[Free] 2017(Apr) Ensurepass Braindumps Cisco 300-209 Latest Dumps 91-100

Ensurepass
2017 April Cisco Official New Released 300-209 Q&As
100% Free Download! 100% Pass Guaranteed!
http://www.ensurepass.com/300-209.html

Implementing Cisco Secure Mobility Solutions (SIMOS)

QUESTION 91

Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

 

A.

Verify that the primary protocol on the client machine is set to IPsec.

B.

Verify that AnyConnect is enabled on the correct interface.

C.

Verify that the IKEv2 protocol is enabled on the group policy.

D.

Verify that ASDM and AnyConnect are not using the same port.

E.

Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.

 

Correct Answer: AC

 

 

QUESTION 92

Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and a Cisco IOS router at a remote office?

 

A.

vpnsetup site-to-site steps

B.

show running-config crypto

C.

show vpn-sessiondb l2l

D.

vpnsetup ssl-remote-access steps

 

Correct Answer: A

 

 

QUESTION 93

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

 

A.

ACL

B.

IP routing

C.

RRI

D.

front door VPN routing and forwarding

 

Correct Answer: B

 

 

QUESTION 94

Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

 

A.

one IPsec SA for all encrypted traffic

B.

no requirement for an overlay routing protocol

C.

design for use over public or private WAN

D.

sequence numbers that enable scalable replay checking

E.

enabled use of ESP or AH

F.

preservation of IP protocol in outer header

Correct Answer: AB

 

 

QUESTION 95

Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only. Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?

 

clip_image001

 

A.

no inverse arp

B.

neighbor (ip address)

C.

no ip split-horizon egrp 1

D.

redistribute static

 

Correct Answer: A

 

 

QUESTION 96

Refer to the exhibit. A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters?

 

clip_image003

 

A.

“engineering” Group Policy

B.

“contractor” Connection Profile

C.

DefaultWEBVPNGroup Group Policy

D.

DefaultRAGroup Group Policy

E.

“engineer1” AAA/Local Users

 

Correct Answer: A

Explanation:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html#wp1054618

 

The policy group is a container that defines the presentation of the portal and the permissions for resources that are configured for a group of remote users. Entering the policy group command places the router in webvpn group policy configuration mode. After it is configured, the group policy is attached to the SSL VPN context configuration by configuring the default-group-policy command.

 

The following tasks are accomplished in this configuration:

The presentation of the SSL VPN portal page is configured.

A NetBIOS server list is referenced.

A port-forwarding list is referenced.

The idle and session timers are configured.

A URL list is referenced.

 

 

QUESTION 97

Refer to the exhibit. Which VPN solution does this configuration represent?

 

clip_image005

 

A.

DMVPN

B.

GETVPN

C.

FlexVPN

D.

site-to-site

 

Correct Answer: C

 

 

QUESTION 98

Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)

 

A.

key encryption key

B.

group encryption key

C.

user encryption key

D.

traffic encryption key

 

Correct Answer: AD

 

 

QUESTION 99

Refer to the exhibit. What is the problem with the IKEv2 site-to-site VPN tunnel?

 

clip_image007

 

A.

incorrect PSK

B.

crypto access list mismatch

C.

incorrect tunnel group

D.

crypto policy mismatch

E.

incorrect certificate

 

Correct Answer: B

 

 

QUESTION 100

In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require?

 

A.

Virtual tunnel interface

B.

Multipoint GRE interface

C.

Point-to-point GRE interface

D.

Loopback interface

 

Correct Answer: B

100% Free Download!
—Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Ensurepass 300-209 Full Exam PDF and VCE Q&As:267
—Get 10% off your purchase! Copy it:8GTC-8UIE-M1SC [2017.04.01-2017.04.30]

Ensurepass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF + VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Ensurepass IT Certification PDF and VCE

HOT EXAM!
Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com