Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.181

Refer to the exhibit. You have implemented an SSL VPN as shown. Which type of communication takes place between the secure gateway R1 and the Cisco Secure ACS?

1. HTTP proxy

2. AAA

3. policy

4. port forwarding

Correct Answer: B

Question No.182

Refer to the exhibit. Which exchange does this debug output represent?

1. IKE Phase 1

2. IKE Phase 2

3. symmetric key exchange

4. certificate exchange

Correct Answer: A

Question No.183

Which two are characteristics of GETVPN? (Choose two.)

1. The IP header of the encrypted packet is preserved

2. A key server is elected among all configured Group Members

3. Unique encryption keys are computed for each Group Member

4. The same key encryption and traffic encryption keys are distributed to all Group Members

Correct Answer: AD

Question No.184

What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes?

1. 1160 bytes

2. 1260 bytes

3. 1360 bytes

4. 1240 bytes

Correct Answer: C

Question No.185

An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

1. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

   !

   group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value splitlist

2. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

   !

   group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelall

   split-tunnel-network-list value splitlist

3. group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecified

   split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

   split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

4. access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224

   !

   crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist

5. crypto anyconnect vpn-tunnel-policy tunnelspecified

crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224

crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

Correct Answer: A

Question No.186

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?

1. dynamic access policy attributes

2. group policy attributes

3. connection profile attributes

4. user attributes

Correct Answer: A

Question No.187

An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

1. Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA

2. Under the quot;Automatic VPN Policyquot; section inside the Anyconnect Profile Editor within ASDM

3. Under the TNDPolicy XML section within the Local Preferences file on the client computer

4. Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Correct Answer: B

Question No.188

After adding a remote-access IPsec tunnel via the VPN wizard, an administrator needs to tune the IPsec policy parameters. Where is the correct place to tune the IPsec policy parameters in Cisco ASDM?

1. IPsec user profile

2. Crypto Map

3. Group Policy

4. IPsec Policy

5. IKE Policy

Correct Answer: B

Question No.189

Refer to the exhibit. The quot;level_2quot; digital certificate was installed on a laptop. What can cause an quot;invalid not activequot; status message?

1. On first use, a CA server-supplied passphrase is entered to validate the certificate.

2. A quot;newly installedquot; digital certificate does not become active until it is validated by the peer device upon its first usage.

3. The user has not clicked the Verify button within the Cisco VPN Client.

4. The CA server and laptop PC clocks are out of sync.

Correct Answer: D

Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html

Certificates have a date and time that they become valid and that they expire. When the security appliance enrolls with a CA and gets a certificate, the security appliance checks that the current time is within the valid range for the certificate. If it is outside that range, enrollment fails.

Same would apply to communication between ASA and PC

Question No.190

You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?

1. show ip nhrp nhs detail

2. show ip nhrp tunnel

3. show ip nhrp incomplete

4. show ip nhrp incomplete tunnel tunnel_interface_number

Correct Answer: A

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

Related Posts

• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 211-220
• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 191-200
• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 201-210
• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 161-170
• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 171-180
• [Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 151-160