[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 81-90

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 81

Refer to the exhibit. Which VPN solution does this configuration represent?

 

clip_image001

 

A.

Cisco AnyConnect (IKEv2)

B.

site-to-site

C.

DMVPN

D.

SSL VPN

 

Correct Answer: D

 

 

QUESTION 82

Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

 

A.

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.

B.

The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

C.

A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

D.

Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.

E.

Clientless SSLVPN provides Layer 3 connectivity into the secured network.

 

Correct Answer: CD

 

 

 

 

 

 

 

QUESTION 83

Refer to the exhibit. The user “contractor” inherits which VPN group policy?

 

clip_image003

 

A.

employee

B.

management

C.

DefaultWEBVPNGroup

D.

DfltGrpPolicy

E.

new_hire

 

Correct Answer: D

 

 

QUESTION 84

Which three commands are included in the command show dmvpn detail? (Choose three.)

 

A.

show ip nhrp nhs

B.

show dmvpn

C.

show crypto session detail

D.

show crypto ipsec sa detail

E.

show crypto sockets

F.

show ip nhrp

 

Correct Answer: ABC

 

 

QUESTION 85

Refer to the exhibit. An engineer encounters a debug message. Which action can the engineer take to eliminate this error message?

 

clip_image005

 

A.

Use stronger encryption suite.

B.

Correct the VPN peer address.

C.

Make adjustment to IPSec replay window.

D.

Change the preshared key to match.

 

Correct Answer: B

 

QUESTION 86

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

 

A.

migrate remote-access ssl overwrite

B.

migrate remote-access ikev2

C.

migrate l2l

D.

migrate remote-access ssl

 

Correct Answer: A

Explanation:

Below is a reference for this question:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation- firewalls/113597-ptn-113597.html

 

If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command:

 

migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note:

 

Keyword definitions:

 

l2l – This converts current IKEv1 l2l tunnels to IKEv2.

 

remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.

 

overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

 

 

QUESTION 87

Which statement about plug-ins is false?

 

A.

Plug-ins do not require any installation on the remote system.

B.

Plug-ins require administrator privileges on the remote system.

C.

Plug-ins support interactive terminal access.

D.< /font>

Plug-ins are not supported on the Windows Mobile platform.

 

Correct Answer: B

Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/ deployhtml#wp1162435

 

Plug-ins

The security appliance supports Java plug-ins for clientless SSL VPN connections. Plug-ins are Java programs that operate in a browser. These plug-ins include SSH/Telnet, RDP, VNC, and Citrix.

Per the GNU General Public License (GPL), Cisco redistributes plug-ins without making any changes to them.

Per the GPL, Cisco cannot directly enhance these plug-ins. To use plug-ins you must install Java Runtime Environment (JRE) 1.4.2.x or greater. You must also use a compatible browser specified here:

http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpncompatibility.html

 

QUESTION 88

Refer to the exhibit. Which action is demonstrated by this debug output?

 

clip_image007

 

A.

NHRP initial registration by a spoke.

B.

NHRP registration acknowledgement by the hub.

C.

Disabling of the DMVPN tunnel interface.

D.

IPsec ISAKMP phase 1 negotiation.

 

Correct Answer: A

 

 

QUESTION 89

Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?

 

A.

shares a single profile between multiple tunnel interfaces

B.

allows multiple authentication types to be used on the tunnel interface

C.

shares a single profile between a tunnel interface and a crypto map

D.

shares a single profile between IKEv1 and IKEv2

 

Correct Answer: A

 

 

QUESTION 90

Refer to the exhibit. While troubleshooting a remote-access application, a new NOC engineer received the logging message that is shown in the exhibit. Which configuration is most likely to be mismatched?

 

clip_image009

 

A.

IKE configuration

B.

extended authentication configuration

C.

IPsec configuration

D.

digital certificate configuration

 

Correct Answer: C

Explanation:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml and %ASA-5-713259: Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason

Explanation The termination reason for the ISAKMP session appears, which occurs when the session is torn down through session management.

groupname–The tunnel group of the session being terminated

username–The username of the session being terminated

peerIP–The peer address of the session being terminated

reason–The RADIUS termination reason of the session being terminated. Reasons include the following:

Port Preempted (simultaneous logins)

Idle Timeout

Max Time Exceeded

Administrator Reset

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com