[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 51-60

Get Full Version of the Exam

Question No.51

Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSL VPN session. Which statement is correct concerning the SSL VPN authorization process?

  1. Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server.

  2. Remote clients can be authorized externally by applying group parameters from an external database.

  3. Remote client authorization is supported by RADIUS and TACACS protocols.

  4. To configure external authorization, you must configure the Cisco ASA for cut-through proxy.

Correct Answer: B



The aaa authentication command is entered to specify an authentication list or server group under a SSL VPN context configuration. If this command is not configured and AAA is configured globally on the router, global authentication will be applied to the context configuration.

The database that is configured for remote-user authentication on the SSL VPN gateway can be a local database, or the database can be accessed through any RADIUS or TACACS AAA server.

We recommend that you use a separate AAA server, such as a Cisco Access Control Server (ACS). A separate AAA server provides a more robust security solution. It allows you to configure unique passwords for each remote user and accounting and logging for remote-user sessions.

Question No.52

Which two statements comparing ECC and RSA are true? (Choose two.)

  1. ECC can have the same security as RSA but with a shorter key size.

  2. ECC lags in performance when compared with RSA.

  3. Key generation in ECC is slower and less CPU intensive.

  4. ECC cannot have the same security as RSA, even with an increased key size.

  5. Key generation in ECC is faster and less CPU intensive.

Correct Answer: AE

Question No.53

Which technology must be installed on the client computer to enable users to launch applications from a Clientless SSL VPN?

  1. Java

  2. QuickTime plug-in

  3. Silverlight

  4. Flash

Correct Answer: A

Question No.54

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)





Correct Answer: BC

Question No.55

Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface?

  1. ip unnumbered interface

  2. eigrp router-id

  3. passive-interface interface name

  4. ip split-horizon eigrp as number

Correct Answer: A

Question No.56

Which of the following could be used to configure remote access VPN Host-scan and pre-login policies?

  1. ASDM

  2. Connection-profile CLI command

  3. Host-scan CLI command under the VPN group policy

  4. Pre-login-check CLI command

Correct Answer: A

Question No.57

Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?

  1. The router must be configured with a dynamic crypto map.

  2. Certificates are always used for phase 1 authentication.

  3. The tunnel establishment will fail if the router is configured as a responder only.

  4. The router and the peer router must have NAT traversal enabled.

Correct Answer: C

Question No.58

After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?

interface. Tunnel100

Crypto map tag: Tunnel100-head-0, local addr protected vrf. (none)

local ident (addr/mask/prot/port): ( remote ident (addr/mask/prot/port): ( current_peer port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211

#pkts compressed. 0, #pkts decompressed. 0

#pkts not compressed. 0, #pkts compr. failed. 0

#pkts not decompressed. 0, #pkts decompress failed. 0

#send errors 0, #recv errors 0

  1. The VPN has established and is functioning normally.

  2. There is an asymmetric routing issue.

  3. The remote peer is not receiving encrypted traffic.

  4. The remote peer is not able to decrypt traffic.

  5. Packet corruption is occurring on the path between the two peers.

Correct Answer: E

Question No.59

Which command can be used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

  1. show crypto lkev2 client flexvpn

  2. show crypto identity

  3. show crypto isakmp sa

  4. show crypto gkm

Correct Answer: A

Question No.60

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?

  1. The user#39;s FTP application is not supported.

  2. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.

  3. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.

  4. The user#39;s operating system is not supported.

Correct Answer: B



Thin-Client SSL VPN (Port Forwarding)

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications.

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF