[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 61-70

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 61

Refer to the exhibit. The customer needs to launch AnyConnect in the RDP machine. Which configuration is correct?

 

clip_image001

 

A.

crypto vpn anyconnect profile test flash:RDP.xml

policy group default

svc profile test

B.

crypto vpn anyconnect profile test flash:RDP.xml

webvpn context GW_1

browser-attribute import flash:/swj.xml

C.

crypto vpn anyconnect profile test flash:RDP.xml

policy group default

svc profile flash:RDP.x
ml

D.

crypto vpn anyconnect profile test flash:RDP.xml

webvpn context GW_1

browser-attribute import test

 

Correct Answer: A

 

 

QUESTION 62

Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?

 

A.

FlexVPN

B.

DMVPN

C.

GET VPN

D.

SSL VPN

 

Correct Answer: A

 

 

QUESTION 63

Which protocol supports high availability in a Cisco IOS SSL VPN environment?

 

A.

HSRP

B.

VRRP

C.

GLBP

D.

IRDP

 

Correct Answer: A

 

 

QUESTION 64

Which algorithm provides both encryption and authentication for data plane communication?

 

A.

SHA-96

B.

SHA-384

C.

3DES

D.

AES-256

E.

AES-GCM

F.

RC4

 

Correct Answer: E

 

 

 

QUESTION 65

Which two commands are include in the command show dmvpn detail? (Choose two.)

 

A.

Show ip nhrp

B.

Show ip nhrp nhs

C.

Show crypto ipsec sa detail

D.

Show crypto session detail

E.

Show crypto sockets

 

Correct Answer: CE

 

 

QUESTION 66

An administrator received a report that a user cannot connect to the headquarters site using Cisco AnyConnect and receives this error. The installer was not able to start the Cisco VPN client, clientless access is not available, Which option is a possible cause for this error?

 

A.

The client version of Cisco AnyConnect is not compatible with the Cisco ASA software image.

B.

The operating system of the client machine is not supported by Cisco AnyConnect.

C.

The driver for Cisco AnyConnect is outdatate.

D.

The installed version of Java is not compatible with Cisco AnyConnect.

 

Correct Answer: C

 

 

QUESTION 67

Which statement regarding hashing is correct?

 

A.

MD5 produces a 64-bit message digest.

B.

SHA-1 produces a 160-bit message digest.

C.

MD5 takes more CPU cycles to compute than SHA-1.

D.

Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.

 

Correct Answer: B

 

 

QUESTION 68

Which type of NHRP packet is unique to Phase 3 DMVPN topologies?

 

A.

resolution request

B.

resolution reply

C.

redirect

D.

registration request

E.

registration reply

F.

error indication

 

Correct Answer: C

 

 

 

 

 

 

QUESTION 69

Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication. Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?

 

clip_image002

 

A.

FTP

B.

LDAP

C.

HTTPS

D.

SCEP

E.

OCSP

 

Correct Answer: D

Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html

 

About CRLs

Certificate Revocation Lists provide the security appliance with one means of determining whether a certificate that is within its vali
d time range has been revoked by its issuing CA. CRL configuration is a part of the configuration of a trustpoint.

You can configure the security appliance to make CRL checks mandatory when authenticating a certificate (revocation-check crl command). You can also make the CRL check optional by adding the none argument (revocation-check crl none command), which allows the certificate authentication to succeed when the CA is unavailable to provide updated CRL data.

The security appliance can retrieve CRLs from CAs using HTTP, SCEP, or LDAP. CRLs retrieved for each trustpoint are cached for a length of time configurable for each trustpoint. When the security appliance has cached a CRL for more than the length of time it is configured to cache CRLs, the security appliance considers the CRL too old to be reliable, or “stale”. The security appliance attempts to retrieve a newer version of the CRL the next time a certificate authentication requires checking the stale CRL.

 

QUESTION 70

Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

 

A.

AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.

B.

IKEv2 sessions are not licensed.

C.

The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.

D.

Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

 

Correct Answer: B

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com