[PDF&VCE] Latest 300-209 Dumps PDF Free Download In Lead2pass (1-20)
2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Lead2pass provides 100% pass 300-209 exam questions and answers for your Cisco 300-209 exam. We provide Cisco 300-209 exam questions from Lead2pass dumps and answers for the training of 300-209 practice test.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html QUESTION 1 Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) A. priority number B. hash algorithm C. encryption algorithm D. session lifetime E. PRF algorithm Answer: BC QUESTION 2 Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) A. authentication B. encryption C. integrity D. lifetime Answer: BC QUESTION 3 In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require? A. virtual tunnel interface B. multipoint GRE interface C. point-to-point GRE interface D. loopback interface Answer: B QUESTION 4 To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure? A. Cisco IOS WebVPN customization template B. Cisco IOS WebVPN customization general C. web-access-hlp.inc D. app-access-hlp.inc Answer: A QUESTION 5 Which three plugins are available for clientless SSL VPN? (Choose three.) A. CIFS B. RDP2 C. SSH D. VNC E. SQLNET F. ICMP Answer: BCD QUESTION 6 Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration? A. migrate remote-access ssl overwrite B. migrate remote-access ikev2 C. migrate l2l D. migrate remote-access ssl Answer: A QUESTION 7 Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? A. The Cisco AnyConnect Secure Mobility Client must be installed in flash. B. A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway. C. A Cisco plug-in must be installed on a SiteMinder server. D. The Cisco Secure Desktop software package must be installed in flash. Answer: C QUESTION 8 Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.) A. The client initiates a VPN connection upon detection of an untrusted network. B. The client initiates a VPN connection upon detection of a trusted network. C. The always-on feature is enabled. D. The always-on feature is disabled. E. The client does not automatically initiate any VPN connection. Answer: AD QUESTION 9 Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? A. appl ssh putty.exe win B. appl ssh putty.exe windows C. appl ssh putty D. appl ssh putty.exe Answer: B QUESTION 10 Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.) A. IKEv1 B. IKEv2 C. SSL client D. SSL clientless E. ESP F. L2TP Answer: BCD QUESTION 11 A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.) A. Client's public IP address B. Client's operating system C. Client's default gateway IP address D. Client's username E. ASA's public IP address Answer: AD QUESTION 12 Which Cisco ASDM option configures forwarding syslog messages to email? A. Configuration > Device Management > Logging > E-Mail Setup B. Configuration > Device Management > E-Mail Setup > Logging Enable C. Select the syslogs to email, click Edit, and select the Forward Messages option. D. Select the syslogs to email, click Settings, and specify the Destination Email Address option. Answer: A QUESTION 13 Which Cisco ASDM option configures WebVPN access on a Cisco ASA? A. Configuration > WebVPN > WebVPN Access B. Configuration > Remote Access VPN > Clientless SSL VPN Access C. Configuration > WebVPN > WebVPN Config D. Configuration > VPN > WebVPN Access Answer: B QUESTION 14 A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.) A. Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any B. After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80 C. Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10 D. Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10 E. Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234192.168.1.3 161 to see what the firewall is doing with the user's traffic Answer: AB QUESTION 15 A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks? A. Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging" B. Configure logging using commands "logging on", "logging buffered 6", and check for fan failure logs using "show logging" C. Configure logging using commands "logging on", "logging discriminator msglog1 console 7", and check for fan failure logs using "show logging" D. Configure logging using commands "logging host 10.11.10.11", "logging trap 2", and check for fan failure logs at the syslog server 10.11.10.11 Answer: A QUESTION 16 Which of these are the two types of keys used when implementing GET VPN? (Choose two) A. key encryption B. group encryption C. pre-shared key D. public key E. private key F. traffic encryption key Answer: AF QUESTION 17 A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic? A. AES-128 B. RSA Certificates C. SHA2-HMAC D. 3DES E. Diffie-Helman Key Generation Answer: C QUESTION 18 A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements? A. Clientless SSLVPN B. AnyConnect Client using SSLVPN C. AnyConnect Client using IKEv2 D. FlexVPN Client E. Windows built-in PPTP client Answer: A QUESTION 19 A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) A. crypto isakmp policy 10 encryption aes 254 B. crypto isakmp policy 10 encryption aes 192 C. crypto isakmp policy 10 encryption aes 256 D. crypto isakmp policy 10 encryption aes 196 E. crypto isakmp policy 10 encryption aes 198 F. crypto isakmp policy 10 encryption aes 64 Answer: BC QUESTION 20 Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) A. SHA-512 B. SHA-256 C. SHA-192 D. SHA-380 E. SHA-192 F. SHA-196 Answer: AB
Lead2pass is the leader in 300-209 certification test questions with training materials for Cisco 300-209 exam dumps. Lead2pass Cisco training tools are constantly being revised and updated. We 100% guarantee Cisco 300-209 exam questions with quality and reliability which will help you pass Cisco 300-209 exam.
300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00 2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass: http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]
|