New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
QUESTION 126
When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.)
A. Clear the browser history.
B. Clear the browser and Java cache.
C. Collect the information from the computer event log.
D. Enable and use HTML capture tools.
E. Gather crypto debugs on the adaptive security appliance.
F. Use Wireshark to capture network traffic.
Answer: BDF
QUESTION 127
A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.)
A. debug aaa authentication
B. debug radius
C. debug vpn authorization error
D. debug ssl openssl errors
E. debug webvpn aaa
F. debug ssl error
Answer: ABE
QUESTION 128
Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?
A. show vpn-sessiondb summary
B. show crypto ikev1 sa
C. show vpn-sessiondb ratio encryption
D. show iskamp sa detail
E. show crypto protocol statistics all
Answer: A
QUESTION 129
Which command is used to determine how many GMs have registered in a GETVPN environment?
A. show crypto isakmp sa
B. show crypto gdoi ks members
C. show crypto gdoi gm
D. show crypto ipsec sa
E. show crypto isakmp sa count
Answer: B
QUESTION 130
On which Cisco platform are dynamic virtual template interfaces available?
A. Cisco Adaptive Security Appliance 5585-X
B. Cisco Catalyst 3750X
C. Cisco Integrated Services Router Generation 2
D. Cisco Nexus 7000
Answer: C
QUESTION 131
Refer to the exhibit. Which statement about the given IKE policy is true?
A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.
B. It will use encrypted nonces for authentication.
C. It has a keepalive of 60 minutes, checking every 5 minutes.
D. It uses a 56-bit encryption algorithm.
Answer: B
QUESTION 132
Refer to the exhibit. Which two statements about the given configuration are true? (Choose two.)
A. Defined PSK can be used by any IPSec peer.
B. Any router defined in group 2 will be allowed to connect.
C. It can be used in a DMVPN deployment.
D. It is a LAN-to-LAN VPN ISAKMP policy.
E. It is an AnyConnect ISAKMP policy.
F. PSK will not work as configured.
Answer: AC
QUESTION 133
Refer to the exhibit. What technology does the given configuration demonstrate?
A. Keyring used to encrypt IPSec traffic
B. FlexVPN with IPV6
C. FlexVPN with AnyConnect
D. Crypto Policy to enable IKEv2
Answer: B
QUESTION 134
Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface?
A. ip unnumbered interface
B. eigrp router-id
C. passive-interface interface name
D. ip split-horizon eigrp as number
Answer: A
QUESTION 135
Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN users?
A. Trusted Network Detection
B. Datagram Transport Layer Security
C. Cisco AnyConnect Customization
D. banner message
Answer: A
New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
