Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html
Question No.101
Which feature do you include in a highly available system to account for potential site failures?
-
geographical separation of redundant devices
-
hot/standby failover pairs
-
Cisco ACE load-balancing with VIP
-
dual power supplies
Correct Answer: A
Question No.102
What is the default topology type for a GET VPN?
-
point-to-point
-
hub-and-spoke
-
full mesh
-
on-demand spoke-to-spoke
Correct Answer: C
Question No.103
Which option is one component of a Public Key Infrastructure?
-
the Registration Authority
-
Active Directory
-
RADIUS
-
TACACS
Correct Answer: A
Question No.104
Where is split-tunneling defined for remote access clients on an ASA?
-
Group-policy
-
Tunnel-group
-
Crypto-map
-
Web-VPN Portal
-
ISAKMP client
Correct Answer: A
Question No.105
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?
-
IKEv2 Suite-B
-
IKEv2 proposals
-
IKEv2 profiles
-
IKEv2 Smart Defaults
Correct Answer: D
Question No.106
Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel groups from a drop-down menu on the Cisco WebVPN login page. As the Cisco ASA administrator, how would you accomplish this task?
-
Define a special identity certificate with multiple groups, which are defined in the certificate OU field, that will grant the certificate holder access to the named groups on the login page.
-
Under Group Policies, define a default group that encompasses the required individual groups that will appear on the login page.
-
Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that will appear on the login page.
-
Under Connection Profiles, enable quot;Allow user to select connection profile.quot;
Correct Answer: D
Explanation:
Cisco ASDM User Guide Version 6.1
Add or Edit SSL VPN Connections gt; Advanced gt; SSL VPN This dialog box lets you configure attributes that affect what the remote user sees upon login. Fields ?Login Page Customization Configures the look and feel of the user login page by specifying which preconfigured customization attributes to apply. The default is DfltCustomization.
ManageOpens the Configure GUI Customization Objects window.
Connection AliasesLists in a table the existing connection aliases and their status and lets you add or delete items in that table. A connection alias appears on the user login page if the connection is configured to allow users to select a particular connection (tunnel group) at login. AddOpens the Add Connection Alias window, on which you can add and enable a connection alias.
DeleteRemoves the selected row from the connection alias table. There is no confirmation or undo.
Group URLsLists in a table the existing group URLs and their status and lets you add or delete items in that table. A group URL appears on the user login page if the connection is configured to allow users to select a particular group at login.
AddOpens the Add Group URL window, on which you can add and enable a group URL. DeleteRemoves the selected row from the connection alias table. There is no confirmation or undo.
Question No.107
Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)
-
SHA (HMAC variant)
-
Diffie-Hellman
-
DES
-
MD5 (HMAC variant)
Correct Answer: AB
Question No.108
Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.)
-
authenticates group members
-
manages security policy
-
creates group keys
-
distributes policy/keys
-
encrypts endpoint traffic
-
receives policy/keys
-
defines group members
Correct Answer: ABCD
Question No.109
Which two parameters help to map a VPN session to a tunnel group without using the tunnel- group list? (Choose two.)
-
group-alias
-
certificate map
-
use gateway command
-
group-url
-
AnyConnect client version
Correct Answer: BD
Question No.110
Refer to the exhibit. Which two statements about the given configuration are true? (Choose two.)
-
Defined PSK can be used by any IPSec peer.
-
Any router defined in group 2 will be allowed to connect.
-
It can be used in a DMVPN deployment
-
It is a LAN-to-LAN VPN ISAKMP policy.
-
It is an AnyConnect ISAKMP policy.
-
PSK will not work as configured
Correct Answer: AC
Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF