[Lead2pass New] Free Lead2pass Cisco 300-209 PDF Dumps With New Update Exam Questions (221-240)

2017 November Cisco Official New Released 300-209 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass has updated the latest version of Cisco 300-209 exam, which is a hot exam of Cisco certification. It is Lead2pass Cisco 300-209 exam dumps that give you confidence to pass this certification exam in first attempt and with maximized score.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-209.html

QUESTION 221
Which type of NHRP packet is unique to Phase 3 DMVPN topologies?

A.    resolution request
B.    resolution reply
C.    traffic indication
D.    registration request
E.    registration reply
F.    error indication

Answer: C

QUESTION 222
Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)

A.    HTTP
B.    VNC
C.    CIFS
D.    RDP
E.    HTTPS
F.    ICA (Citrix)

Answer: ACE

QUESTION 223
Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

A.    NHRP network ID
B.    GRE tunnel key
C.    NHRP authentication string
D.    tunnel VRF
E.    EIGRP process name
F.    EIGRP split-horizon setting

Answer: ABC

QUESTION 224
Refer to the exhibit. Which two characteristics of the VPN implementation are evident? (Choose two.)

 
A.    dual DMVPN cloud setup with dual hub
B.    DMVPN Phase 3 implementation
C.    single DMVPN cloud setup with dual hub
D.    DMVPN Phase 1 implementation
E.    quad DMVPN cloud with quadra hub
F.    DMVPN Phase 2 implementation

Answer: BC

QUESTION 225
Refer to the exhibit. The customer needs to launch AnyConnect in the RDP machine.
Which configuration is correct?

 

A.    crypto vpn anyconnect profile test flash:RDP.xml policy group default
svc profile test
B.    crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1
browser-attribute import flash:/swj.xml
C.    crypto vpn anyconnect profile test flash:RDP.xml policy group default
svc profile flash:RDP.xml
D.    crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1
browser-attribute import test

Answer: A

QUESTION 226
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

A.    When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
B.    The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
C.    A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
D.    Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.
E.    Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Answer: CD

QUESTION 227
Which protocol can be used for better throughput performance when using Cisco AnyConnect VPN?

A.    TLSv1
B.    TLSv1.1
C.    TLSv1.2
D.    DTLSv1

Answer: D

QUESTION 228
Which configuration construct must be used in a FlexVPN tunnel?

A.    multipoint GRE tunnel interface
B.    IKEv1 policy
C.    IKEv2 profile
D.    EAP configuration

Answer: C

QUESTION 229
Which benefit of FlexVPN is not offered by DMVPN using IKEv1?

A.    Dynamic routing protocols can be configured.
B.    IKE implementation can install routes in routing table.
C.    GRE encapsulation allows for forwarding of non-IP traffic.
D.    NHRP authentication provides enhanced security.

Answer: B

QUESTION 230
Refer to the exhibit. The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue?
 

A.    IKEv2 is blocked over the path.
B.    UserGroup must be different than the name of the connection profile.
C.    The primary protocol should be SSL.
D.    UserGroup must be the same as the name of the connection profile.

Answer: D

QUESTION 231
Which command identifies an AnyConnect profile that was uploaded to the router flash?

A.    crypto vpn anyconnect profile SSL_profile flash:simos-profile.xml
B.    svc import profile SSL_profile flash:simos-profile.xml
C.    anyconnect profile SSL_profile flash:simos-profile.xml
D.    webvpn import profile SSL_profile flash:simos-profile.xml

Answer: A

QUESTION 232
Which alogrithm is an example of asymmetric encryption?

A.    RC4
B.    AES
C.    ECDSA
D.    3DES

Answer: C

QUESTION 233
Which three configuration parameters are mandatory for an IKEv2 profile? (Choose three.)

A.    IKEv2 proposal
B.    local authentication method
C.    match identity or certificate
D.    IKEv2 policy
E.    PKI certificate authority
F.    remote authentication method
G.    IKEv2 profile description
H.    virtual template

Answer: BCF

QUESTION 234
Refer to the exhibit. Which technology does this configuration demonstrate?

 

A.    AnyConnect SSL over IPv4+IPv6
B.    AnyConnect FlexVPN over IPv4+IPv6
C.    AnyConnect FlexVPN IPv6 over IPv4
D.    AnyConnect SSL IPv6 over IPv4

Answer: B
Explanation:
FlexVPN use IPSec/IKEv2, SSL use TLS
“vpn-tunnel-protocol ikev2 ssl-client’ is part of FlexVPN configuration …the configuration for SSL would be “vpn-tunnel-protocol ssl-client”
http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/115735-acssl-ip-config-00.html

QUESTION 235
Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

A.    group-alias
B.    certificate map
C.    use gateway command
D.    group-url
E.    AnyConnect client version

Answer: BD

QUESTION 236
Refer to the exhibit. The IKEv2 site-to-site VPN tunnel between two routers is down.
Based on the debug output, which type of mismatch might be the problem?

 

A.    PSK
B.    crypto policy
C.    peer identity
D.    transform set

Answer: C

QUESTION 237
Which equation describes an elliptic curve?

A.    y3 = x3 + ax + b
B.    x3 = y2 + ab + x
C.    y4 = x2 + ax + b
D.    y2 = x3 + ax + b
E.    y2 = x2 + ax + b2

Answer: D

QUESTION 238

 

 

 

 

An engineer wants to ensure that employees cannot access corporate resources on untrusted networks, but does not want a new VPN session to be established each time they leave the trusted network. Which Cisco AnyConnect Trusted Network Policy option allows this ability?

A.    Pause
B.    Connect
C.    Do Nothing
D.    Disconnect

Answer: A

QUESTION 239
Refer to the exhibit. In this tunnel mode GRE multipoint example, which command on the hub router distinguishes one spoken form the other?

 

A.    no ip route
B.    ip nhrp map
C.    ip frame-relay
D.    tunnel mode gre multipoint

Answer: B

QUESTION 240
A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)

A.    increased hash size
B.    DOS protection
C.    Preshared keys are used for authentication.
D.    RSA-Sig used for authentication
E.    native NAT traversal
F.    asymmetric authentication

Answer: BEF

Lead2pass offers you all the 300-209 exam questions which are the same as your real test with 100% correct and coverage rate. We provide the latest full version of 300-209 PDF and VCE dumps to ensure your 300-209 exam 100% pass.

More 300-209 new questions (with images) on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYnF5Vk16OS1tc1E

2017 Cisco 300-209 exam dumps (All 319 Q&As) from Lead2pass:

https://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]