[Free] 2018(July) Ensurepass Cisco 300-209 Dumps with VCE and PDF 71-80

Ensurepass.com : Ensure you pass the IT Exams
2018 July Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 71

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

Which authentication method was used by the remote peer to prove its identity?

  1. Extensible Authentication Protocol

  2. certificate authentication

  3. pre-shared key

  4. XAUTH

Answer: C

Question No: 72

An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

  1. Via the svc trusted-network command under the group-policy sub-configuration mode on

    the ASA

  2. Under the quot;Automatic VPN Policyquot; section inside the Anyconnect Profile Editor within ASDM

  3. Under the TNDPolicy XML section within the Local Preferences file on the client computer

  4. Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Answer: B

Question No: 73

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)

  1. authenticates group members

  2. manages security policy

  3. creates group keys

  4. distributes policy/keys

  5. encrypts endpoint traffic

  6. receives policy/keys

  7. defines group members

Answer: A,B,C,D

Question No: 74

Which transform set is contained in the IKEv2 default proposal?

  1. aes-cbc-192, sha256, group 14

  2. 3des, md5, group 7

  3. 3des, sha1, group 1

  4. aes-cbc-128, sha, group 5

Answer: D

Question No: 75

Which statement regarding hashing is correct?

  1. MD5 produces a 64-bit message digest.

  2. SHA-1 produces a 160-bit message digest.

  3. MD5 takes more CPU cycles to compute than SHA-1.

  4. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.

Answer: B

Question No: 76

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

An engineer wants to ensure that employees cannot access corporate resources on untrusted networks, but does not want a new VPN session to be established each time they leave the trusted network. Which Cisco AnyConnect Trusted Network Policy option allows this ability?

  1. Pause

  2. Connect

  3. Do Nothing

  4. Disconnect

Answer: A

Question No: 77

A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are the network engineer who is responsible for the network access of the temporary user.

What should you do to restrict SSH access to the one projects.xyz.com server?

  1. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.

  2. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.

  3. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.

  4. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

Answer: C Explanation: Web ACLs

The Web ACLs table displays the filters configured on the security appliance applicable to Clientless SSL VPN traffic. The table shows the name of each access control list (ACL), and below and indented to the right of the ACL name, the access control entries (ACEs) assigned to the ACL. Each ACL permits or denies access permits or denies access to specific networks, subnets, hosts, and web servers. Each ACE specifies one rule that serves the function of the ACL. You can configure ACLs to apply to Clientless SSL VPN traffic. The following rules apply: 鈥?If you do not configure any filters, all connections are permitted. 鈥?The security appliance supports only an inbound ACL on an interface. 鈥?At the end of each ACL, an implicit, unwritten rule denies all traffic that is not explicitly permitted. You can use the following wildcard characters to define more than one wildcard in the Webtype access list entry: 鈥?Enter an asterisk 鈥?鈥?to match no characters or any number of characters. 鈥?Enter a question mark 鈥?鈥?to match any one character exactly. 鈥?Enter square brackets 鈥淸]鈥?to create a range operator that matches any one character in a range. The following examples show how to use wildcards in Webtype access lists. 鈥?The following example matches URLs such as http://www.cisco.com/ and http://wwz.caco.com/: access- list test webtype permit url http://ww?.c*co*/

Question No: 78

A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic?

  1. AES-128

  2. RSA Certificates

  3. SHA2-HMAC

  4. 3DES

  5. Diffie-Helman Key Generation

Answer: C

Question No: 79

When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?

  1. address assignment

  2. DHCP configuration

  3. tunnel group attributes

  4. host file misconfiguration

Answer: D

Question No: 80

If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?

  1. Determine whether the Cisco ASA can resolve the DNS names.

  2. Determine whether the Cisco ASA has DNS forwarders set up.

  3. Determine whether an ACL is present to permit DNS forwarding.

  4. Replace the DNS name with an IP address.

Answer: A

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
300-209 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.