[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 111-120

Dumps4cert.com : Latest Dumps with PDF and VCE Files 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Mobility Solutions

Question No: 111

Which equation describes an elliptic curve?

  1. y3 = x3 ax b

  2. x3 = y2 ab x

  3. y4 = x2 ax b

  4. y2 = x3 ax b

  5. y2 = x2 ax b2

Answer: D

Question No: 112

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

  1. migrate remote-access ssl overwrite

  2. migrate remote-access ikev2

  3. migrate l2l

  4. migrate remote-access ssl

Answer: A Explanation:

Below is a reference for this question: http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation- firewalls/113597-ptn-113597.html

If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command:

migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note:

Keyword definitions:

l2l – This converts current IKEv1 l2l tunnels to IKEv2.

remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.

overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

Question No: 113

What routing protocol is recommended by Cisco in DMVPN between company router and ISP router? (Choose Two)

  1. OSPF

  2. RIPv2

  3. ISIS

  4. BGP

  5. EIGRP

Answer: D,E

Question No: 114

In FlexVPN, what command can an administrator use to create a virtual template interface that can be configured and applied dynamically to create virtual access interfaces?

  1. interface virtual-template number type template

  2. interface virtual-template number type tunnel

  3. interface template number type virtual

  4. interface tunnel-template number

    Answer: B Explanation:

    Here is a reference an explanation that can be included with this test. http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec- flex-spoke.html#GUID-4A10927D-4C6A-4202-B01C-DA7E462F5D8A

    Configuring the Virtual Tunnel Interface on FlexVPN Spoke SUMMARY STEPS

    1. enable

    2. configure terminal

    3. interface virtual-template number type tunnel

    4. ip unnumbered tunnel number

    5. ip nhrp network-id number

    6. ip nhrp shortcut virtual-template-number

    7. ip nhrp redirect [timeout seconds]

    8. exit

      Question No: 115

      Which two features are required when configuring a DMVPN network? (Choose two.)

      1. Dynamic routing protocol

      2. GRE tunnel interface

      3. Next Hop Resolution Protocol

      4. Dynamic crypto map

      5. IPsec encryption

Answer: B,C

Question No: 116

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

After implementing the IKEv2 tunnel, it was observed that remote users on the network are unable to access the internet. Which of the following can be done to resolve this problem?

  1. Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto map

  2. Change the remote traffic selector on the remote ASA to

  3. Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peers

  4. Change the local traffic selector on the headquarter ASA to

  5. Change the remote traffic selector on the headquarter ASA to

Answer: B


The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from to

Question No: 117

Which hash algorithm is required to protect classified information?

  1. MD5

  2. SHA-1

  3. SHA-256

  4. SHA-384

Answer: D

Question No: 118

A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud?

  1. Create another DMVPN cloud by configuring another tunnel interface that is sourced from the second ISP link.

  2. Use another router at the spoke site, because two ISP connections on the same router for the same hub is not allowed.

  3. Configure SLA tracking, and when the primary interface goes down, manually change the tunnel source of the tunnel interface.

  4. Create another tunnel interface with same configuration except the tunnel source, and configure the if-state nhrp and backup interface commands on the primary tunnel interface.

Answer: C

Question No: 119

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem?

  1. IPsec will not work in conjunction with a group URL.

  2. The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this.

  3. If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group).

  4. A new XML profile should be created instead of modifying the existing profile, so that the clients force the update.

Answer: C

Question No: 120

Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. Certain finance employees need remote access to the software during nonbusiness hours. These employees do not have quot;adminquot; privileges to their PCs.

What is the correct way to configure the SSL VPN tunnel to allow this application to run?

  1. Configure a smart tunnel for the application.

  2. Configure a quot;finance toolquot; VNC bookmark on the employee clientless SSL VPN portal.

  3. Configure the plug-in that best fits the application.

  4. Configure the Cisco ASA appliance to download the Cisco AnyConnect SSL VPN Client to the finance employee each time an SSL VPN tunnel is established.

Answer: A Explanation:


A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser based) SSL VPN session with the security appliance as the pathway, and the security appliance as a proxy server. You can identify applications to which you want to grant smart tunnel access, and specify the local path to each application. For applications running on Microsoft Windows, you can also require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.

Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want to grant smart tunnel access.

Configuring smart tunnels requires one of the following procedures, depending on whether the application is a client or is a web-enabled application:

鈥reate one or more smart tunnel lists of the client applications, then assign the list to the group policies or local user policies for whom you want to provide smart tunnel access.

鈥reate one or more bookmark list entries that specify the URLs of the web-enabled applications eligible for smart tunnel access, then assign the list to the DAPs, group policies, or local user policies for whom you want to provide smart tunnel access.

You can also list web-enabled applications for which to automate the submission of login credentials in smart tunnel connections over clientless SSL VPN sessions.

Why Smart Tunnels?

Smart tunnel access lets a client TCP-based application use a browser-based VPN connection to connect to a service. It offers the following advantages to users, compared to plug-ins and the legacy technology, port forwarding:

鈥mart tunnel offers better performance than plug-ins.

鈥nlike port forwarding, smart tunnel simplifies the user experience by not requiring the user connection of the local application to the local port.

鈥nlike port forwarding, smart tunnel does not require users to have administrator privileges.

The advantage of a plug-in is that it does not require the client application to be installed on the remote computer.

Smart Tunnel Requirements, Restrictions, and Limitations

The following sections categorize the smart tunnel requirements and limitations. General Requirements and Limitations

Smart tunnel has the following general requirements and limitations:

鈥he remote host originating the smart tunnel must be running a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.

鈥mart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.

鈥he browser must be enabled with Java, Microsoft ActiveX, or both.

鈥mart tunnel supports only proxies placed between computers running Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user#39;s location provides web access. However, only VPN users can configure proxies placed in front of the ASA.

When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.

鈥hen smart tunnel starts, the security appliance by default passes all browser traffic through the VPN session if the browser process is the same. The security appliance also does this if a tunnel-all policy applies. If the user starts another instance of the browser process, it passes all traffic through the VPN session. If the browser process is the same and the security appliance does not provide access to a URL, the user cannot open it. As a workaround, assign a tunnel policy that is not tunnel-all.

鈥 stateful failover does not retain smart tunnel connections. Users must reconnect following a failover.

100% Dumps4cert Free Download!
Download Free Demo:300-209 Demo PDF
100% Dumps4cert Free Guaranteed!
Download 2017 Dumps4cert 300-209 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE