300-209 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 151-160

August 2, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 151

Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?

  1. The router must be configured with a dynamic crypto map.

  2. Certificates are always used for phase 1 authentication.

  3. The tunnel establishment will fail if the router is configured as a responder only.

  4. The router and the peer router must have NAT traversal enabled.

Answer: C

Question No: 152

Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

  1. NHRP network ID

  2. GRE tunnel key

  3. NHRP authentication string

  4. tunnel VRF

  5. EIGRP process name

  6. EIGRP split-horizon setting

Answer: A,B,C

Question No: 153

When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use?

  1. Configure the Cisco ASA appliance for split tunneling.

  2. Configure network access exceptions in the SSL VPN customization editor.

  3. Configure the Cisco ASA appliance to disable content rewriting.

  4. Configure the Cisco ASA appliance to enable URL Entry bypass.

  5. Configure smart tunnel to bypass the Cisco ASA appliance proxy function.

Answer: C Explanation:


Content Rewrite

The Content Rewrite pane lists all applications for which content rewrite is enabled or disabled.

Clientless SSL VPN processes application traffic through a content transformation/rewriting engine that includes advanced elements such as JavaScript, VBScript, Java, and multi- byte characters to proxy HTTP traffic which may have different semantics and access control rules depending on whether the user is using an application within or independently of an SSL VPN device.

By default, the security appliance rewrites, or transforms, all clientless traffic. You might not want some applications and web resources (for example, public websites) to go through the security appliance. The security appliance therefore lets you create rewrite rules that let

users browse certain sites and applications without going through the security appliance. This is similar to split-tunneling in an IPSec VPN connection.

You can create multiple rewrite rules. The rule number is important because the security appliance searches rewrite rules by order number, starting with the lowest, and applies the first rule that matches.

Question No: 154

As network consultant, you are asked to suggest a VPN technology that can support a multivendor environment and secure traffic between sites. Which technology should you recommend?

  1. DMVPN

  2. FlexVPN

  3. GET VPN

  4. SSL VPN

Answer: B

Question No: 155

Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?

  1. customization value dart

  2. file-browsing enable

  3. smart-tunnel enable dart

  4. anyconnect module value dart

Answer: D

Question No: 156

Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)

  1. SHA (HMAC variant)

  2. Diffie-Hellman

  3. DES

  4. MD5 (HMAC variant)

Answer: A,B

Question No: 157

A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company#39;s SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company#39;s requirement? (Choose two).

  1. AnyConnect client

  2. Smart Tunnels

  3. Email Proxy

  4. Content Rewriter

  5. Portal Customizations

Answer: A,B

Question No: 158

Ensurepass 2018 PDF and VCE

Refer to the exhibit. VPN load balancing provides a way to distribute remote access, IPsec, and SSL VPN connections across multiple security appliances. Which remote access client

types does the load balancing feature support?

  1. IPsec site-to-site tunnels

  2. L2TP over IPsec

  3. OpenVPN

  4. Cisco AnyConnect Secure Mobility Client

Answer: B

Question No: 159

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly?

  1. The address command on Router2 must be narrowed down to a /32 mask.

  2. The local and remote keys on Router2 must be switched.

  3. The pre-shared key must be altered to use only lowercase letters.

  4. The local and remote keys on Router2 must be the same.

Answer: B

Question No: 160

Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

  1. SAML


  3. HTTP Basic

  4. NTLM

  5. Kerberos

  6. OAuth 2.0

Answer: B,C,D

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No