[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 81-90

Get Full Version of the Exam

Question No.81

Refer to the exhibit. Which VPN solution does this configuration represent?


  1. Cisco AnyConnect (IKEv2)

  2. site-to-site

  3. DMVPN

  4. SSL VPN

Correct Answer: D

Question No.82

Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

  1. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.

  2. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

  3. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

  4. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.

  5. Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Correct Answer: CD

Question No.83

Refer to the exhibit. The user quot;contractorquot; inherits which VPN group policy?


  1. employee

  2. management

  3. DefaultWEBVPNGroup

  4. DfltGrpPolicy

  5. new_hire

Correct Answer: D

Question No.84

Which three commands are included in the command show dmvpn detail? (Choose three.)

  1. show ip nhrp nhs

  2. show dmvpn

  3. show crypto session detail

  4. show crypto ipsec sa detail

  5. show crypto sockets

  6. show ip nhrp

Correct Answer: BCE

Question No.85

Refer to the exhibit. An engineer encounters a debug message. Which action can the engineer take to eliminate this error message?


  1. Use stronger encryption suite.

  2. Correct the VPN peer address.

  3. Make adjustment to IPSec replay window.

  4. Change the preshared key to match.

Correct Answer: B

Question No.86

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

  1. migrate remote-access ssl overwrite

  2. migrate remote-access ikev2

  3. migrate l2l

  4. migrate remote-access ssl

Correct Answer: A


Below is a reference for this question: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation- firewalls/113597-ptn-113597.html

If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command:

migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note: Keyword definitions:

l2l – This converts current IKEv1 l2l tunnels to IKEv2.

remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.

overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

Question No.87

Which statement about plug-ins is false?

  1. Plug-ins do not require any installation on the remote system.

  2. Plug-ins require administrator privileges on the remote system.

  3. Plug-ins support interactive terminal access.

  4. Plug-ins are not supported on the Windows Mobile platform.

Correct Answer: B

Explanation: http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/ deployhtml#wp1162435


The security appliance supports Java plug-ins for clientless SSL VPN connections. Plug-ins are Java programs that operate in a browser. These plug-ins include SSH/Telnet, RDP, VNC, and Citrix.

Per the GNU General Public License (GPL), Cisco redistributes plug-ins without making any changes to them.

Per the GPL, Cisco cannot directly enhance these plug-ins. To use plug-ins you must install Java Runtime Environment (JRE) 1.4.2.x or greater. You must also use a compatible browser specified here:


Question No.88

Refer to the exhibit. Which action is demonstrated by this debug output?


  1. NHRP initial registration by a spoke.

  2. NHRP registration acknowledgement by the hub.

  3. Disabling of the DMVPN tunnel interface.

  4. IPsec ISAKMP phase 1 negotiation.

Correct Answer: A

Question No.89

Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?

  1. shares a single profile between multiple tunnel interfaces

  2. allows multiple authentication types to be used on the tunnel interface

  3. shares a single profile between a tunnel interface and a crypto map

  4. shares a single profile between IKEv1 and IKEv2

Correct Answer: A

Question No.90

Refer to the exhibit. While troubleshooting a remote-access application, a new NOC engineer received the logging message that is shown in the exhibit. Which configuration is most likely to be mismatched?


  1. IKE configuration

  2. extended authentication configuration

  3. IPsec configuration

  4. digital certificate configuration

Correct Answer: C

Explanation: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml and %ASA-5-713259: Group = groupname, Username = username, IP = peerIP, Session is being torn down. Reason: reason

Explanation The termination reason for the ISAKMP session appears, which occurs when the session is torn down through session management.

groupnameThe tunnel group of the session being terminated usernameThe username of the session being terminated peerIPThe peer address of the session being terminated

reasonThe RADIUS termination reason of the session being terminated. Reasons include the following:

Port Preempted (simultaneous logins) Idle Timeout

Max Time Exceeded Administrator Reset

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com