[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 161-170

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.161

Refer to the exhibit. When the user quot;contractorquot; Cisco AnyConnect tunnel is established, what type of Cisco ASA user restrictions are applied to the tunnel?

image

  1. full restrictions (no Cisco ASDM, no CLI, no console access)

  2. full restrictions (no read, no write, no execute permissions)

  3. full restrictions (CLI show commands and Cisco ASDM monitoring permissions only)

  4. full access with no restrictions

Correct Answer: D

Question No.162

Refer to the exhibit. Which type of VPN implementation is displayed?

image

  1. IKEv2 reconnect

  2. IKEv1 cluster

  3. IKEv2 load balancer

  4. IKEv1 client

  5. IPsec high availability

  6. IKEv2 backup gateway

Correct Answer: C

Question No.163

Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN?

  1. csd hostscan path image

  2. csd hostscan image path

  3. csd hostscan path

  4. hostscan image path

Correct Answer: B

Question No.164

A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company#39;s SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company#39;s requirement? (Choose two).

  1. AnyConnect client

  2. Smart Tunnels

  3. Email Proxy

  4. Content Rewriter

  5. Portal Customizations

Correct Answer: AB

Question No.165

Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?

  1. DTLS

  2. SCTP

  3. DCCP

  4. SRTP

Correct Answer: A

Question No.166

Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties?

  1. group 10

  2. group 24

  3. group 5

  4. group 20

Correct Answer: D

Question No.167

As network consultant, you are asked to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend?

  1. DMVPN

  2. FlexVPN

  3. GET VPN

  4. SSL VPN

Correct Answer: B

Question No.168

Refer to the exhibit. In the CLI snippet that is shown, what is the function of the deny option in the access list?

image

  1. When set in conjunction with outbound connection-type bidirectional, its function is to prevent the specified traffic from being protected by the crypto map entry.

  2. When set in conjunction with connection-type originate-only, its function is to instruct the Cisco ASA to deny specific inbound traffic if it is not encrypted.

  3. When set in conjunction with outbound connection-type answer-only, its function is to instruct the Cisco ASA to deny specific outbound traffic if it is not encrypted.

  4. When set in conjunction with connection-type originate-only, its function is to cause all IP traffic that matches the specified conditions to be protected by the crypto map.

Correct Answer: A

Question No.169

Refer to the exhibit. You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate?

image

  1. IKEv2 failed to establish a phase 2 negotiation.

  2. The Crypto ACL is different on the peer device.

  3. ISAKMP was unable to find a matching SA.

  4. IKEv2 was used in aggressive mode.

Correct Answer: B

Question No.170

What are two forms of SSL VPN? (Choose two.)

  1. port forwarding

  2. Full Tunnel Mode

  3. Cisco IOS WebVPN

  4. Cisco AnyConnect

Correct Answer: CD

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF