[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 141-150

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.141

Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes?

image

  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. quot;engineer1quot; AAA/Local Users

  4. DfltGrpPolicy Group Policy

Correct Answer: B

Explanation: http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/gu ide/ac05hostscanposture.html#wp1039696

Question No.142

Which command configures IKEv2 symmetric identity authentication?

  1. match identity remote address 0.0.0.0

  2. authentication local pre-share

  3. authentication pre-share

  4. authentication remote rsa-sig

Correct Answer: C

Question No.143

Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN users?

  1. Trusted Network Detection

  2. Datagram Transport Layer Security

  3. Cisco AnyConnect Customization

  4. banner message

Correct Answer: A

Question No.144

Refer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?

image

  1. same-security-traffic permit inter-interface

  2. same-security-traffic permit intera-interface

  3. dns-server value 10.1.1.3

  4. split-tunnel-network list

Correct Answer: B

Question No.145

Which application does the Application Access feature of Clientless VPN support?

  1. TFTP

  2. VoIP

  3. Telnet

  4. active FTP

Correct Answer: C

Question No.146

Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

  1. NHRP network ID

  2. GRE tunnel key

  3. NHRP authentication string

  4. tunnel VRF

  5. EIGRP process name

  6. EIGRP split-horizon setting

Correct Answer: ABC

Question No.147

Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct?

image

  1. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.

  2. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2.

  3. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.

  4. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.

  5. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets.

Correct Answer: B

Question No.148

Consider this scenario. When users attempt to connect via a Cisco AnyConnect VPN session, the certificate has changed and the connection fails. What is a possible cause of the connection failure?

  1. An invalid modulus was used to generate the initial key.

  2. The VPN is using an expired certificate.

  3. The Cisco ASA appliance was reloaded.

  4. The Trusted Root Store is configured incorrectly.

Correct Answer: C

Question No.149

Refer to the exhibit. Which type of VPN is being configured, based on the partial configuration snippet?

image

  1. DMVPN with dual hub

  2. GET VPN with dual group member

  3. FlexVPN backup gateway

  4. GET VPN with COOP key server

  5. FlexVPN load balancer

Correct Answer: D

Question No.150

In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to- spoke communication? (Choose two.)

  1. autosummary

  2. split horizon

  3. metric calculation using bandwidth

  4. EIGRP address family

  5. next-hop-self

  6. default administrative distance

Correct Answer: BE

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF