300-209 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 201-210

August 2, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 201

A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)

  1. Client#39;s public IP address

  2. Client#39;s operating system

  3. Client#39;s default gateway IP address

  4. Client#39;s username

  5. ASA#39;s public IP address

Answer: A,D

Question No: 202

Using the Next Generation Encryption technologies, which is the minimum acceptable encryption level to protect sensitive information?

  1. AES 92 bits

  2. AES 128 bits

  3. AES 256 bits

  4. AES 512 bits

Answer: C

Question No: 203

Which option describes the purpose of the command show derived-config interface virtual- access 1?

  1. It verifies that the virtual access interface is cloned correctly with per-user attributes.

  2. It verifies that the virtual template created the tunnel interface.

  3. It verifies that the virtual access interface is of type Ethernet.

  4. It verifies that the virtual access interface is used to create the tunnel interface.

Answer: A

Question No: 204

A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889?

  1. auto applet download

  2. port forwarding

  3. web-type ACL

  4. HTTP proxy

Answer: B

Question No: 205

Remote users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal?

  1. 1. Configure a static pat rule for TCP port 3389

    1. Configure an inbound access-list to allow traffic from remote users to the servers

    2. Assign this access-list rule to the group policy

  2. 1. Configure a bookmark of the type http:// server-IP :3389

    1. Enable Smart tunnel on this bookmark

    2. Assign the bookmark to the desired group policy

  3. 1. Configure a Smart Tunnel application list

    1. Add the rdp.exe process to this list

    2. Assign the Smart Tunnel application list to the desired group policy

  4. 1. Upload an RDP plugin to the ASA

  1. Configure a bookmark of the type rdp:// server-IP

  2. Assign the bookmark list to the desired group policy

    Answer: D

    Question No: 206

    Refer to the exhibit.

    Ensurepass 2018 PDF and VCE

    The quot;level_2quot; digital certificate was installed on a laptop. What can cause an quot;invalid not activequot; status message?

    1. On first use, a CA server-supplied passphrase is entered to validate the certificate.

    2. A quot;newly installedquot; digital certificate does not become active until it is validated by the peer device upon its first usage.

    3. The user has not clicked the Verify button within the Cisco VPN Client.

    4. The CA server and laptop PC clocks are out of sync.

Answer: D Explanation:


Certificates have a date and time that they become valid and that they expire. When the security appliance enrolls with a CA and gets a certificate, the security appliance checks that the current time is within the valid range for the certificate. If it is outside that range, enrollment fails.

Same would apply to communication between ASA and PC

Question No: 207

Which type of NHRP packet is unique to Phase 3 DMVPN topologies?

  1. resolution request

  2. resolution reply

  3. redirect

  4. registration request

  5. registration reply

  6. error indication

Answer: C

Question No: 208

You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest?

1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0 1d00h: ISAKMP (0:1); no offers accepted!

1d00h: ISAKMP (0:1): SA not acceptable!

1d00h: %CRYPTO-6-IKMP_MODE_FAILURE. Processing of Main Mode failed with peer at

  1. Phase 1 policy does not match on both sides.

  2. The transform set does not match on both sides.

  3. ISAKMP is not enabled on the remote peer.

  4. There is a mismatch in the ACL that identifies interesting traffic.

Answer: A

Question No: 209

Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSL VPN session. Which statement is correct concerning the SSL VPN authorization process?

  1. Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server.

  2. Remote clients can be authorized externally by applying group parameters from an

    external database.

  3. Remote client authorization is supported by RADIUS and TACACS protocols.

  4. To configure external authorization, you must configure the Cisco ASA for cut-through proxy.

Answer: B Explanation:


The aaa authentication command is entered to specify an authentication list or server group under a SSL VPN context configuration. If this command is not configured and AAA is configured globally on the router, global authentication will be applied to the context configuration.

The database that is configured for remote-user authentication on the SSL VPN gateway can be a local database, or the database can be accessed through any RADIUS or TACACS AAA server.

We recommend that you use a separate AAA server, such as a Cisco Access Control Server (ACS). A separate AAA server provides a more robust security solution. It allows you to configure unique passwords for each remote user and accounting and logging for remote-user sessions.

Question No: 210

What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN?

  1. disk0:/webvpn/{context name}/

  2. disk1:/webvpn/{context name}/

  3. flash:/webvpn/{context name}/

  4. nvram:/webvpn/{context name}/

Answer: C

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No