[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 151-160

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 151

Which two operational advantages does GetVPN offer over site-to-site IPsec tunnel in a private MPLS-based core network? (Choose two.)

 

A.

Key servers perform encryption and decryption of all the data in the network, which allows for tight security policies.

B.

Traffic uses one VRF to encrypt data and a different on to decrypt data, which allows for multicast traffic isolation.

C.

GETVPN is tunnel-less, which allows any group member to perform decryption and routing around network failures.

D.

Packets carry original source and destination IP addresses, which allows for optimal routing of encrypted traffic.

E.

Group Domain of Interpretation protocol allows for homomorphic encryption, which allows group members to operate on messages without decrypting them

 

Correct Answer: DE

 

 

QUESTION 152

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have “admin” privileges to their PCs. What is the correct way to configure the SSL VPN tunnel to allow this application to run?

 

A.

Configure a smart tunnel for the application.

B.

Configure a “finance tool” VNC bookmark on the employee clientless SSL VPN portal.

C.

Configure the plug-in that best fits the application.

D.

Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

 

Correct Answer: A

 

 

QUESTION 153

Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

 

A.

SAML

B.

HTTP POST

C.

HTTP Basic

D.

NTLM

E.

Kerberos

F.

OAuth 2.0

 

Correct Answer: BCD

 

 

QUESTION 154

Which two types of authentication are supported when you use Cisco ASDM to configure site-to-site IKEv2 with IPv6? (Choose two.)

 

A.

preshared key

B.

webAuth

C.

digital certificates

D.

XAUTH

E.

EAP

 

Correct Answer: AC

 

 

QUESTION 155

Refer to the exhibit. Which statement about the given IKE policy is true?

 

clip_image001

 

A.

The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.

B.

It will use encrypted nonces for authentication.

C.

It has a keepalive of 60 minutes, checking every 5 minutes.

D.

It uses a 56-bit encryption algorithm.

 

Correct Answer: B

 

 

QUESTION 156

Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)

 

A.

Enable EIGRP next-hop-self on the hub.

B.

Disable EIGRP next-hop-self on the hub.

C.

Enable EIGRP split-horizon on the hub.

D.

Add NHRP redirects on the hub.

E.

Add NHRP shortcuts on the spoke.

F.

Add NHRP shortcuts on the hub.

 

Correct Answer: ADE

 

 

QUESTION 157

In which situation would you enable the Smart Tunnel option with clientless SSL VPN?

 

A.

when a user is using an outdated version of a web browser

B.

when an application is failing in the rewrite process

C.

when IPsec should be used over SSL VPN

D.

when a user has a nonsupported Java version installed

E.

when cookies are disabled

 

Correct Answer: B

 

 

QUESTION 158

Refer to the exhibit. Which authentication method was used by the remote peer to prove its identity?

 

clip_image003

 

A.

Extensible Authentication Protocol

B.

certificate authentication

C.

pre-shared key

D.

XAUTH

 

Correct Answer: C

 

 

QUESTION 159

Which two technologies are considered to be Suite B cryptography? (Choose two.)

 

A.

MD5

B.

SHA2

C.

Elliptical Curve Diffie-Hellman

D.

3DES

E.

DES

 

Correct Answer: BC

 

 

QUESTION 160

Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?

 

A.

show vpn-sessiondb summary

B.

show crypto ikev1 sa

C.

show vpn-sessiondb ratio encryption

D.

show iskamp sa detail

E.

show crypto protocol statistics all

 

Correct Answer: A

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com