[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 121-130

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.121

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?

1d00h: IPSec (validate_proposal): transform proposal (port 3, trans 2, hmac_alg 2) not supported

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 1d00h: ISAKMP (0:2) SA not acceptable

  1. Phase 1 policy does not match on both sides.

  2. The Phase 2 transform set does not match on both sides.

  3. ISAKMP is not enabled on the remote peer.

  4. The crypto map is not applied on the remote peer.

  5. The Phase 1 transform set does not match on both sides.

Correct Answer: B

Question No.122

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest?

1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 1d00h: ISAKMP (0:1); no offers accepted!

1d00h: ISAKMP (0:1): SA not acceptable!

1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at 10.10.10.10

  1. Phase 1 policy does not match on both sides.

  2. The transform set does not match on both sides.

  3. ISAKMP is not enabled on the remote peer.

  4. There is a mismatch in the ACL that identifies interesting traffic.

Correct Answer: A

Question No.123

Which feature is enabled by the use of NHRP in a DMVPN network?

  1. host routing with Reverse Route Injection

  2. BGP multiaccess

  3. host to NBMA resolution

  4. EIGRP redistribution

Correct Answer: C

Question No.124

Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)

A. aes-cbc-192, sha256, 14

  1. 3des, md5, 5

  2. 3des, sha1, 1

  3. aes-cbc-128, sha, 5

Correct Answer: BD

Question No.125

A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)

  1. increased hash size

  2. DOS protection

  3. Preshared keys are used for authentication.

  4. RSA-Sig used for authentication

  5. native NAT traversal

  6. asymmetric authentication

Correct Answer: BEF

Question No.126

Refer to the exhibit. What technology does the given configuration demonstrate?

image

  1. Keyring used to encrypt IPSec traffic

  2. FlexVPN with IPV6

  3. FlexVPN with AnyConnect

  4. Crypto Policy to enable IKEv2

Correct Answer: B

Question No.127

Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

  1. Configuration gt; WebVPN gt; WebVPN Access

  2. Configuration gt; Remote Access VPN gt; Clientless SSL VPN Access

  3. Configuration gt; WebVPN gt; WebVPN Config

  4. Configuration gt; VPN gt; WebVPN Access

Correct Answer: B

Question No.128

Refer to the exhibit. The ABC Corporation is changing remote-user authentication from pre- shared keys to certificate-based authentication. For most employee authentication, its group

membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers. As the network engineer, where would you look for the problem?

image

  1. Check the validity of the identity and root certificate on the PC of the finance manager.

  2. Change the Management Certificate to Connection Profile Maps gt; Rule Priority to a number that is greater than 10.

  3. Check if the Management Certificate to Connection Profile Maps gt; Rules is configured correctly.

  4. Check if the Certificate to Connection Profile Maps gt; Policy is set correctly.

Correct Answer: D

Explanation:

Cisco ASDM User Guide Version 6.1

image

Question No.129

An engineer is troubleshooting a DMVPN spoken router and sees a CRPTO-4- IKMP_BAD_MESSAGE debug message that a spoke router quot;failed its sanity check or is malformedquot; Which issue does the error message indicate?

  1. mismatched preshared key

  2. unsupported transform propsal

  3. invalid IP packet SPI

  4. incompatible transform set

Correct Answer: A

Question No.130

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

  1. enrollment profile

  2. enrollment terminal

  3. enrollment url

  4. enrollment selfsigned

Correct Answer: A

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.