[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-209 Dumps with VCE and PDF Download 91-100

Dumps4cert 2017 Nov Cisco Official New Released 300-209
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-209.html

Implementing Cisco Secure Mobility Solutions

Question No: 91

Which protocol can be used for better throughput performance when using Cisco AnyConnect VPN?

  1. TLSv1

  2. TLSv1.1

  3. TLSv1.2

  4. DTLSv1

Answer: D

Question No: 92

Which three types of SSO functionality are available on the Cisco ASA without any external SSO servers? (Choose three.)

  1. SAML

  2. HTTP POST

  3. HTTP Basic

  4. NTLM

  5. Kerberos

  6. OAuth 2.0

Answer: B,C,D

Question No: 93

Which statement about plug-ins is false?

  1. Plug-ins do not require any installation on the remote system.

  2. Plug-ins require administrator privileges on the remote system.

  3. Plug-ins support interactive terminal access.

  4. Plug-ins are not supported on the Windows Mobile platform.

Answer: B Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/ deployhtml#wp1162435

Plug-ins

The security appliance supports Java plug-ins for clientless SSL VPN connections. Plug-ins are Java programs that operate in a browser. These plug-ins include SSH/Telnet, RDP, VNC, and Citrix.

Per the GNU General Public License (GPL), Cisco redistributes plug-ins without making any changes to them.

Per the GPL, Cisco cannot directly enhance these plug-ins.

To use plug-ins you must install Java Runtime Environment (JRE) 1.4.2.x or greater. You must also use a compatible browser specified here:http://www.cisco.com/en/US/docs/security/asa/compatibility/asa-vpncompatibility.html

Question No: 94

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

A new NOC engineer is troubleshooting a VPN connection.

Which statement about the fields within the Cisco VPN Client Statistics screen is correct?

  1. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC.

  2. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2.

  3. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using.

  4. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off.

  5. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets.

Answer: B

Question No: 95

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

Which VPN solution does this configuration represent?

  1. Cisco AnyConnect

  2. IPsec

  3. L2TP

  4. SSL VPN

Answer: B

Question No: 96

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication.

Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?

  1. FTP

  2. LDAP

  3. HTTPS

  4. SCEP

  5. OCSP

Answer: D Explanation:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cert_cfg.html

About CRLs

Certificate Revocation Lists provide the security appliance with one means of determining whether a certificate that is within its valid time range has been revoked by its issuing CA. CRL configuration is a part of the configuration of a trustpoint.

You can configure the security appliance to make CRL checks mandatory when authenticating a certificate (revocation-check crl command). You can also make the CRL check optional by adding the none argument (revocation-check crl none command), which

allows the certificate authentication to succeed when the CA is unavailable to provide updated CRL data.

The security appliance can retrieve CRLs from CAs using HTTP, SCEP, or LDAP. CRLs retrieved for each trustpoint are cached for a length of time configurable for each trustpoint. When the security appliance has cached a CRL for more than the length of time it is configured to cache CRLs, the security appliance considers the CRL too old to be reliable, or quot;stalequot;. The security appliance attempts to retrieve a newer version of the CRL the next time a certificate authentication requires checking the stale CRL.

Question No: 97

Which two parameters help to map a VPN session to a tunnel group without using the tunnel-group list? (Choose two.)

  1. group-alias

  2. certificate map

  3. use gateway command

  4. group-url

  5. AnyConnect client version

Answer: B,D

Question No: 98

Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

  1. enrollment profile

  2. enrollment terminal

  3. enrollment url

  4. enrollment selfsigned

Answer: A

Question No: 99

What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?

  1. The hub sends back a resolution reply to the requesting spoke.

  2. The hub updates its own NHRP mapping.

  3. The hub forwards the request to the destination spoke.

  4. The hub waits for the second spoke to send a request so that it can respond to both spokes.

Answer: C

Question No: 100

Which feature do you include in a highly available system to account for potential site failures?

  1. geographical separation of redundant devices

  2. hot/standby failover pairs

  3. Cisco ACE load-balancing with VIP

  4. dual power supplies

Answer: A

100% Free Download!
Download Free Demo:300-209 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-209 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE