Pass Azure, MCSE, MCSA, MCSD, A+, Network+, Security+, CCIE, CCNA, CCNP Exams with Free Practice Questions and Answers

300-209 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 141-150

August 2, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 141

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

  1. group-alias

  2. certificate map

  3. use gateway command

  4. group-url

  5. AnyConnect client version

Answer: B,D

Question No: 142

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

  1. enrollment profile

  2. enrollment terminal

  3. enrollment url

  4. enrollment selfsigned

Answer: A

Question No: 143

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?

  1. dynamic access policy attributes

  2. group policy attributes

  3. connection profile attributes

  4. user attributes

Answer: A

Question No: 144

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel.

From the information that is shown, where should the engineer navigate to find the prelogin session attributes?

  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. quot;engineer1quot; AAA/Local Users

  4. DfltGrpPolicy Group Policy

Answer: B Explanation:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administrat ion/guide/ac05hostscanposture.html#wp1039696

Question No: 145

Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.)

  1. The VPN server must have a self-signed certificate.

  2. A SSL group pre-shared key must be configured on the server.

  3. Server side certificate is optional if using AAA for client authentication.

  4. The VPN IP address pool can overlap with the rest of the LAN networks.

  5. DTLS can be enabled for better performance.

Answer: D,E

Question No: 146

Which option is one component of a Public Key Infrastructure?

  1. the Registration Authority

  2. Active Directory

  3. RADIUS

  4. TACACS

Answer: A

Question No: 147

Which cryptographic algorithms are a part of the Cisco NGE suite?

  1. HIPPA DES

  2. AES-CBC-128

C. RC4-128

D. AES-GCM-256

Answer: D

Reference: https://www.cisco.com/web/learning/le21/le39/docs/tdw166_prezo.pdf

Question No: 148

Scenario:

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for this exercise.

Topology:

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Which transform set is being used on the branch ISR?

  1. Default

  2. ESP-3DES ESP-SHA-HMAC

  3. ESP-AES-256-MD5-TRANS mode transport

  4. TSET

Answer: B Explanation:

This can be seen from the 鈥渟how crypto ipsec sa鈥?command as shown below:

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Question No: 149

Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?

  1. stronger encryption methods

  2. Network Address Translation of encrypted traffic

  3. traffic management based on original source and destination addresses

  4. Tunnel Endpoint Discovery

Answer: C

Question No: 150

What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?

  1. ftp://lt;hostnamegt;/capture/lt;capture_namegt;/

  2. https://lt;asdm_enabled _interface:portgt;/lt;capture_namegt;/

  3. https://lt;asdm_enabled_interface:portgt;/admin/capture/lt;capture_namegt;/pcap

  4. https://lt;hostnamegt;/lt;capture_namegt;/pcap

Answer: C

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

braindumps Cisco 300-209 PDF Cisco 300-209 Testing software Cisco 300-209 VCE examcollection Latest Cisco 300-209 Dumps Latest Cisco 300-209 Real Exam New Updated 300-209 Actual Tests pass4sure passguide testinsides testking
Comments Off