[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 151-160

Dumps4cert 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-209.html

Implementing Cisco Secure Mobility Solutions

Question No: 151

Scenario

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.

Note: Not all screens or option selections are active for this exercise.

Dumps4Cert 2017 PDF and VCE

Topology

Dumps4Cert 2017 PDF and VCE

Default_Home

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Which address pool is being assigned to the users connecting via the AnyConnect client?

  1. AC_Address_Pool

  2. Remote_Address_Pool

  3. Outside_Address_Pool

  4. VPN_Address_Pool

Answer: D Explanation:

First Navigate to the Configuration -gt; Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below:

Dumps4Cert 2017 PDF and VCE

Capture

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below:

Dumps4Cert 2017 PDF and VCE

Capture

From here we can see that the Client Address Pools in use is the “VPN_Access_Pool”

Question No: 152

Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

  1. Verify that the primary protocol on the client machine is set to IPsec.

  2. Verify that AnyConnect is enabled on the correct interface.

  3. Verify that the IKEv2 protocol is enabled on the group policy.

  4. Verify that ASDM and AnyConnect are not using the same port.

  5. Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.

Answer: A,C

Question No: 153

Where do you configure AnyConnect certificate-based authentication in ASDM?

  1. group policies

  2. AnyConnect Connection Profile

  3. AnyConnect Client Profile

  4. Advanced Network (Client) Access

Answer: B

Question No: 154

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

  1. CSCO_WEBVPN_OTP_PASSWORD

  2. CSCO_WEBVPN_INTERNAL_PASSWORD

  3. CSCO_WEBVPN_USERNAME

  4. CSCO_WEBVPN_RADIUS_USER

Answer: B,C

Question No: 155

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

  1. ACL

  2. IP routing

  3. RRI

  4. front door VPN routing and forwarding

Answer: B

Question No: 156

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.)

  1. The client initiates a VPN connection upon detection of an untrusted network.

  2. The client initiates a VPN connection upon detection of a trusted network.

  3. The always-on feature is enabled.

  4. The always-on feature is disabled.

  5. The client does not automatically initiate any VPN connection.

Answer: A,D

Question No: 157

Which command clears all Cisco AnyConnect VPN sessions?

  1. vpn-sessiondb logoff anyconnect

  2. vpn-sessiondb logoff webvpn

  3. vpn-sessiondb logoff l2l

  4. clear crypto isakmp sa

Answer: A

Question No: 158

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

When a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?

  1. 1

  2. 2

  3. 5

  4. 14

  5. 19

Answer: C Explanation:

Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5.

Dumps4Cert 2017 PDF and VCE

Question No: 159

When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?

  1. address assignment

  2. DHCP configuration

  3. tunnel group attributes

  4. host file misconfiguration

Answer: C

Question No: 160

Scenario

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.

Note: Not all screens or option selections are active for this exercise.

Dumps4Cert 2017 PDF and VCE

Topology

Dumps4Cert 2017 PDF and VCE

Default_Home

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.)

  1. No action will be taken, they will keep their original assigned addresses

  2. The source address will use the outside-nat-pool

  3. The source NAT type will be a static translation

  4. The source NAT type will be a dynamic translation

  5. DNS will be translated on rule matches

Answer: A,C Explanation:

First, navigate to the Configuration -gt;NAT Rules tab to see this:

Dumps4Cert 2017 PDF and VCE

Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following:

Dumps4Cert 2017 PDF and VCE

Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated.

100% Free Download!
Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-209 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE