[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 51-60

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 51

Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSL VPN session. Which statement is correct concerning the SSL VPN authorization process?

 

A.

Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server.

B.

Remote clients can be authorized externally by applying group parameters from an external database.

C.

Remote client authorization is supported by RADIUS and TACACS+ protocols.

D.

To configure external authorization, you must configure the Cisco ASA for cut-through proxy.

 

Correct Answer: B

Explanation:

CISCO SSL VPN gu
ide

The aaa authentication command is entered to specify an authentication list or server group under a SSL VPN context configuration. If this command is not configured and AAA is configured globally on the router, global authentication will be applied to the context configuration.

The database that is configured for remote-user authentication on the SSL VPN gateway can be a local database, or the database can be accessed through any RADIUS or TACACS+ AAA server.

We recommend that you use a separate AAA server, such as a Cisco Access Control Server (ACS). A separate AAA server provides a more robust security solution. It allows you to configure unique passwords for each remote user and accounting and logging for remote-user sessions.

 

 

QUESTION 52

Which two statements comparing ECC and RSA are true? (Choose two.)

 

A.

ECC can have the same security as RSA but with a shorter key size.

B.

ECC lags in performance when compared with RSA.

C.

Key generation in ECC is slower and less CPU intensive.

D.

ECC cannot have the same security as RSA, even with an increased key size.

E.

Key generation in ECC is faster and less CPU intensive.

 

Correct Answer: AE

 

 

QUESTION 53

Which technology must be installed on the client computer to enable users to launch applications from a Clientless SSL VPN?

 

A.

Java

B.

QuickTime plug-in

C.

Silverlight

D.

Flash

 

Correct Answer: A

 

 

QUESTION 54

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

 

A.

CSCO_WEBVPN_OTP_PASSWORD

B.

CSCO_WEBVPN_INTERNAL_PASSWORD

C.

CSCO_WEBVPN_USERNAME

D.

CSCO_WEBVPN_RADIUS_USER

 

Correct Answer: BC

 

 

QUESTION 55

Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface?

 

A.

ip unnumbered interface

B.

eigrp router-id

C.

passive-interface interface name

D.

ip split-horizon eigrp as number

 

Correct Answer: A

 

QUESTION 56

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

 

A.

ASDM

B.

Connection-profile CLI command

C.

Host-scan CLI command under the VPN group policy

D.

Pre-login-check CLI command

 

Correct Answer: A

 

 

QUESTION 57

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?

 

A.

The router must be configured with a dynamic crypto map.

B.

Certificates are always used for phase 1 authentication.

C.

The tunnel establishment will fail if the router is configured as a responder only.

D.

The router and the peer router must have NAT traversal enabled.

 

Correct Answer: C

 

 

QUESTION 58

After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?

 

interface. Tunnel100

 

Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10

 

protected vrf. (none)

 

local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0)

 

remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0)

 

current_peer 209.165.200.230 port 500

 

PERMIT, flags={origin_is_acl,}

 

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836

 

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211

 

#pkts compressed. 0, #pkts decompressed. 0

 

#pkts not compressed. 0, #pkts compr. failed. 0

 

#pkts not decompr
essed. 0, #pkts decompress failed. 0

 

#send errors 0, #recv errors 0

 

A.

The VPN has established and is functioning normally.

B.

There is an asymmetric routing issue.

C.

The remote peer is not receiving encrypted traffic.

D.

The remote peer is not able to decrypt traffic.

E.

Packet corruption is occurring on the path between the two peers.

 

Correct Answer: E

 

 

QUESTION 59

Which command can be used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

 

A.

show crypto lkev2 client flexvpn

B.

show crypto identity

C.

show crypto isakmp sa

D.

show crypto gkm

 

Correct Answer: A

 

 

QUESTION 60

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?

 

A.

The user’s FTP application is not supported.

B.

The user is connecting to an IOS VPN gateway configured in Thin Client Mode.

C.

The user is connecting to an IOS VPN gateway configured in Tunnel Mode.

D.

The user’s operating system is not supported.

 

Correct Answer: B

Explanation:

http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html

 

Thin-Client SSL VPN (Port Forwarding)

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications.

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com