New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
NEW QUESTION 366
A client has asked an engineer to assist in installing and upgrading to the latest version of Cisco Any Connect Secure and upgrading to the latest version of Cisco Any Connect Secure Mobility Client. Which type of deployment method requires the updated version of the client to be loaded only on the headend device such as an ASA or ISE device?
A. Web-deploy
B. Cloud-deploy
C. Cloud-update
D. Web-update
Answer: A
NEW QUESTION 367
A customer requires site-to-site VPNs to connect to third party business partners and has purchased two ASAs. The customer requests an active/active configuration. Which mode is needed to support and active/active solution?
A. single context
B. NAT context
C. PAT context
D. multiple context
Answer: D
NEW QUESTION 368
An engineer is troubleshooting VPN connectivity issues between a PC and ASA using Cisco AnyConnect IPsec IKEv2. Which requirement must be satisfied for proper functioning?
A. PC certificate must contain the server-auth EKU.
B. The connection must use EAP-AnyConnect.
C. The SAN must be used as the CN for the ASA-side certificates.
D. Profile and binary updates must be downloading over IPSec.
Answer: A
NEW QUESTION 369
An engineer is configuring an IP VPN with IKEv2. Which two components are part of the IKEv2 proposal for this implementation? (Choose two.)
A. Key ring
B. Encryption
C. Tunnel mode
D. Peer name
E. Integrity
Answer: BE
NEW QUESTION 370
An engineer is using DMVPN to provide secure connectivity between a data center and remote sites. Which two routing protocols are recommended for use between the routers? (Choose two.)
A. EIGRP
B. IS-IS
C. RIPv2
D. BGP
E. OSPF
Answer: AE
NEW QUESTION 371
In a FlexVPN deployment, the spokes are successfully connecting to the hub. However, spoke-to-spoke tunnels do not form. Which trouble shooting step is valid for this issue?
A. Verify the spoke configuration to check if the NHRP redirect is enabled.
B. Verify the hub configuration to check if the NHRP shortcut is enabled.
C. Verify the tunnel interface is contained within a VRF.
D. Verify the spoke receives redirect messages and send resolution requests.
Answer: B
NEW QUESTION 372
An engineer is troubleshooting network issues and wants to check the Layer 2 connectivity between routers. Which command must be run?
A. show ip eigrp neighbors
B. show cdp neighbor
C. show crypto isakmp sa
D. show crypto issec sa
Answer: B
NEW QUESTION 373
Witch option is an advantage of using elliptic curve cryptography?
A. efficiency of operation
B. ease of implementation
C. symmetrical key exchange
D. resistance to quantum attacks
Answer: A
NEW QUESTION 374
A company has acquired a competitor whose network infrastructure uses only IPv6. An engineer must configure VPN access sourced from the new company. Which remote access VPN solution must be used?
A. GET VPN
B. Any Connect
C. EzVPN
D. DMVPN
Answer: C
NEW QUESTION 375
Which way to send OSPF routing updates over a site-to-site IPsec tunnel is true?
A. Set the network type for the inside interface to nonbroadcast mode, and add the remote end as an OSPF neighbor.
B. Set the network type for the outside interface to broadcast mode, and add the headend device as an OSPF neighbor.
C. Set the network type for the DMZ interface to nonbroadcast mode, and add the headend as an OSPF neighbor.
D. Set the network type for the outside interface to nonbroadcast mode, and add the remote end as an OSPF neighbor.
Answer: D
NEW QUESTION 376
Which access lists are used in a typical IPsec VPN configuration?
A. ACL to NAT traffic across the VPN tunnel
B. ACL to define policy based routing
C. ACL to define what traffic to exempt from NAT
D. ACL for routing neighbors across the tunnel
Answer: C
NEW QUESTION 377
Which two parameters are specified in the isakmp (IKEv1) policy? (Choose two.)
A. the peer
B. the hashing algorithm
C. the session key
D. the authentication method
E. the transform-set
Answer: AD
NEW QUESTION 378
An engineer is assisting in the continued implementation of a VPN solution and discovers an NHRP server configuration. Which type of VPN solution has been implemented?
A. DM VPN
B. IPsec VPN
C. SSL VPN
D. GET VPN
Answer: A
NEW QUESTION 379
Which two options are purposes of the key server in Cisco IOS GETVPN? (Choose two.)
A. to distributed static routing information
B. to authenticate group members
C. to define and distribute security policies
D. to distribute dynamic routing information
E. to encrypt transit data traffic
Answer: BE
NEW QUESTION 380
An engineer is configuring SSL VPN for remote access. A real-time application that is sensitive to packet delays will be used. Which feature should the engineer confirm is enabled to avoid latency and bandwidth problems associated with SSL connections?
A. DTLS
B. DPD
C. SVC
D. IKEv2
Answer: A
NEW QUESTION 381
……
New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: https://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM