Ensurepass.com : Ensure you pass the IT Exams
2018 Apr Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 171

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

  1. ACL

  2. IP routing

  3. RRI

  4. front door VPN routing and forwarding

Answer: B

Question No: 172

When attempting to tunnel FTP traffic through a stateful firewall that might be performing NAT or PAT, which type of VPN tunneling should you use to allow the VPN traffic through the stateful firewall?

  1. clientless SSL VPN

  2. IPsec over TCP

  3. smart tunnel

  4. SSL VPN plug-ins

Answer: B Explanation:

IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls

Question No: 173

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel?

A. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.20.0/0- 192.168.20.255/65535

B. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 192.168.22.0/0- 192.168.22.255/65535

C. Local selector 192.168.22.0/0-192.168.22.255/65535 Remote selector 192.168.33.0/0- 192.168.33.255/65535

D. Local selector 192.168.33.0/0-192.168.33.255/65535 Remote selector 0.0.0.0/0 – 0.0.0.0/65535

E. Local selector 0.0.0.0/0 – 0.0.0.0/65535 Remote selector 192.168.22.0/0 – 192.168.22.255/65535

Answer: B Explanation:

The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE).

Question No: 174

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic?

  1. DES

  2. 3DES

  3. AES

  4. AES192

  5. AES256

Answer: E Explanation:

Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer.

Question No: 175

A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?

  1. Configure logging using commands quot;logging onquot;, quot;logging buffered 4quot;, and check for fan failure logs using quot;show loggingquot;

  2. Configure logging using commands quot;logging onquot;, quot;logging buffered 6quot;, and check for fan

    failure logs using quot;show loggingquot;

  3. Configure logging using commands quot;logging onquot;, quot;logging discriminator msglog1 console 7quot;, and check for fan failure logs using quot;show loggingquot;

  4. Configure logging using commands quot;logging host 10.11.10.11quot;, quot;logging trap 2quot;, and check for fan failure logs at the syslog server 10.11.10.11

Answer: A

Question No: 176

You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?

  1. Configure start before logon in the client profile.

  2. Configure a group policy to prompt the user to download the updated module.

  3. Define the modules for download in the client profile.

  4. Define the modules for download in the group policy.

Answer: A

Question No: 177

What are the three primary components of a GET VPN network? (Choose three.)

  1. Group Domain of Interpretation protocol

  2. Simple Network Management Protocol

  3. server load balancer

  4. accounting server

  5. group member

  6. key server

Answer: A,E,F

Question No: 178

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

The ABC Corporation is changing remote-user authentication from pre-shared keys to certificate-based authentication. For most employee authentication, its group membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers.

As the network engineer, where would you look for the problem?

  1. Check the validity of the identity and root certificate on the PC of the finance manager.

  2. Change the Management Certificate to Connection Profile Maps gt; Rule Priority to a number that is greater than 10.

  3. Check if the Management Certificate to Connection Profile Maps gt; Rules is configured correctly.

  4. Check if the Certificate to Connection Profile Maps gt; Policy is set correctly.

Answer: D Explanation:

Cisco ASDM User Guide Version 6.1

Ensurepass 2018 PDF and VCE

Question No: 179

The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:

quot;Login Denied, unauthorized connection mechanism, contact your administratorquot; What is the most possible cause of this problem?

  1. DAP is terminating the connection because IKEv2 is the protocol that is being used.

  2. The client endpoint does not have the correct user profile to initiate an IKEv2 connection.

  3. The AAA server that is being used does not authorize IKEv2 as the connection mechanism.

  4. The administrator is restricting access to this specific user.

  5. The IKEv2 protocol is not enabled in the group policy of the VPN headend.

Answer: E

Question No: 180

Which technology can you implement to reduce latency issues associated with a Cisco AnyConnect VPN?

  1. DTLS

  2. SCTP

  3. DCCP

  4. SRTP

Answer: A

100% Ensurepass Free Download!
Download Free Demo:300-209 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass 300-209 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No