Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
Implementing Cisco Secure Mobility Solutions
Question No: 171
When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?
-
ACL
-
IP routing
-
RRI
-
front door VPN routing and forwarding
Answer: B
Question No: 172
When attempting to tunnel FTP traffic through a stateful firewall that might be performing NAT or PAT, which type of VPN tunneling should you use to allow the VPN traffic through the stateful firewall?
-
clientless SSL VPN
-
IPsec over TCP
-
smart tunnel
-
SSL VPN plug-ins
Answer: B Explanation:
IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls
Question No: 173
Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?
A. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0- 192.168.20.255/65535
B. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0- 192.168.22.255/65535
C. Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0- 192.168.33.255/65535
D. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 – 0.0.0.0/65535
E. Local selector 0.0.0.0/0 – 0.0.0.0/65535 Remote selector 192.168.22.0/0 – 192.168.22.255/65535
Answer: B Explanation:
The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).
Question No: 174
If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic?
-
DES
-
3DES
-
AES
-
AES192
-
AES256
Answer: E Explanation:
Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer.
Question No: 175
A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?
-
Configure logging using commands quot;logging onquot;, quot;logging buffered 4quot;, and check for fan failure logs using quot;show loggingquot;
-
Configure logging using commands quot;logging onquot;, quot;logging buffered 6quot;, and check for fan
failure logs using quot;show loggingquot;
-
Configure logging using commands quot;logging onquot;, quot;logging discriminator msglog1 console 7quot;, and check for fan failure logs using quot;show loggingquot;
-
Configure logging using commands quot;logging host 10.11.10.11quot;, quot;logging trap 2quot;, and check for fan failure logs at the syslog server 10.11.10.11
Answer: A
Question No: 176
You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?
-
Configure start before logon in the client profile.
-
Configure a group policy to prompt the user to download the updated module.
-
Define the modules for download in the client profile.
-
Define the modules for download in the group policy.
Answer: A
Question No: 177
What are the three primary components of a GET VPN network? (Choose three.)
-
Group Domain of Interpretation protocol
-
Simple Network Management Protocol
-
server load balancer
-
accounting server
-
group member
-
key server
Answer: A,E,F
Question No: 178
Refer to the exhibit.
The ABC Corporation is changing remote-user authentication from pre-shared keys to certificate-based authentication. For most employee authentication, its group membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers.
As the network engineer, where would you look for the problem?
-
Check the validity of the identity and root certificate on the PC of the finance manager.
-
Change the Management Certificate to Connection Profile Maps gt; Rule Priority to a number that is greater than 10.
-
Check if the Management Certificate to Connection Profile Maps gt; Rules is configured correctly.
-
Check if the Certificate to Connection Profile Maps gt; Policy is set correctly.
Answer: D Explanation:
Cisco ASDM User Guide Version 6.1
Question No: 179
The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
quot;Login Denied, unauthorized connection mechanism, contact your administratorquot; What is the most possible cause of this problem?
-
DAP is terminating the connection because IKEv2 is the protocol that is being used.
-
The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
-
The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
-
The administrator is restricting access to this specific user.
-
The IKEv2 protocol is not enabled in the group policy of the VPN headend.
Answer: E
Question No: 180
Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?
-
DTLS
-
SCTP
-
DCCP
-
SRTP
Answer: A
100% Ensurepass Free Download!
–Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
–300-209 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |