[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.11

Which two features are required when configuring a DMVPN network? (Choose two.)

  1. Dynamic routing protocol

  2. GRE tunnel interface

  3. Next Hop Resolution Protocol

  4. Dynamic crypto map

  5. IPsec encryption

Correct Answer: BC

Question No.12

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?

  1. NHRP Event Publisher

  2. interface state control

  3. CAC

  4. NHRP Authentication

  5. ip nhrp connect

Correct Answer: C

Question No.13

An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?

  1. Change DMVPN timeout values.

  2. Adjust the MTU size within the routers.

  3. Replace certificate on the RDP server.

  4. Add RDP port to the extended ACL.

Correct Answer: C

Question No.14

Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?

  1. The Cisco AnyConnect Secure Mobility Client must be installed in flash.

  2. A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway.

  3. A Cisco plug-in must be installed on a SiteMinder server.

  4. The Cisco Secure Desktop software package must be installed in flash.

Correct Answer: C

Question No.15

Refer to the exhibit. Which technology is represented by this configuration?

image

  1. AAA for FlexVPN

  2. AAA for EzVPN

  3. TACACS command authorization

  4. local command authorization

Correct Answer: A

Question No.16

Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?

  1. site-to-site

  2. business-to-business

  3. Clientless SSL

  4. DMVPN

Correct Answer: C

Question No.17

Which cryptographic algorithms are approved to protect Top Secret information?

  1. HIPPA DES

  2. AES-128 C. RC4-128

D. AES-256

Correct Answer: D

Question No.18

An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do?

  1. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.

  2. Enable the local LAN access option on the IPsec client.

  3. Enable the IPsec over TCP option on the IPsec client.

  4. Enable the clientless SSL VPN option on the PC.

Correct Answer: C

Explanation:

IP Security (IPSec) over Transmission Control Protocol (TCP) enables a VPN Client to operate in an environment in which standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, User Datagram Protocol (UDP) 500) cannot function, or can function only with modification to existing firewall rules. IPSec over TCP encapsulates both the IKE and IPSec protocols within a TCP packet, and it enables secure tunneling through both Network Address Translation (NAT) and Port Address Translation (PAT) devices and firewalls

Question No.19

You have been using pre-shared keys for IKE authentication on your VPN. Your network has grown rapidly, and now you need to create VPNs with numerous IPsec peers. How can you enable scaling to numerous IPsec peers?

  1. Migrate to external CA-based digital certificate authentication.

  2. Migrate to a load-balancing server.

  3. Migrate to a shared license server.

  4. Migrate from IPsec to SSL VPN client extended authentication.

Correct Answer: A

Question No.20

Which three configurations are prerequisites for stateful failover for IPsec? (Choose three.)

  1. Only the IKE configuration that is set up on the active device must be duplicated on the standby device; the IPsec configuration is copied automatically.

  2. Only crypto map configuration that is set up on the active device must be duplicated on the

    standby device.

  3. The IPsec configuration that is set up on the active device must be duplicated on the standby device.

  4. The active and standby devices can run different versions of the Cisco IOS software but need to be the same type of device.

  5. The active and standby devices must run the same version of the Cisco IOS software and should be the same type of device.

  6. Only the IPsec configuration that is set up on the active device must be duplicated on the standby device; the IKE configuration is copied automatically.

  7. The IKE configuration that is set up on the active device must be duplicated on the standby device.

Correct Answer: CEG

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress