[PDF&VCE] 100% New Updated 300-209 New Questions Lead2pass Helps Pass 300-209 Successfully (141-160)

19 Oct

2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

How to 100% pass 300-209 exam? Lead2pass provides the guaranteed 300-209 exam dumps to boost up your confidence in 300-209 exam. Successful candidates have provided their reviews about our 300-209 dumps. Now Lead2pass supplying the new version of 300-209 VCE and PDF dumps. We ensure our 300-209 exam questions are the most complete and authoritative compared with others’, which will ensure your 300-209 exam pass.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html

QUESTION 141
Which technology is FlexVPN based on?

A.    OER
B.    VRF
C.    IKEv2
D.    an RSA nonce

Answer: C

QUESTION 142
Which application does the Application Access feature of Clientless VPN support?

A.    TFTP
B.    VoIP
C.    Telnet
D.    active FTP

Answer: C

QUESTION 143
Where do you configure AnyConnect certificate-based authentication in ASDM?

A.    group policies
B.    AnyConnect Connection Profile
C.    AnyConnect Client Profile
D.    Advanced Network (Client) Access

Answer: B

QUESTION 144
Which protocols does the Cisco AnyConnect client use to build multiple connections to the security appliance?

A.    TLS and DTLS
B.    IKEv1
C.    L2TP over IPsec
D.    SSH over TCP

Answer: A

QUESTION 145
Which is used by GETVPN, FlexVPN and DMVPN?

A.    NHRP
B.    MPLS
C.    GRE
D.    ESP

Answer: D

QUESTION 146
Refer to the exhibit. Which VPN solution does this configuration represent?
1461

A.    DMVPN
B.    GETVPN
C.    FlexVPN
D.    site-to-site

Answer: C

QUESTION 147
Which VPN solution is best for a collection of branch offices connected by MPLS that frequenty make VoIP calls between branches?

A.    GETVPN
B.    Cisco AnyConnect
C.    site-to-site
D.    DMVPN

Answer: A

QUESTION 148
Refer to the exhibit. You have implemented an SSL VPN as shown.
Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?
1481

A.    HTTP proxy
B.    AAA
C.    policy
D.    port forwarding

Answer: B

QUESTION 149
Which technology can provide high availability for an SSL VPN?

A.    DMVPN
B.    a multiple-tunnel configuration
C.    a Cisco ASA pair in active/passive failover configuration
D.    certificate to tunnel group maps

Answer: C

QUESTION 150
Refer to the exhibit. Which VPN solution does this configuration represent?
1501

A.    Cisco AnyConnect
B.    IPsec
C.    L2TP
D.    SSL VPN

Answer: B

QUESTION 151
Which technology must be installed on the client computer to enable users to launch applications from a Clientless SSL VPN?

A.    Java
B.    QuickTime plug-in
C.    Silverlight
D.    Flash

Answer: A

QUESTION 152
In the Diffie-Hellman protocol, which type of key is the shared secret?

A.    a symmetric key
B.    an asymmetric key
C.    a decryption key
D.    an encryption key

Answer: A

QUESTION 153
Refer to the exhibit. Which exchange does this debug output represent?
1531

A.    IKE Phase 1
B.    IKE Phase 2
C.    symmetric key exchange
D.    certificate exchange

Answer: A

QUESTION 154
Which two technologies are considered to be Suite B cryptography? (Choose two.)

A.    MD5
B.    SHA2
C.    Elliptical Curve Diffie-Hellman
D.    3DES
E.    DES

Answer: BC

QUESTION 155
Which protocol does DTLS use for its transport?

A.    TCP
B.    UDP
C.    IMAP
D.    DDE

Answer: B

QUESTION 156
Scenario:
You are the network security manager for your organization.
Your manager has received a request to allow an external user to access to your HQ and DM2 servers.
You are given the following connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise.
Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually.
• Enable Clientless SSL VPN on the outside interface
• Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.public
• a. You may notice a certificate error in the status bar, this can be ignored for this exercise
• b. Username: vpnuser
• c. Password: cisco123
• d. Logout of the portal once you have verified connectivity
• Configure two bookmarks with the following parameters:
• a. Bookmark List Name: MY-BOOKMARKS
• b. Use the: URL with GET or POST method
• c. Bookmark Title: HQ-Server
• i. http://10.10.3.20
• d. Bookmark Title: DMZ-Server-FTP
• i. ftp://172.16.1.50
• e. Assign the configured Bookmarks to:
• i. DfltGrpPolicy
• ii. DfltAccessPolicy
• iii. LOCAL User: vpnuser
• From the Guest PC, reconnect to the SSL VPN Portal
• Test both configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity.
Topology:
1561

1562
1563
Answer:
First, enable clientless VPN access on the outside interface by checking the box found below:
1564
Then, log in to the given URL using the vpnuser/cisco123 credentials:
1565
Logging in will take you to this page, which means you have now verified basic connectivity:
1566
Now log out by hitting the logout button.
Now, go back to the ASDM and navigate to the Bookmarks portion:
1567
Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the instructions:
1568
Ensure the “URL with GET of POST method” button is selected and hit OK:
1569
Add the two bookmarks as given in the instructions:
15610
15611
15612
Hit OK and you will see this:
15613

Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button. 
Then, click on the appropriate check boxes as specified in the instructions and hit OK.
15614
After hitting OK, you will now see this:
15615
Then, go back to the Guest-PC, log back in and you should be able to test out the two new bookmarks.

QUESTION 157
Scenario:
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:
1571
1572
1573
What is being used as the authentication method on the branch ISR?

A.    Certifcates
B.    Pre-shared keys
C.    RSA public keys
D.    Diffie-Hellman Group 2

Answer: B
Explanation:
The show crypto isakmp key command shows the preshared key of “cisco”

QUESTION 158
Scenario:
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:
1581
1582
1583
Which transform set is being used on the branch ISR?

A.    Default
B.    ESP-3DES ESP-SHA-HMAC
C.    ESP-AES-256-MD5-TRANS mode transport
D.    TSET

Answer: B
Explanation:
This can be seen from the “show crypto ipsec sa” command as shown below:

QUESTION 159
Scenario:
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco
ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:
1591
1592
1593
In what state is the IKE security association in on the Cisco ASA?

A.    There are no security associations in place
B.    MM_ACTIVE
C.    ACTIVE(ACTIVE)
D.    QM_IDLE

Answer: B
Explanation:
This can be seen from the “show crypto isa sa” command:

QUESTION 160
Scenario:
You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office.
You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR. verify the IPsec configuration is properly configured between the two sites.
NOTE: the show running-config command cannot be used for the this exercise.
Topology:
1601
1602
1603
Which crypto map tag is being used on the Cisco ASA?

A.    outside_cryptomap
B.    VPN-to-ASA
C.    L2L_Tunnel
D.    outside_map1

Answer: D
Explanation:
This is seen from the “show crypto ipsec sa” command on the ASA.

All the 300-209 braindumps are updated. Get a complete hold of 300-209 PDF dumps and 300-209 practice test with free VCE player through Lead2pass and boost up your skills.

300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00

2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass:

http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]