[Sep-2019]Exam Pass 100%!Braindump2go 300-209 Exam VCE Dumps 355Q Instant Download(New Questions)

Sep/2019 Braindump2go 300-209 Exam Dumps with PDF and VCE New Updated Today! Following are some new 300-209 Exam Questions:

Latest Braindump2go 300-209 Exam Dumps (PDF & VCE) Instant Download:

https://www.braindump2go.com/300-209.html

2.|2019 Latest Braindump2go 300-209 Exam Questions & Answers Instant Download:

https://drive.google.com/drive/folders/0B75b5xYLjSSNRkY3M21SbTdTNDg?usp=sharing

New Questions
Which type of NHRP packet is unique to Phase 3 DMVPN topologies?

A. resolution request
B. resolution reply
C. traffic indication
D. registration request
E. registration reply
F. error indication

Answer: C

New Questions
Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)

A. HTTP
B. VNC
C. CIFS
D. RDP
E. HTTPS
F. ICA (Citrix)

Answer: ACE

New Questions
Which three parameters must match on all routers in a DMVPN Phase 3 cloud? (Choose three.)

A. NHRP network ID
B. GRE tunnel key
C. NHRP authentication string
D. tunnel VRF
E. EIGRP process name
F. EIGRP split-horizon setting

Answer: ABC

New Questions
Refer to the exhibit. Which two characteristics of the VPN implementation are evident? (Choose two.)

A. dual DMVPN cloud setup with dual hub
B. DMVPN Phase 3 implementation
C. single DMVPN cloud setup with dual hub
D. DMVPN Phase 1 implementation
E. quad DMVPN cloud with quadra hub
F. DMVPN Phase 2 implementation

Answer: BC

New Questions
Refer to the exhibit. The customer needs to launch AnyConnect in the RDP machine.
Which configuration is correct?

A. crypto vpn anyconnect profile test flash:RDP.xml policy group default
svc profile test
B. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1
browser-attribute import flash:/swj.xml
C. crypto vpn anyconnect profile test flash:RDP.xml policy group default
svc profile flash:RDP.xml
D. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1
browser-attribute import test

Answer: A

New Questions
Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.)

A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.
E. Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Answer: CD

New Questions
A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)

A. increased hash size
B. DOS protection
C. Preshared keys are used for authentication.
D. RSA-Sig used for authentication
E. native NAT traversal
F. asymmetric authentication

Answer: BEF

New Questions
A network engineer is troubleshooting a site VPN tunnel configured on a Cisco ASA and wants to validate that the tunnel is sending and receiving traffic. Which command accomplishes this task?

A. show crypto ikev1 sa peer
B. show crypto ikev2 sa peer
C. show crypto ipsec sa peer
D. show crypto isakmp sa peer

Answer: C

New Questions
When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?

A. address assignment
B. DHCP configuration
C. tunnel group attributes
D. host file misconfiguration

Answer: D

New Questions
Which two commands are include in the command show dmvpn detail? (Choose two.)

A. Show ip nhrp
B. Show ip nhrp nhs
C. Show crypto ipsec sa detail
D. Show crypto session detail
E. Show crypto sockets

Answer: BD

New Questions
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

A. Change DMVPN timeout values.
B. Adjust the MTU size within the routers.
C. Replace certificate on the RDP server.
D. Add RDP port to the extended ACL.

Answer: B
Explanation:
Answers A and C do not make sense.
Answer D is valid only for split tunneling…if we want to pass the RDP traffic off tunnel. The ACL configured to establish the DMVPN tunnel only need udp 500/4500 and esp (50).
Answer B should be correct because voice traffic (UDP) and ping use smaller MTU size and will not be fragmented…and thus will work. RDP uses TCP / 3389 and isn’t fault tolerant.

New Questions
Which feature is a benefit of Dynamic Multipoint VPN?

A. geographic filtering of spoke devices
B. translation PAT
C. rotating wildcard preshared keys
D. dynamic spoke-to spoke tunnel establishment

Answer: D

New Questions
An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco ISO router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message “Use a browser to gain access.” Which action does the engineer take to eliminate this issue?

A. Reset user login credentials.
B. Disable the HTTP server.
C. Correct the URL address.
D. Connect using HTTPS.

Answer: B

New Questions
Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only.
Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?

A. no inverse arp
B. neighbor (ip address)
C. no ip split-horizon egrp 1
D. redistribute static

Answer: C

New Questions
Which algorithm provides both encryption and authentication for plane communication?

A. RC4
B. SHA-384
C. AES-256
D. SHA-96
E. 3DES
F. AES-GCM

Answer: F

New Questions
Refer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA.
Which command on the ASA is missing?

A. same-security-traffic permit inter-interface
B. same-security-traffic permit intra-interface
C. dns-server value 10.1.1.3
D. split-tunnel-network list

Answer: B

New Questions
Which statement regarding GET VPN is true?

A. When you implement GET VPN with VRFs, all VHFs must be defined in the GDOI group configuration on the key server.
B. T ne pseudotime that is used for replay checking is synchronized via NTP.
C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.
D. TEK rekesys can be load-balanced between two key servers operating in COOP.
E. The configuration that defines which traffic to encrypt is present only on the key server.

Answer: E

New Questions
Which two statements comparing ECC and RSA are true? (Choose two.)

A. Key generation in FCC is slower and more CPU intensive than RSA.
B. ECC can have the same security as RSA but with a shorter key size
C. Key generation in ECC is faster and less CPU intensive than RSA.
D. ECC cannot have the same security as RSA. even with an increased key size.
E. ECC lags m performance when compared with RSA.

Answer: BC

New Questions
Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

A. SAML
B. HTTP POST
C. HTTP Basic
D. NTLM
E. Kerberos
F. OAuth 2.0

Answer: BCD

New Questions
Which two statements about the Cisco ASA Clientless SSL VPN smart tunnels feature are true? (Choose two.)

A. Smart tunnels are enabled on the secure gateway (Cisco ASA) for specific applications that run on the end client and work irrespective of which transport protocol the application uses.
B. Smart tunnels require Administrative privileges to run on the client machine.
C. A smart tunnel is a DLL that is pushed from the headend to the client machine after SSL VPN portal authentication and that is attached to smart-tunneled processes to route traffic through the SSL VPN session with the gateway.
D. Smart tunnels offer better performance than the client-server plugins.
E. Smart tunnels are supported on Windows, Mac, and Linux.

Answer: CD

New Questions
As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity.
Which technology should you use?

A. IPsec DVTI
B. FlexVPN
C. DMVPN
D. IPsec SVTI
E. GET VPN

Answer: E

New Questions
Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)

A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate

Answer: ABG

New Questions
Which statement regarding hashing is correct?

A. MD5 produces a 64-bit message digest.
B. SHA-1 produces a 160-bit message digest.
C. MD5 takes more CPU cycles to compute than SHA-1.
D. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.

Answer: B

New Questions
Refer to the exhibit. Which type of mismatch is causing the problem with the IPsec VPN tunnel?

A. PSK
B. Phase 1 policy
C. transform set
D. crypto access list

Answer: A

New Questions
Which three changes must be made to migrate from DMVPN Phase 2 to Phase 3 when EIGRP is configured? (Choose three.)

A. Enable EIGRP next-hop-self on the hub.
B. Disable EIGRP next-hop-self on the hub.
C. Enable EIGRP split-horizon on the hub.
D. Add NHRP redirects on the hub.
E. Add NHRP shortcuts on the spoke.
F. Add NHRP shortcuts on the hub.

Answer: BDE

New Questions
Which algorithm provides both encryption and authentication for data plane communication?

A. SHA-96
B. SHA-384
C. 3DES
D. AES-256
E. AES-GCM
F. RC4

Answer: E

New Questions
Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)

A. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.
B. Only crypto map configuration that is set up on the active device must be duplicated on the standby device.
C. The IPsec configuration that is set up on the active device must be duplicated on the standby device.
D. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.
E. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.
F. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.
G. The IKE configuration that is set up on the active device must be duplicated on the standby device.

Answer: CEG

New Questions
Which two statements comparing ECC and RSA are true? (Choose two.)

A. ECC can have the same security as RSA but with a shorter key size.
B. ECC lags in performance when compared with RSA.
C. Key generation in ECC is slower and less CPU intensive than RSA..
D. ECC cannot have the same security as RSA, even with an increased key size.
E. Key generation in ECC is faster and less CPU intensive.

Answer: AE

New Questions
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

A. one IPsec SA for all encrypted traffic
B. no requirement for an overlay routing protocol
C. design for use over public or private WAN
D. sequence numbers that enable scalable replay checking
E. enabled use of ESP or AH
F. preservation of IP protocol in outer header

Answer: AB


!!!RECOMMEND!!!

Latest Braindump2go 300-209 Exam Dumps (PDF & VCE) Instant Download:

https://www.braindump2go.com/300-209.html

2.|2019 Latest Braindump2go 300-209 Study Guide Video Instant Download:

https://youtu.be/T0vj6TzVZTM