[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 111-120

Get Full Version of the Exam

Question No.111

Refer to the exhibit. A junior network engineer configured the corporate Cisco ASA appliance to accommodate a new temporary worker. For security reasons, the IT department wants to restrict the internal network access of the new temporary worker to the corporate server, with an IP address of After the junior network engineer finished the configuration, an IT security specialist tested the account of the temporary worker. The tester was able to access the URLs of additional secure servers from the WebVPN user account of the temporary worker. What did the junior network engineer configure incorrectly?


  1. The ACL was configured incorrectly.

  2. The ACL was applied incorrectly or was not applied.

  3. Network browsing was not restricted on the temporary worker group policy.

  4. Network browsing was not restricted on the temporary worker user policy.

Correct Answer: B

Question No.112

What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?

  1. The hub sends back a resolution reply to the requesting spoke.

  2. The hub updates its own NHRP mapping.

  3. The hub forwards the request to the destination spoke.

  4. The hub waits for the second spoke to send a request so that it can respond to both spokes.

Correct Answer: C

Question No.113

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to- site VPN? (Choose two.)

  1. priority number

  2. hash algorithm

  3. encryption algorithm

  4. session lifetime

  5. PRF algorithm

Correct Answer: BC

Question No.114

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

  1. interface virtual-template number type template

  2. interface virtual-template number type tunnel

  3. interface template number type virtual

  4. interface tunnel-template number

Correct Answer: B


Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-flex- spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A

Configuring the Virtual Tunnel Interface on FlexVPN Spoke SUMMARY STEPS

  1. enable

  2. configure terminal

  3. interface virtual-template number type tunnel

  4. ip unnumbered tunnel number

  5. ip nhrp network-id number

  6. ip nhrp shortcut virtual-template-number

  7. ip nhrp redirect [timeout seconds]

  8. exit

    Question No.115

    Which functionality is provided by L2TPv3 over FlexVPN?

    1. the extension of a Layer 2 domain across the FlexVPN

    2. the extension of a Layer 3 domain across the FlexVPN

    3. secure communication between servers on the FlexVPN

    4. a secure backdoor for remote access users through the FlexVPN

    Correct Answer: A

    Question No.116

    Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?

    1. clear configure crypto

    2. clear configure crypto ipsec

    3. clear crypto map

    4. clear crypto ikev2 sa

    Correct Answer: A

    Question No.117

    Which protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing?

    1. TLS

    2. DTLS

    3. IKEv2

    4. ISAKMP

    Correct Answer: D

    Question No.118

    Refer to the exhibit. What is the purpose of the given configuration?


    1. Establishing a GRE tunnel.

    2. Enabling IPSec to decrypt fragmented packets.

    3. Resolving access issues caused by large packet sizes.

    4. Adding the spoke to the routing table.

    Correct Answer: C

    Question No.119

    Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

    1. SHA-512

    2. SHA-256

    3. SHA-192

    4. SHA-380

    5. SHA-192

    6. SHA-196

    Correct Answer: AB

    Question No.120

    Which three settings are required for crypto map configuration? (Choose three.)

    1. match address

    2. set peer

    3. set transform-set

    4. set security-association lifetime

    5. set security-association level per-host

    6. set pfs

    Correct Answer: ABC

    Get Full Version of the Exam
    300-209 Dumps
    300-209 VCE and PDF