Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html
Question No.41
Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.)
-
IKEv1
-
IKEv2
-
SSL client
-
SSL clientless
-
ESP
-
L2TP
Correct Answer: BCD
Question No.42
Refer to the exhibit. An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed?
-
No configuration change is necessary. Everything is working correctly.
-
OSPFv3 needs to be configured on the interface.
-
NHRP needs to be configured to provide NBMA mapping.
-
Tunnel mode needs to be changed to GRE IPv4.
-
Tunnel mode needs to be changed to GRE IPv6.
Correct Answer: E
Question No.43
A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server?
-
HTTPS
-
NetBIOS
-
CIFS
-
HTTP
Correct Answer: C
Question No.44
The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
quot;Login Denied, unauthorized connection mechanism, contact your administratorquot; What is the most possible cause of this problem?
-
DAP is terminating the connection because IKEv2 is the protocol that is being used.
-
The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
-
The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
-
The administrator is restricting access to this specific user.
-
The IKEv2 protocol is not enabled in the group policy of the VPN headend.
Correct Answer: E
Question No.45
Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
-
show crypto ipsec sa
-
show crypto isakmp sa
-
show crypto ikev2 sa
-
show ip nhrp
Correct Answer: C
Question No.46
Refer to the exhibit. An engineer is troubleshooting a new GRE over IPSEC tunnel. The tunnel is established, but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?
-
ESP packets from spoke1 to spoke2
-
ISAKMP packets from spoke2 to spoke1
-
ESP packets from spoke2 to spoke1
-
ISAKMP packets from spoke1 to spoke2
Correct Answer: C
Question No.47
Which two options are purposes of the key server in Cisco IOS GETVPN? (Choose two.)
-
to define group members.
-
to distribute static routing information.
-
to distribute dynamic routing information.
-
to encrypt transit traffic.
Correct Answer: AD
Question No.48
Which cryptographic algorithms are a part of the Cisco NGE suite?
-
HIPPA DES
-
AES-CBC-128 C. RC4-128
D. AES-GCM-256
Correct Answer: D
Question No.49
Which configuration is used to build a tunnel between a Cisco ASA and ISR?
-
crypto map
-
DMVPN
-
GET VPN
-
GRE with IPsec
-
GRE without IPsec
Correct Answer: A
Question No.50
Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?
-
appl ssh putty.exe win
-
appl ssh putty.exe windows
-
appl ssh putty
-
appl ssh putty.exe
Correct Answer: B
Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF