[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 21-30

Get Full Version of the Exam

Question No.21

Which are two main use cases for Clientless SSL VPN? (Choose two.)

  1. In kiosks that are part of a shared environment

  2. When the users do not have admin rights to install a new VPN client

  3. When full tunneling is needed to support applications that use TCP, UDP, and ICMP

  4. To create VPN site-to-site tunnels in combination with remote access

Correct Answer: AB

Question No.22

Which protocol does DTLS use for its transport?

  1. TCP

  2. UDP

  3. IMAP

  4. DDE

Correct Answer: B

Question No.23

Which encryption and authentication algorithms does Cisco recommend when deploying a Cisco NGE supported VPN solution?

  1. AES-GCM and SHA-2

  2. 3DES and DH

  3. AES-CBC and SHA-1

  4. 3DES and SHA-1

Correct Answer: A

Question No.24

What are three benefits of deploying a GET VPN? (Choose three.)

  1. It provides highly scalable point-to-point topologies.

  2. It allows replication of packets after encryption.

  3. It is suited for enterprises running over a DMVPN network.

  4. It preserves original source and destination IP address information.

  5. It simplifies encryption management through use of group keying.

  6. It supports non-IP protocols.

Correct Answer: BDE

Question No.25

Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?


  1. PSK

  2. Phase 1 policy

  3. transform set

  4. crypto access list

Correct Answer: A

Question No.26

A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing traffic to be blackholed. Which command should be used to identify the peer from which that route originated?

  1. show crypto ikev2 sa detail

  2. show crypto route

  3. show crypto ikev2 client flexvpn

  4. show ip route eigrp

  5. show crypto isakmp sa detail

Correct Answer: B

Question No.27

Refer to the exhibit. A new NOC engineer, while viewing a real-time log from an SSL VPN tunnel, has a question about a line in the log. The IP address is attached to which interface in the network?


  1. the Cisco ASA physical interface

  2. the physical interface of the end user

  3. the Cisco ASA SSL VPN tunnel interface

  4. the SSL VPN tunnel interface of the end user

Correct Answer: B

Question No.28

A user with IP address is unable to access a HTTP website at IP address through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)

  1. Capture user traffic using command capture capin interface inside match ip host any

  2. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 1234 80

  3. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include

  4. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include

  5. Use packet tracer command packet-tracer input inside udp 1234192.168.1.3 161 to see what the firewall is doing with the user#39;s traffic

Correct Answer: AB

Question No.29

Which benefit of FlexVPN is not offered by DMVPN using IKEv1?

  1. Dynamic routing protocols can be configured.

  2. IKE implementation can install routes in routing table.

  3. GRE encapsulation allows for forwarding of non-IP traffic.

  4. NHRP authentication provides enhanced security.

Correct Answer: B

Question No.30

Which command is used to determine how many GMs have registered in a GETVPN environment?

  1. show crypto isakmp sa

  2. show crypto gdoi ks members

  3. show crypto gdoi gm

  4. show crypto ipsec sa

  5. show crypto isakmp sa count

Correct Answer: B

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF