[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 31-40

Dumps4cert 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-209.html

Implementing Cisco Secure Mobility Solutions

Question No: 31

Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

  1. one IPsec SA for all encrypted traffic

  2. no requirement for an overlay routing protocol

  3. design for use over public or private WAN

  4. sequence numbers that enable scalable replay checking

  5. enabled use of ESP or AH

  6. preservation of IP protocol in outer header

Answer: A,B

Question No: 32

What does NHRP stand for?

  1. Next Hop Resolution Protocol

  2. Next Hop Registration Protocol

  3. Next Hub Routing Protocol

  4. Next Hop Routing Protocol

Answer: A

Question No: 33

A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1?

(Choose three.)

  1. increased hash size

  2. DOS protection

  3. Preshared keys are used for authentication.

  4. RSA-Sig used for authentication

  5. native NAT traversal

  6. asymmetric authentication

Answer: B,C,D

Question No: 34

Which option is one component of a Public Key Infrastructure?

  1. the Registration Authority

  2. Active Directory

  3. RADIUS

  4. TACACS

Answer: A

Question No: 35

Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.)

  1. priority number

  2. hash algorithm

  3. encryption algorithm

  4. session lifetime

  5. PRF algorithm

Answer: B,C

Question No: 36

After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?

interfacE. Tunnel100

Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10

protected vrF. (none)

local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0) current_peer 209.165.200.230 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836

#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211

#pkts compresseD. 0, #pkts decompresseD. 0

#pkts not compresseD. 0, #pkts compr. faileD. 0

#pkts not decompresseD. 0, #pkts decompress faileD. 0

#send errors 0, #recv errors 0

  1. The VPN has established and is functioning normally.

  2. There is an asymmetric routing issue.

  3. The remote peer is not receiving encrypted traffic.

  4. The remote peer is not able to decrypt traffic.

  5. Packet corruption is occurring on the path between the two peers.

Answer: E

Question No: 37

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue?

  1. IKEv2 is blocked over the path.

  2. UserGroup must be different than the name of the connection profile.

  3. The primary protocol should be SSL.

  4. UserGroup must be the same as the name of the connection profile.

Answer: D

Question No: 38

An engineer is configuring an IPsec VPN with IKEv2. Which three components are part of the IKEv2 proposal for this implementation? (Choos three.)

  1. key ring

  2. DH group

  3. integrity

  4. tunnel name

  5. encryption

Answer: C,D,E

Question No: 39

Which two statements regarding IKEv2 are true per RFC 4306? (Choose two.)

  1. It is compatible with IKEv1.

  2. It has at minimum a nine-packet exchange.

  3. It uses aggressive mode.

  4. NAT traversal is included in the RFC.

  5. It uses main mode.

  6. DPD is defined in RFC 4309.

  7. It allows for EAP authentication.

Answer: D,G

Question No: 40

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.)

  1. crypto ikev2 keyring keyring-name peer peer1

    address 209.165.201.1 255.255.255.255

    pre-shared-key local key1 pre-shared-key remote key2

  2. crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmac

    esp-aes esp-sha-hmac

  3. crypto ikev2 map crypto-map-name

    set crypto ikev2 tunnel-group tunnel-group-name set crypto ikev2 transform-set transform-set-name

  4. crypto ikev2 tunnel-group tunnel-group-name match identity remote address 209.165.201.1

    authentication local pre-share authentication remote pre-share

  5. crypto ikev2 profile profile-name

match identity remote address 209.165.201.1 authentication local pre-share

authentication remote pre-share

Answer: A,E

100% Free Download!
Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-209 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE