[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 71-80

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 71

Which VPN solution is best for a collection of branch offices connected by MPLS that frequenty make VoIP calls between branches?

 

A.

GETVPN

B.

Cisco AnyConnect

C.

site-to-site

D.

DMVPN

 

Correct Answer: A

 

 

QUESTION 72

Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

 

A.

more system:running-config

B.

show running-config crypto

C.

show running-config tunnel-group

D.

show running-config tunnel-group-map

E.

clear config tunnel-group

F.

show ipsec policy

 

Correct Answer: A

 

 

QUESTION 73

Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?

 

A.

vpn-filter none

B.

no vpn-filter

C.

filter value none

D.

filter value ACLname

 

Correct Answer: C

Explanation:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/v.html#pgfId-1842564

 

 

QUESTION 74

Which three configuration parameters are mandatory for an IKEv2 profile? (Choose three.)

 

A.

IKEv2 proposal

B.

local authentication method

C.

match identity or certificate

D.

IKEv2 policy

E.

PKI certificate authority

F.

remote authentication method

G.

IKEv2 profile description

H.

virtual template

 

Correct Answer: BCF

 

 

QUESTION 75

Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?

 

A.

using the proxy-server settings of the client computer to specify a PAC file for the client computer to download

B.

instructing users to use the corporate proxy server for all web browsing

C.

disabling split tunneling

D.

permitting local LAN access

 

Correct Answer: C

 

 

QUESTION 76

A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are the network engineer who is responsible for the network access of the temporary user. What should you do to restrict SSH access to the one projects.xyz.com server?

 

A.

Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.

B.

Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.

C.

Configure access-list temp_acl webtype permit url ssh://10.0.4.18.

D.

Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

 

Correct Answer: C

Explanation:

Web ACLs

The Web ACLs table displays the filters configured on the security appliance applicable to Clientless SSL VPN traffic. The table shows the name of each access control list (ACL), and below and indented to the right of the ACL name, the access control entries (ACEs) assigned to the ACL. Each ACL permits or denies access permits or denies access to specific networks, subnets, hosts, and web servers. Each ACE specifies one rule that serves the function of the ACL. You can configure ACLs to apply to Clientless SSL VPN traffic. The following rules apply:

If you do not configure any filters, all connections are permitted.

The security appliance supports only an inbound ACL on an interface.

At the end of each ACL, an implicit, unwritten rule denies all traffic that is not explicitly permitted. You can use the following wildcard characters to define more than one wildcard in the Webtype access list entry:

Enter an asterisk “*” to match no characters or any number of characters.

Enter a question mark “?” to match any one character exactly.

Enter square brackets “[]” to create a range operator that matches any one character in a range.

The following examples show how to use wildcards in Webtype access lists.

The following example matches URLs such as http://www.cisco.com/ and http://wwz.caco.com/: access- list test webtype permit url http://ww?.c*co*/

 

 

QUESTION 77

Which three plugins are available for clientless SSL VPN? (Choose three.)

 

A.

CIFS

B.

RDP2

C.

SSH

D.

VNC

E.

SQLNET

F.

ICMP

 

Correct Answer: BCD

 

 

QUESTION 78

When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?

 

A.

address assignment

B.

DHCP configuration

C.

tunnel group attributes

D.

host file misconfiguration

 

Correct Answer: C

 

 

QUESTION 79

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.)

 

A.

The client initiates a VPN connection upon detection of an untrusted network.

B.

The client initiates a VPN connection upon detection of a trusted network.

C.

The always-on feature is enabled.

D.

The always-on feature is disabled.

E.

The client does not automatically initiate any VPN connection.

 

Correct Answer: AD

 

 

QUESTION 80

An engineer is configuring an IPsec VPN with IKEv2. Which three components are part of the IKEv2 proposal for this implementation? (Choos three.)

 

A.

key ring

B.

DH group

C.

integrity

D.

tunnel name

E.

encryption

 

Correct Answer: CDE

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com