[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 21-30

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 21

Which are two main use cases for Clientless SSL VPN? (Choose two.)

 

A.

In kiosks that are part of a shared environment

B.

When the users do not have admin rights to install a new VPN client

C.

When full tunneling is needed to support applications that use TCP, UDP, and ICMP

D.

To create VPN site-to-site tunnels in combination with remote access

 

Correct Answer: AB

 

 

QUESTION 22

Which protocol does DTLS use for its transport?

 

A.

TCP

B.

UDP

C.

IMAP

D.

DDE

 

Correct Answer: B

 

 

 

 

 

 

QUESTION 23

Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution?

 

A.

AES-GCM and SHA-2

B.

3DES and DH

C.

AES-CBC and SHA-1

D.

3DES and SHA-1

 

Correct Answer: A

 

 

QUESTION 24

What are three benefits of deploying a GET VPN? (Choose three.)

 

A.

It provides highly scalable point-to-point topologies.

B.

It allows replication of packets after encryption.

C.

It is suited for enterprises running over a DMVPN network.

D.

It preserves original source and destination IP address information.

E.

It simplifies encryption management through use of group keying.

F.

It supports non-IP protocols.

 < /p>

Correct Answer: BDE

 

 

QUESTION 25

Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?

 

clip_image001

 

A.

PSK

B.

Phase 1 policy

C.

transform set

D.

crypto access list

 

Correct Answer: A

 

 

QUESTION 26

A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing traffic to be blackholed. Which command should be used to identify the peer from which that route originated?

 

A.

show crypto ikev2 sa detail

B.

show crypto route

C.

show crypto ikev2 client flexvpn

D.

show ip route eigrp

E.

show crypto isakmp sa detail

 

Correct Answer: B

 

 

QUESTION 27

Refer to the exhibit. A new NOC engineer, while viewing a real-time log from an SSL VPN tunnel, has a question about a line in the log. The IP address 172.26.26.30 is attached to which interface in the network?

 

clip_image003

 

A.

the Cisco ASA physical interface

B.

the physical interface of the end user

C.

the Cisco ASA SSL VPN tunnel interface

D.

the SSL VPN tunnel interface of the end user

 

Correct Answer: B

 

 

QUESTION 28

A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)

 

A.

Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any

B.

After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80

C.

Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10

D.

Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10

E.

Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user’s traffic

 

Correct Answer: AB

 

QUESTION 29

Which benefit of FlexVPN is not offered by DMVPN using IKEv1?

 

A.

Dynamic routing protocols can be configured.

B.

IKE implementation can install routes in routing table.

C.

GRE encapsulation allows for forwarding of non-IP traffic.

D.

NHRP authentication provides enhanced security.

 

Correct Answer: B

 

 

QUESTION 30

Which command is used to determine how many GMs have registered in a GETVPN environment?

 

A.

show crypto isakmp sa

B.

show crypto gdoi ks members

C.

show crypto gdoi gm

D.

show crypto ipsec sa

E.

show crypto isakmp sa count

 

Correct Answer: B

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com