New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
NEW QUESTION 331
An engineer is troubleshooting IPsec VPN and wants to check the inbound and outbound data plane security association built between peers. Which command must be run?
A. show crypto esp sa
B. show crypto isakmp sa
C. show crypto ipsec sa
D. show crypto ike sa
Answer: C
NEW QUESTION 332
During a SSL session between a client and a server, who is the responsible for generating the master key that generates the symmetric keys that are used during the session?
A. public key infrastructure
B. client browser
C. web server
D. cipher suite
Answer: B
NEW QUESTION 333
An engineer is troubleshooting IPsec VPN and wants to review the IKE connectivity status between peers. Which IKE status indicates that all is running properly?
A. AG_AUTH
B. QM_IDLE
C. MM_SA_SETUP
D. AC_INT_EXCH
Answer: B
NEW QUESTION 334
An engineer is configuring clientless VPN. The finance department has a database server that only they should access but the sales department can currently access it. The finance and the sales department are configured as separate group-policies. Which option must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. port forwarding
C. VPN filter ACL
D. webtype ACL
Answer: D
NEW QUESTION 335
Which two option are features of CISCO GET VPN? (Choose two.)
A. uses public internet
B. use mGRE
C. provides point-to-point IPsec SA
D. provides encryption for MPLS
E. allows for optimal routing
Answer: DE
NEW QUESTION 336
Which header is used when a data plane IPsec packet is created?
A. IKEv1
B. AES
C. SHA
D. ESP
Answer: D
NEW QUESTION 337
Which access list are used in a typical IPsec VPN configuration?
A. ACL to define policy based routing
B. ACL for routing policy neighbors accross the tunnel
C. ACL to NAT traffic accross the VPN tunnel
D. ACL to define what traffic to exempt from NAT
Answer: D
NEW QUESTION 338
Which two options are benefits of IKEv2 over IKEv1? (Choose two.)
A. IKEv2 supports NAT traversal whereas IKEv1 cannot.
B. IKEv2 supports EAP for remote access connections.
C. IKEv2 supports sending identifiers in clear text.
D. IKEv2 supports stronger encryption ciphers than IKEv1.
E. IKEv2 supports public key encryption whereas IKEv1 does not.
Answer: BC
NEW QUESTION 339
Dynamic access policies can support several posture assessment methods to collect endpoint security attributes. From which operating system does an endpoint collect information?
A. CISCO NAC
B. Advanced Endpoint Assessment
C. Host Scan
D. CISCO Secure Desktop
Answer: A
NEW QUESTION 340
Which parameter in Ipsec VPN tunnel configurations is optional?
A. lifetime
B. Perfect Forward Secrecy
C. encryption
D. hash
Answer: B
NEW QUESTION 341
An engineer is troubleshooting DMVPN and has entered the show crypto isakmp sa command. What can be verified with the output of this command?
A. NHRP registration is complete
B. the mGRE tunnel key matches the remote peer
C. per-Qos policies have been applied
D. IKE connectivity to branch offices has been established
Answer: D
NEW QUESTION 342
A CISCO AnyConnect client establishes a SSL VPN connection with ASA at the corporate office. The client has not established SSL VPN connection in some time. An Engineer wants to make sure the client computer meets the enterprise security policy. Which feature can update a client to meet an enterprise security policy?
A. FreePOWER Advanced Malware Production
B. EndPoint Assessment
C. Basic Host Scan
D. Advanced Endpoint Assessment
Answer: D
NEW QUESTION 343
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)
A. one IPsec SA for all encrypted traffic
B. no requirement for an overlay routing protocol
C. design for use over public or private WAN
D. sequence numbers that enable scalable replay checking
E. enabled use of ESP or AH
F. preservation of IP protocol in outer header
Answer: BF
NEW QUESTION 344
Which command configures IKEv2 symmetric identity authentication?
A. match identity remote address 0.0.0.0
B. authentication local pre-share
C. authentication pre-share
D. authentication remote rsa-sig
Answer: C
NEW QUESTION 345
Which command clears all Cisco AnyConnect VPN sessions on a Cisco ASA?
A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. clear crypto isakmp sa
D. vpn-sessiondb logoff l2l
Answer: A
NEW QUESTION 346
The following configuration steps have been completed:
— WebVPN was enabled on the ASA outside interface.
— SSL VPN client software was loaded to the ASA.
— A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the ASA SSL page?
A. The SSL client must be loaded to the client by an ASA administrator.
B. The SSL client must be downloaded to the client via FTP.
C. The SSL VPN client must be enabled on the ASA after loading.
D. The SSL client must be enabled on the client machine before loading.
Answer: C
NEW QUESTION 347
Which command will allow a referenced ASA interface to become accessible across a site-to-site VPN?
A. access-list 101 extended permit ICMP any any
B. crypto map vpn 10 match address 101
C. crypto map vpn interface inside
D. management-access
Answer: D
NEW QUESTION 348
Which header is used when a data plane IPsec packet is created?
A. IKEv1
B. AES
C. SHA
D. ESP
Answer: D
NEW QUESTION 349
……
New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM