New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM
QUESTION 106
A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company’s SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company’s requirement? (Choose two).
A. AnyConnect client
B. Smart Tunnels
C. Email Proxy
D. Content Rewriter
E. Portal Customizations
Answer: AB
QUESTION 107
Refer to the exhibit. Which authentication method was used by the remote peer to prove its identity?
A. Extensible Authentication Protocol
B. certificate authentication
C. pre-shared key
D. XAUTH
Answer: C
QUESTION 108
Refer to the exhibit. An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB. Which configuration error is causing the failure?
A. IKEv2 routing requires certificate authentication, not pre-shared keys.
B. An invalid administrative distance value was configured.
C. The match identity command must refer to an access list of routes.
D. The IKEv2 authorization policy is not referenced in the IKEv2 profile.
Answer: B
QUESTION 109
Refer to the exhibit. An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed?
A. No configuration change is necessary. Everything is working correctly.
B. OSPFv3 needs to be configured on the interface.
C. NHRP needs to be configured to provide NBMA mapping.
D. Tunnel mode needs to be changed to GRE IPv4.
E. Tunnel mode needs to be changed to GRE IPv6.
Answer: D
QUESTION 110
Refer to the exhibit. The IKEv2 tunnel between Router1 and Router2 is failing during session establishment. Which action will allow the session to establish correctly?
A. The address command on Router2 must be narrowed down to a /32 mask.
B. The local and remote keys on Router2 must be switched.
C. The pre-shared key must be altered to use only lowercase letters.
D. The local and remote keys on Router2 must be the same.
Answer: B
QUESTION 111
A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing traffic to be blackholed. Which command should be used to identify the peer from which that route originated?
A. show crypto ikev2 sa detail
B. show crypto route
C. show crypto ikev2 client flexvpn
D. show ip route eigrp
E. show crypto isakmp sa detail
Answer: A
QUESTION 112
You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto isakmp command on the headend router, you see the following output. What does this output suggest?
1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0
1d00h: ISAKMP (0:1); no offers accepted!
1d00h: ISAKMP (0:1): SA not acceptable!
1d00h: %CRYPTO-6-IKMP_MODE_FAILURE.
Processing of Main Mode failed with peer at 10.10.10.10
A. Phase 1 policy does not match on both sides.
B. The transform set does not match on both sides.
C. ISAKMP is not enabled on the remote peer.
D. There is a mismatch in the ACL that identifies interesting traffic.
Answer: A
QUESTION 113
You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest?
1d00h: IPSec (validate_proposal): transform proposal
(port 3, trans 2, hmac_alg 2) not supported
1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0
1d00h: ISAKMP (0:2) SA not acceptable
A. Phase 1 policy does not match on both sides.
B. The Phase 2 transform set does not match on both sides.
C. ISAKMP is not enabled on the remote peer.
D. The crypto map is not applied on the remote peer.
E. The Phase 1 transform set does not match on both sides.
Answer: B
QUESTION 114
Which adaptive security appliance command can be used to see a generic framework of the requirements for configuring a VPN tunnel between an adaptive security appliance and a Cisco IOS router at a remote office?
A. vpnsetup site-to-site steps
B. show running-config crypto
C. show vpn-sessiondb l2l
D. vpnsetup ssl-remote-access steps
Answer: A
QUESTION 115
After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?
interfacE. Tunnel100
Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10
protected vrF. (none)
local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0)
current_peer 209.165.200.230 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836
#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211
#pkts compresseD. 0, #pkts decompresseD. 0
#pkts not compresseD. 0, #pkts compr. faileD. 0
#pkts not decompresseD. 0, #pkts decompress faileD. 0
#send errors 0, #recv errors 0
A. The VPN has established and is functioning normally.
B. There is an asymmetric routing issue.
C. The remote peer is not receiving encrypted traffic.
D. The remote peer is not able to decrypt traffic.
E. Packet corruption is occurring on the path between the two peers.
Answer: E
New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (406 Q&As –> 423 Q&As –> 462 Q&As)
P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM