[Free] 2018(July) Ensurepass Cisco 300-209 Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2018 July Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 11

Scenario:

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for this exercise.

Topology:

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

In what state is the IKE security association in on the Cisco ASA?

  1. There are no security associations in place

  2. MM_ACTIVE

  3. ACTIVE(ACTIVE)

  4. QM_IDLE

Answer: B Explanation:

This can be seen from the 鈥渟how crypto isa sa鈥?command:

Ensurepass 2018 PDF and VCE

Question No: 12

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

In the CLI snippet that is shown, what is the function of the deny option in the access list?

  1. When set in conjunction with outbound connection-type bidirectional, its function is to prevent the specified traffic from being protected by the crypto map entry.

  2. When set in conjunction with connection-type originate-only, its function is to instruct the Cisco ASA to deny specific inbound traffic if it is not encrypted.

  3. When set in conjunction with outbound connection-type answer-only, its function is to instruct the Cisco ASA to deny specific outbound traffic if it is not encrypted.

  4. When set in conjunction with connection-type originate-only, its function is to cause all IP traffic that matches the specified conditions to be protected by the crypto map.

Answer: A

Question No: 13

Scenario:

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites.

NOTE: the show running-config command cannot be used for this exercise.

Topology:

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

What is being used as the authentication method on the branch ISR?

  1. Certifcates

  2. Pre-shared keys

  3. RSA public keys

  4. Diffie-Hellman Group 2

Answer: B Explanation:

The show crypto isakmp key command shows the preshared key of 鈥渃isco鈥?

Ensurepass 2018 PDF and VCE

Question No: 14

Which option is an example of an asymmetric algorithm?

  1. 3DES

  2. IDEA

  3. AES

  4. RSA

Answer: D

Question No: 15

Which statement about the hub in a DMVPN configuration with iBGP is true?

  1. It must be a route reflector client.

  2. It must redistribute EIGRP from the spokes.

  3. It must be in a different AS.

  4. It must be a route reflector.

Answer: D

Question No: 16

A user is experiencing issues connecting to a Cisco AnyConnect VPN and receives this error message:

The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

Which option is the likely cause of this issue?

  1. This Cisco ASA firewall has experienced a failure.

  2. The user is entering an incorrect password.

  3. The user’s operating system is not supported with the ASA’s current configuration.

  4. The user laptop clock is not synchronized with NTP.

Answer: A

Question No: 17

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

What is the purpose of the given configuration?

  1. Establishing a GRE tunnel.

  2. Enabling IPSec to decrypt fragmented packets.

  3. Resolving access issues caused by large packet sizes.

  4. Adding the spoke to the routing table.

Answer: C

Question No: 18

Which three settings are required for crypto map configuration? (Choose three.)

  1. match address

  2. set peer

  3. set transform-set

  4. set security-association lifetime

  5. set security-association level per-host

  6. set pfs

Answer: A,B,C

Question No: 19

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?

  1. HTTP proxy

  2. AAA

  3. policy

  4. port forwarding

Answer: B

Question No: 20

Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)

  1. transform set

  2. ISAKMP policy

  3. ACL that defines traffic to encrypt

  4. dynamic routing protocol

  5. tunnel interface

  6. IPsec profile

  7. PSK or PKI trustpoint with certificate

Answer: A,B,G

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.