300-209 Latest Exam (Aug 2018)

[Free] 2018(Aug) Ensurepass Cisco 300-209 Dumps with VCE and PDF 41-50

August 2, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 41

You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?

  1. show ip nhrp nhs detail

  2. show ip nhrp tunnel

  3. show ip nhrp incomplete

  4. show ip nhrp incomplete tunnel tunnel_interface_number

Answer: A

Question No: 42

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

  1. PSK

  2. Phase 1 policy

  3. transform set

  4. crypto access list

Answer: A

Question No: 43

Which feature is available in IKEv1 but not IKEv2?

  1. Layer 3 roaming

  2. aggressive mode

  3. EAP variants

  4. sequencing

Answer: B

Question No: 44

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have quot;adminquot; privileges to their PCs.

What is the correct way to configure the SSL VPN tunnel to allow this application to run?

  1. Configure a smart tunnel for the application.

  2. Configure a quot;finance toolquot; VNC bookmark on the employee clientless SSL VPN portal.

  3. Configure the plug-in that best fits the application.

  4. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

Answer: A Explanation:


A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser based) SSL VPN session with the security appliance as the pathway, and the security appliance as a proxy server. You can identify applications to which you want to grant smart tunnel access, and specify the local path to each application. For applications running on Microsoft Windows, you can also require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.

Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want to grant smart tunnel access.

Configuring smart tunnels requires one of the following procedures, depending on whether the application is a client or is a web-enabled application:

鈥reate one or more smart tunnel lists of the client applications, then assign the list to the group policies or local user policies for whom you want to provide smart tunnel access.

鈥reate one or more bookmark list entries that specify the URLs of the web-enabled applications eligible for smart tunnel access, then assign the list to the DAPs, group policies, or local user policies for whom you want to provide smart tunnel access.

You can also list web-enabled applications for which to automate the submission of login credentials in smart tunnel connections over clientless SSL VPN sessions.

Why Smart Tunnels?

Smart tunnel access lets a client TCP-based application use a browser-based VPN connection to connect to a service. It offers the following advantages to users, compared to

plug-ins and the legacy technology, port forwarding:

鈥mart tunnel offers better performance than plug-ins.

鈥nlike port forwarding, smart tunnel simplifies the user experience by not requiring the user connection of the local application to the local port.

鈥nlike port forwarding, smart tunnel does not require users to have administrator privileges.

The advantage of a plug-in is that it does not require the client application to be installed on the remote computer.

Smart Tunnel Requirements, Restrictions, and Limitations

The following sections categorize the smart tunnel requirements and limitations. General Requirements and Limitations

Smart tunnel has the following general requirements and limitations:

鈥he remote host originating the smart tunnel must be running a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.

鈥mart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.

鈥he browser must be enabled with Java, Microsoft ActiveX, or both.

鈥mart tunnel supports only proxies placed between computers running Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user#39;s location provides web access. However, only VPN users can configure proxies placed in front of the ASA.

When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.

鈥hen smart tunnel starts, the security appliance by default passes all browser traffic through the VPN session if the browser process is the same. The security appliance also does this if a tunnel-all policy applies. If the user starts another instance of the browser process, it passes all traffic through the VPN session. If the browser process is the same and the security appliance does not provide access to a URL, the user cannot open it. As a workaround, assign a tunnel policy that is not tunnel-all.

鈥 stateful failover does not retain smart tunnel connections. Users must reconnect

following a failover.

Question No: 45

As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity.

Which technology should you use?

  1. IPsec DVTI

  2. FlexVPN

  3. DMVPN

  4. IPsec SVTI

  5. GET VPN

Answer: E

Question No: 46

What command in cli you have to use to capture IKEv1 phase 1

  1. capture match ip q port 500 eq port 500

  2. capture match gre q port 500 eq port 500

  3. apture match ah q port 500 eq port 500

  4. capture match udp eq port 153 eq port 153

  5. capture match udp eq port 500 eq port 500

Answer: E

Question No: 47

A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing traffic to be blackholed. Which command should be used to identify the peer from which that route originated?

  1. show crypto ikev2 sa detail

  2. show crypto route

  3. show crypto ikev2 client flexvpn

  4. show ip route eigrp

  5. show crypto isakmp sa detail

Answer: B

Question No: 48

Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.)

A. aes-cbc-192, sha256, 14

  1. 3des, md5, 5

  2. 3des, sha1, 1

  3. aes-cbc-128, sha, 5

Answer: B,D

Question No: 49

What are three benefits of deploying a GET VPN? (Choose three.)

  1. It provides highly scalable point-to-point topologies.

  2. It allows replication of packets after encryption.

  3. It is suited for enterprises running over a DMVPN network.

  4. It preserves original source and destination IP address information.

  5. It simplifies encryption management through use of group keying.

  6. It supports non-IP protocols.

Answer: B,D,E

Question No: 50

In the Diffie-Hellman protocol, which type of key is the shared secret?

  1. a symmetric key

  2. an asymmetric key

  3. a decryption key

  4. an encryption key

Answer: A

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No