Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.31

Which option describes the purpose of the command show derived-config interface virtual- access 1?

1. It verifies that the virtual access interface is cloned correctly with per-user attributes.

2. It verifies that the virtual template created the tunnel interface.

3. It verifies that the virtual access interface is of type Ethernet.

4. It verifies that the virtual access interface is used to create the tunnel interface.

Correct Answer: A

Question No.32

Which hash algorithm is required to protect classified information?

1. MD5

2. SHA-1

3. SHA-256

4. SHA-384

Correct Answer: D

Question No.33

Refer to the exhibit. Which two characteristics of the VPN implementation are evident? (Choose two.)

1. dual DMVPN cloud setup with dual hub

2. DMVPN Phase 3 implementation

3. single DMVPN cloud setup with dual hub

4. DMVPN Phase 1 implementation

5. quad DMVPN cloud with quadra hub

6. DMVPN Phase 2 implementation

Correct Answer: BC

Question No.34

If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?

1. Determine whether the Cisco ASA can resolve the DNS names.

2. Determine whether the Cisco ASA has DNS forwarders set up.

3. Determine whether an ACL is present to permit DNS forwarding.

4. Replace the DNS name with an IP address.

Correct Answer: A

Question No.35

Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine?

1. Verify the trusted zone and cookies settings in your browser.

2. Make sure that you specified the URL correctly.

3. Try the URL from another operating system.

4. Move to the IPsec client.

Correct Answer: A

Question No.36

Which statement regarding GET VPN is true?

1. TEK rekeys can be load-balanced between two key servers operating in COOP.

2. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server.

3. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.

4. The configuration that defines which traffic to encrypt is present only on the key server.

5. The pseudotime that is used for replay checking is synchronized via NTP.

Correct Answer: D

Question No.37

What must be enabled in the web browser of the client computer to support Clientless SSL VPN?

1. cookies

2. ActiveX

3. Silverlight

4. popups

Correct Answer: A

Question No.38

Refer to the exhibit. After the configuration is performed, which combination of devices can connect?

1. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of quot;cisco.comquot;

2. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing quot;cisco.comquot;

3. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing quot;cisco.comquot;

4. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing quot;cisco.comquot;

Correct Answer: D

Question No.39

When you configure IPsec VPN High Availability Enhancements, which technology does Cisco recommend that you enable to make reconvergence faster?

1. EOT

2. IP SLAs

3. periodic IKE keepalives

4. VPN fast detection

Correct Answer: C

Question No.40

When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.)

1. Clear the browser history.

2. Clear the browser and Java cache.

3. Collect the information from the computer event log.

4. Enable and use HTML capture tools.

5. Gather crypto debugs on the adaptive security appliance.

6. Use Wireshark to capture network traffic.

Correct Answer: BEF

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF