New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
NEW QUESTION 433
Which VPN solution enables you to publish applications to users by using bookmarks?
A. IPsec client
B. SSL VPN full network access
C. Clientless SSL VPN
D. Port forward
Answer: C
NEW QUESTION 434
Which command displays the NBMA IP addresses when DMVPN is configured with tunnel protection?
A. show crypto session
B. show ip nhrp
C. show ip interface tunnel
D. show crypto socket
Answer: B
NEW QUESTION 435
Your company network security policy requires that all network traffic be tunneled to the corporate office. End users must be able to access local LAN resources when they connect to the corporate network. Which two configurations do you implement in Cisco AnyConnect? (Choose two.)
A. Split-exclude tunneling
B. Local LAN access
C. Static routes
D. Client Bypass Protocol
E. Tunnel all
Answer: BE
NEW QUESTION 436
Which two methods customize the installation of the Cisco AnyConnect client? (Choose two.)
A. installation profiles
B. command-line parameters
C. client profiles
D. resource profiles
E. installer transforms
Answer: BE
NEW QUESTION 437
Which method dynamically advertises the network routes for remote tunnel endpoints?
A. dynamic routing
B. RRI
C. policy-based routing
D. CEF
Answer: B
NEW QUESTION 438
Which benefit of ECC as compared to RSA is true?
A. requires multiple keys
B. supports Clientless SSL VPN
C. can provide higher security at a lower computational cost
D. can be used on Cisco ASA and Cisco IOS device
Answer: C
NEW QUESTION 439
Which description of how DTLS improves application performance is true?
A. uses connection-oriented sessions
B. creates less overhead by using UDP
C. avoids bandwidth and latency issues
D. uses a flow control mechanism
Answer: C
NEW QUESTION 440
Where must an engineer configure a preshared key for site-to-site VPN tunnel configured on a Cisco ASA?
A. crypto map
B. group policy
C. tunnel group
D. isakmp policy
Answer: C
NEW QUESTION 441
You need to configure your company’s client VPN access to send antivirus client update traffic directly to a vendor’s cloud server. All other traffic must go to the corporate network. Which feature do you configure?
A. split tunnel
B. smart tunnel
C. full tunnel
D. split DNS
Answer: A
NEW QUESTION 442
Which two features are available in the Plus license for Cisco AnyConnect? (Choose two.)
A. Suite B cryptography
B. Ipsec IKEv2
C. Clientless SSL VPN
D. Network Access Manager
E. Posture services
Answer: DE
NEW QUESTION 443
Which VPN technology preserves IP headers and prevents overlay routing?
A. site-to-site VPN
B. GET VPN
C. Cisco Easy VPN
D. DMVPN
Answer: B
NEW QUESTION 444
Which cryptographic method provides passphrase protection while importing or exporting keys?
A. AES
B. RSA
C. Serpent
D. Blowfish
Answer: B
NEW QUESTION 445
You are configuring a Cisco ASA for Clientless SSL VPN. Which command do you run to prevent web browsing from the Cisco SSL VPN portal page?
A. url-list disable
B. http server disable
C. http-proxy 0.0.0.0
D. url-entry disable
Answer: D
NEW QUESTION 446
You must implement DMVPN Phase 3 by using EIGRP as the dynamic routing protocol for the tunnel overlay. Which action do you take to allow EIGRP to advertise all routes between the hub and all the spokes?
A. Summarize routes from the hub to the spokes.
B. Disable split-horizon for EIGRP on the hub.
C. Configure the hub to set itself as the next hop when advertising networks to the spoke.
D. Add a distribute list to permit the spoke subnets and deny all other networks.
Answer: B
NEW QUESTION 447
When a Cisco ASA is configured for Active/Standby failover, what is replicated between the devices?
A. HostScan images
B. Cisco AnyConnect profiles
C. VPN sessions
D. Cisco AnyConnect images
Answer: C
NEW QUESTION 448
When configuring a FlexVPN, which two components must be configured for IKEv2? (Choose two.)
A. persistence
B. profile
C. proposal
D. preference
E. method
Answer: BC
NEW QUESTION 449
What is a functional difference between IKEV1 and IKEV2 on a router?
A. HSRP
B. RRI
C. DPD
D. Stateful Failover
Answer: C
NEW QUESTION 450
Which two descriptions of the characteristics of Cisco GET VPN are true? (Choose two.)
A. provides a tunelless transport mechanism
B. encrypts the data payload and IP header of a packet
C. requires that GRE tunnels exist between participating routers
D. uses a common set of traffic encryption keys shared by group members
E. uses VTIs to establish Ipsec tunnels
Answer: AD
NEW QUESTION 451
When using Clientless SSL VPN on a Cisco ASA, which authentication method is required for single sign-on?
A. TACACS
B. LOCAL
C. RADIUS
D. SAML 2.0
Answer: D
NEW QUESTION 452
……
New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
