[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 11-20

Dumps4cert 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-209.html

Implementing Cisco Secure Mobility Solutions

Question No: 11

Which three settings are required for crypto map configuration? (Choose three.)

  1. match address

  2. set peer

  3. set transform-set

  4. set security-association lifetime

  5. set security-association level per-host

  6. set pfs

Answer: A,B,C

Question No: 12

Which Cisco firewall platform supports Cisco NGE?

  1. FWSM

  2. Cisco ASA 5505

  3. Cisco ASA 5580

  4. Cisco ASA 5525-X

Answer: D

Question No: 13

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

The quot;level_2quot; digital certificate was installed on a laptop. What can cause an quot;invalid not activequot; status message?

  1. On first use, a CA server-supplied passphrase is entered to validate the certificate.

  2. A quot;newly installedquot; digital certificate does not become active until it is validated by the peer device upon its first usage.

  3. The user has not clicked the Verify button within the Cisco VPN Client.

  4. The CA server and laptop PC clocks are out of sync.

Answer: D Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html

Certificates have a date and time that they become valid and that they expire. When the security appliance enrolls with a CA and gets a certificate, the security appliance checks that the current time is within the valid range for the certificate. If it is outside that range, enrollment fails.

Same would apply to communication between ASA and PC

Question No: 14

Which three types of web resources or protocols are enabled by default on the Cisco ASA Clientless SSL VPN portal? (Choose three.)

  1. HTTP

  2. VNC

  3. CIFS

  4. RDP

  5. HTTPS

  6. ICA (Citrix)

Answer: A,C,E

Question No: 15

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

An engineer wants to ensure that employees cannot access corporate resources on untrusted networks, but does not want a new VPN session to be established each time they leave the trusted network. Which Cisco AnyConnect Trusted Network Policy option allows this ability?

  1. Pause

  2. Connect

  3. Do Nothing

  4. Disconnect

Answer: A

Question No: 16 CORRECT TEXT

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Answer: Here are the steps as below:

Step 1: configure key ring crypto ikev2 keyring mykeys peer SiteB.cisco.com address 209.161.201.1

pre-shared-key local $iteA pre-shared key remote $iteB Step 2: Configure IKEv2 profile Crypto ikev2 profile default

identity local fqdn SiteA.cisco.com

Match identity remote fqdn SiteB.cisco.com Authentication local pre-share Authentication remote pre-share

Keyring local mykeys

Step 3: Create the GRE Tunnel and apply profile

crypto ipsec profile default set ikev2-profile default Interface tunnel 0

ip address 10.1.1.1 255.255.255.0 Tunnel source eth 0/0

Tunnel destination 209.165.201.1 tunnel protection ipsec profile default end

Question No: 17

You are configuring a Cisco IOS SSL VPN gateway to operate with DVTI support. Which command must you configure on the virtual template?

  1. tunnel protection ipsec

  2. ip virtual-reassembly

  3. tunnel mode ipsec

  4. ip unnumbered

Answer: D

Question No: 18

Which are two main use cases for Clientless SSL VPN? (Choose two.)

  1. In kiosks that are part of a shared environment

  2. When the users do not have admin rights to install a new VPN client

  3. When full tunneling is needed to support applications that use TCP, UDP, and ICMP

  4. To create VPN site-to-site tunnels in combination with remote access

Answer: A,B

Question No: 19

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

Which VPN solution does this configuration represent?

  1. Cisco AnyConnect (IKEv2)

  2. site-to-site

  3. DMVPN

  4. SSL VPN

Answer: D

Question No: 20

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel.

From the information that is shown, where should the engineer navigate to find the prelogin

session attributes?

  1. quot;engineeringquot; Group Policy

  2. quot;contractorquot; Connection Profile

  3. quot;engineer1quot; AAA/Local Users

  4. DfltGrpPolicy Group Policy

Answer: B Explanation:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administrat ion/guide/ac05hostscanposture.html#wp1039696

100% Free Download!
Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-209 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE