This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Thu Nov 21 19:08:02 2024 / +0000 GMT ___________________________________________________ Title: [Sep-2019]Exam Pass 100%!Braindump2go 300-209 Dumps PDF 355Q Instant Download(New Questions) --------------------------------------------------- Sep/2019 Braindump2go 300-209 Exam Dumps with PDF and VCE New Updated Today! Following are some new 300-209 Exam Questions:Latest Braindump2go 300-209 Exam Dumps (PDF & VCE) Instant Download:https://www.braindump2go.com/300-209.html2.|2019 Latest Braindump2go 300-209 Exam Questions & Answers Instant Download:https://drive.google.com/drive/folders/0B75b5xYLjSSNRkY3M21SbTdTNDg?usp=sharingNew QuestionsWhich type of NHRP packet is unique to Phase 3 DMVPN topologies?A. resolution requestB. resolution replyC. traffic indicationD. registration requestE. registration replyF. error indicationAnswer: CNew QuestionsWhich three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)A. HTTPB. VNCC. CIFSD. RDPE. HTTPSF. ICA (Citrix)Answer: ACENew QuestionsWhich three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)A. NHRP network IDB. GRE tunnel keyC. NHRP authentication stringD. tunnel VRFE. EIGRP process nameF. EIGRP split-horizon settingAnswer: ABCNew QuestionsRefer to the exhibit. Which two characteristics of the VPN implementation are evident? (Choose two.) A. dual DMVPN cloud setup with dual hubB. DMVPN Phase 3 implementationC. single DMVPN cloud setup with dual hubD. DMVPN Phase 1 implementationE. quad DMVPN cloud with quadra hubF. DMVPN Phase 2 implementationAnswer: BCNew QuestionsRefer to the exhibit. The customer needs to launch AnyConnect in the RDP machine. Which configuration is correct?A. crypto vpn anyconnect profile test flash:RDP.xml policy group defaultsvc profile testB. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1browser-attribute import flash:/swj.xmlC. crypto vpn anyconnect profile test flash:RDP.xml policy group defaultsvc profile flash:RDP.xmlD. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1browser-attribute import testAnswer: ANew QuestionsWhich two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.Answer: CDNew QuestionsA network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)A. increased hash sizeB. DOS protectionC. Preshared keys are used for authentication.D. RSA-Sig used for authenticationE. native NAT traversalF. asymmetric authenticationAnswer: BEFNew QuestionsA network engineer is troubleshooting a site VPN tunnel configured on a Cisco ASA and wants to validate that the tunnel is sending and receiving traffic. Which command accomplishes this task?A. show crypto ikev1 sa peerB. show crypto ikev2 sa peerC. show crypto ipsec sa peerD. show crypto isakmp sa peerAnswer: CNew QuestionsWhen troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?A. address assignmentB. DHCP configurationC. tunnel group attributesD. host file misconfigurationAnswer: DNew QuestionsWhich two commands are include in the command show dmvpn detail? (Choose two.)A. Show ip nhrpB. Show ip nhrp nhsC. Show crypto ipsec sa detailD. Show crypto session detailE. Show crypto socketsAnswer: BDNew QuestionsAn engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?A. Change DMVPN timeout values.B. Adjust the MTU size within the routers.C. Replace certificate on the RDP server.D. Add RDP port to the extended ACL.Answer: BExplanation:Answers A and C do not make sense.Answer D is valid only for split tunneling…if we want to pass the RDP traffic off tunnel. The ACL configured to establish the DMVPN tunnel only need udp 500/4500 and esp (50).Answer B should be correct because voice traffic (UDP) and ping use smaller MTU size and will not be fragmented…and thus will work. RDP uses TCP / 3389 and isn't fault tolerant.New QuestionsWhich feature is a benefit of Dynamic Multipoint VPN?A. geographic filtering of spoke devicesB. translation PATC. rotating wildcard preshared keysD. dynamic spoke-to spoke tunnel establishmentAnswer: DNew QuestionsAn engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco ISO router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a browser to gain access." Which action does the engineer take to eliminate this issue?A. Reset user login credentials.B. Disable the HTTP server.C. Correct the URL address.D. Connect using HTTPS.Answer: BNew QuestionsRefer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only. Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?A. no inverse arpB. neighbor (ip address)C. no ip split-horizon egrp 1D. redistribute staticAnswer: CNew QuestionsWhich algorithm provides both encryption and authentication for plane communication?A. RC4B. SHA-384C. AES-256D. SHA-96E. 3DESF. AES-GCMAnswer: FNew QuestionsRefer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing? A. same-security-traffic permit inter-interfaceB. same-security-traffic permit intra-interfaceC. dns-server value 10.1.1.3D. split-tunnel-network listAnswer: BNew QuestionsWhich statement regarding GET VPN is true?A. When you implement GET VPN with VRFs, all VHFs must be defined in the GDOI group configuration on the key server.B. T ne pseudotime that is used for replay checking is synchronized via NTP.C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.D. TEK rekesys can be load-balanced between two key servers operating in COOP.E. The configuration that defines which traffic to encrypt is present only on the key server.Answer: ENew QuestionsWhich two statements comparing ECC and RSA are true? (Choose two.)A. Key generation in FCC is slower and more CPU intensive than RSA.B. ECC can have the same security as RSA but with a shorter key sizeC. Key generation in ECC is faster and less CPU intensive than RSA.D. ECC cannot have the same security as RSA. even with an increased key size.E. ECC lags m performance when compared with RSA.Answer: BCNew QuestionsWhich three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)A. SAMLB. HTTP POSTC. HTTP BasicD. NTLME. KerberosF. OAuth 2.0Answer: BCDNew QuestionsWhich two statements about the Cisco ASA Clientless SSL VPN smart tunnels feature are true? (Choose two.)A. Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses.B. Smart tunnels require Administrative privileges to run on the client machine.C. A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.D. Smart tunnels offer better performance than the client-server plugins.E. Smart tunnels are supported on Windows, Mac, and Linux.Answer: CDNew QuestionsAs network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity.Which technology should you use?A. IPsec DVTIB. FlexVPNC. DMVPND. IPsec SVTIE. GET VPNAnswer: ENew QuestionsWhich three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)A. transform setB. ISAKMP policyC. ACL that defines traffic to encryptD. dynamic routing protocolE. tunnel interfaceF. IPsec profileG. PSK or PKI trustpoint with certificateAnswer: ABGNew QuestionsWhich statement regarding hashing is correct?A. MD5 produces a 64-bit message digest.B. SHA-1 produces a 160-bit message digest.C. MD5 takes more CPU cycles to compute than SHA-1.D. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.Answer: BNew QuestionsRefer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel? A. PSKB. Phase 1 policyC. transform setD. crypto access listAnswer: ANew QuestionsWhich three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)A. Enable EIGRP next-hop-self on the hub.B. Disable EIGRP next-hop-self on the hub.C. Enable EIGRP split-horizon on the hub.D. Add NHRP redirects on the hub.E. Add NHRP shortcuts on the spoke.F. Add NHRP shortcuts on the hub.Answer: BDENew QuestionsWhich algorithm provides both encryption and authentication for data plane communication?A. SHA-96B. SHA-384C. 3DESD. AES-256E. AES-GCMF. RC4Answer: ENew QuestionsWhich three configurations are prerequisites for stateful failover for IPsec? (Choose three.)A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.G. The IKE configuration that is set up on the active device must be duplicated on the standby device.Answer: CEGNew QuestionsWhich two statements comparing ECC and RSA are true? (Choose two.)A. ECC can have the same security as RSA but with a shorter key size.B. ECC lags in performance when compared with RSA.C. Key generation in ECC is slower and less CPU intensive than RSA..D. ECC cannot have the same security as RSA, even with an increased key size.E. Key generation in ECC is faster and less CPU intensive.Answer: AENew QuestionsWhich two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)A. one IPsec SA for all encrypted trafficB. no requirement for an overlay routing protocolC. design for use over public or private WAND. sequence numbers that enable scalable replay checkingE. enabled use of ESP or AHF. preservation of IP protocol in outer headerAnswer: AB !!!RECOMMEND!!!Latest Braindump2go 300-209 Exam Dumps (PDF & VCE) Instant Download:https://www.braindump2go.com/300-209.html2.|2019 Latest Braindump2go 300-209 Study Guide Video Instant Download: YouTube Video: YouTube.com/watch?v=T0vj6TzVZTM --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2019-09-06 02:06:47 Post date GMT: 2019-09-06 02:06:47 Post modified date: 2019-09-06 02:06:47 Post modified date GMT: 2019-09-06 02:06:47 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com