[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 151-160

Get Full Version of the Exam

Question No.151

Which two operational advantages does GetVPN offer over site-to-site IPsec tunnel in a private MPLS-based core network? (Choose two.)

  1. Key servers perform encryption and decryption of all the data in the network, which allows for tight security policies.

  2. Traffic uses one VRF to encrypt data and a different on to decrypt data, which allows for multicast traffic isolation.

  3. GETVPN is tunnel-less, which allows any group member to perform decryption and routing around network failures.

  4. Packets carry original source and destination IP addresses, which allows for optimal routing of encrypted traffic.

  5. Group Domain of Interpretation protocol allows for homomorphic encryption, which allows group members to operate on messages without decrypting them

Correct Answer: DE

Question No.152

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have quot;adminquot; privileges to their PCs. What is the correct way to configure the SSL VPN tunnel to allow this application to run?

  1. Configure a smart tunnel for the application.

  2. Configure a quot;finance toolquot; VNC bookmark on the employee clientless SSL VPN portal.

  3. Configure the plug-in that best fits the application.

  4. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

Correct Answer: A

Question No.153

Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

  1. SAML


  3. HTTP Basic

  4. NTLM

  5. Kerberos

  6. OAuth 2.0

Correct Answer: BCD

Question No.154

Which two types of authentication are supported when you use Cisco ASDM to configure site-to- site IKEv2 with IPv6? (Choose two.)

  1. preshared key

  2. webAuth

  3. digital certificates

  4. XAUTH

  5. EAP

Correct Answer: AC

Question No.155

Refer to the exhibit. Which statement about the given IKE policy is true?


  1. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.

  2. It will use encrypted nonces for authentication.

  3. It has a keepalive of 60 minutes, checking every 5 minutes.

  4. It uses a 56-bit encryption algorithm.

Correct Answer: B

Question No.156

Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)

  1. Enable EIGRP next-hop-self on the hub.

  2. Disable EIGRP next-hop-self on the hub.

  3. Enable EIGRP split-horizon on the hub.

  4. Add NHRP redirects on the hub.

  5. Add NHRP shortcuts on the spoke.

  6. Add NHRP shortcuts on the hub.

Correct Answer: BDE

Question No.157

In which situation would you enable the Smart Tunnel option with clientless SSL VPN?

  1. when a user is using an outdated version of a web browser

  2. when an application is failing in the rewrite process

  3. when IPsec should be used over SSL VPN

  4. when a user has a nonsupported Java version installed

  5. when cookies are disabled

Correct Answer: B

Question No.158

Refer to the exhibit. Which authentication method was used by the remote peer to prove its identity?


  1. Extensible Authentication Protocol

  2. certificate authentication

  3. pre-shared key

  4. XAUTH

Correct Answer: C

Question No.159

Which two technologies are considered to be Suite B cryptography? (Choose two.)

  1. MD5

  2. SHA2

  3. Elliptical Curve Diffie-Hellman

  4. 3DES

  5. DES

Correct Answer: BC

Question No.160

Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?

  1. show vpn-sessiondb summary

  2. show crypto ikev1 sa

  3. show vpn-sessiondb ratio encryption

  4. show iskamp sa detail

  5. show crypto protocol statistics all

Correct Answer: A

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF