[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 61-70

Dumps4cert 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-209.html

Implementing Cisco Secure Mobility Solutions

Question No: 61

Which statement is correct concerning the trusted network detection (TND) feature?

  1. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms.

  2. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network.

  3. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client.

  4. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session.

Answer: D Explanation:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administrat ion/guide/ac03features.html

Trusted Network Detection

Trusted Network Detection (TND) gives you the ability to have AnyConnect automatically disconnect a VPN connection when the user is inside the corporate network (the trusted network) and start the VPN connection when the user is outside the corporate network (the untrusted network). This feature encourages greater security awareness by initiating a VPN connection when the user is outside the trusted network.

If AnyConnect is also running Start Before Logon (SBL), and the user moves into the trusted network, the SBL window displayed on the computer automatically closes.

TND does not interfere with the ability of the user to manually establish a VPN connection.

It does not disconnect a VPN connection that the user starts manually in the trusted network. TND only disconnects the VPN session if the user first connects in an untrusted network and moves into a trusted network. For example, TND disconnects the VPN session if the user makes a VPN connection at home and then moves into the corporate office.

Because the TND feature controls the AnyConnect GUI and automatically initiates connections, the GUI should run at all times. If the user exits the GUI, TND does not automatically start the VPN connection.

You configure TND in the AnyConnect profile. No changes are required to the ASA configuration.

Question No: 62

Which command can be used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure?

  1. show crypto lkev2 client flexvpn

  2. show crypto identity

  3. show crypto isakmp sa

  4. show crypto gkm

Answer: A

Question No: 63

Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.)

  1. SHA (HMAC variant)

  2. Diffie-Hellman

  3. DES

  4. MD5 (HMAC variant)

Answer: A,B

Question No: 64

An administrator received a report that a user cannot connect to the headquarters site using Cisco AnyConnect and receives this error. The installer was not able to start the Cisco VPN client, clientless access is not available, Which option is a possible cause for this error?

  1. The client version of Cisco AnyConnect is not compatible with the Cisco ASA software image.

  2. The operating system of the client machine is not supported by Cisco AnyConnect.

  3. The driver for Cisco AnyConnect is outdatate.

  4. The installed version of Java is not compatible with Cisco AnyConnect.

Answer: C

Question No: 65

Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and a Cisco IOS router at a remote office?

  1. vpnsetup site-to-site steps

  2. show running-config crypto

  3. show vpn-sessiondb l2l

  4. vpnsetup ssl-remote-access steps

Answer: A

Question No: 66

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

Which type of mismatch is causing the problem with the IPsec VPN tunnel?

  1. PSK

  2. Phase 1 policy

  3. transform set

  4. crypto access list

Answer: A

Question No: 67

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic?

  1. DES

  2. 3DES

  3. AES

  4. AES192

  5. AES256

Answer: E Explanation:

Both ASA’s are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer.

Question No: 68

What are two forms of SSL VPN? (Choose two.)

  1. port forwarding

  2. Full Tunnel Mode

  3. Cisco IOS WebVPN

  4. Cisco AnyConnect

Answer: C,D

Question No: 69

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

The ABC Corporation is changing remote-user authentication from pre-shared keys to

certificate-based authentication. For most employee authentication, its group membership (the employees) governs corporate access. Certain management personnel need access to more confidential servers. Access is based on the group and name, such as finance and level_2. When it is time to pilot the new authentication policy, a finance manager is able to access the department-assigned servers but cannot access the restricted servers.

As the network engineer, where would you look for the problem?

  1. Check the validity of the identity and root certificate on the PC of the finance manager.

  2. Change the Management Certificate to Connection Profile Maps gt; Rule Priority to a number that is greater than 10.

  3. Check if the Management Certificate to Connection Profile Maps gt; Rules is configured correctly.

  4. Check if the Certificate to Connection Profile Maps gt; Policy is set correctly.

Answer: D Explanation:

Cisco ASDM User Guide Version 6.1

Dumps4Cert 2017 PDF and VCE

Question No: 70

Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?

  1. IKEv2 Suite-B

  2. IKEv2 proposals

  3. IKEv2 profiles

  4. IKEv2 Smart Defaults

Answer: D

100% Free Download!
Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-209 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE