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to-spoke communication? (Choose two.)

 

A.

autosummary

B.

split horizon

C.

metric calculation using bandwidth

D.

EIGRP address family

E.

next-hop-self

F.

default administrative distance

 

Correct Answer: BE

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com