This page was exported from Easily Pass By Training Lead2pass Latest Dumps [ https://www.freebraindump.com ] Export date:Tue Jan 21 0:53:28 2025 / +0000 GMT ___________________________________________________ Title: [PDF&VCE] Lead2pass Provides Latest Exam 300-209 Dumps VCE For Free Downloading (41-60) --------------------------------------------------- 2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Good news, Lead2pass has updated the 300-209 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 300-209 exam easily. Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html QUESTION 41Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? A.    group 10B.    group 24C.    group 5D.    group 20 Answer: D QUESTION 42What is the Cisco recommended TCP maximum segment on a DMVPN tunnel interface when the MTU is set to 1400 bytes? A.    1160 bytesB.    1260 bytesC.    1360 bytesD.    1240 bytes Answer: C QUESTION 43Which technology does a multipoint GRE interface require to resolve endpoints? A.    ESPB.    dynamic routingC.    NHRPD.    CEFE.    IPSec Answer: C QUESTION 44Which two cryptographic technologies are recommended for use with FlexVPN? (Choose two.) A.    SHA (HMAC variant)B.    Diffie-HellmanC.    DESD.    MD5 (HMAC variant) Answer: AB QUESTION 45Which command configures IKEv2 symmetric identity authentication? A.    match identity remote address 0.0.0.0B.    authentication local pre-shareC.    authentication pre-shareD.    authentication remote rsa-sig Answer: D QUESTION 46Which two examples of transform sets are contained in the IKEv2 default proposal? (Choose two.) A.    aes-cbc-192, sha256, 14B.    3des, md5, 5C.    3des, sha1, 1D.    aes-cbc-128, sha, 5 Answer: BD QUESTION 47What is the default storage location of user-level bookmarks in an IOS clientless SSL VPN? A.    disk0:/webvpn/{context name}/B.    disk1:/webvpn/{context name}/C.    flash:/webvpn/{context name}/D.    nvram:/webvpn/{context name}/ Answer: C QUESTION 48Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN? A.    vpn-filter noneB.    no vpn-filterC.    filter value noneD.    filter value ACLname Answer: C QUESTION 49Which command specifies the path to the Host Scan package in an ASA AnyConnect VPN? A.    csd hostscan path imageB.    csd hostscan image pathC.    csd hostscan pathD.    hostscan image path Answer: B QUESTION 50Hotspot QuestionsWhen a tunnel is initiated by the headquarter ASA, which one of the following Diffie- Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange? A.    1B.    2C.    5D.    14E.    19 Answer: CExplanation:Traffic initiated by the HQ ASA is assigned to the static outside crypto map, which shown below to use DH group 5. QUESTION 51Hotspot Questions Based on the provided ASDM configuration for the remote ASA, which one of the following is correct? A.    An access-list must be configured on the outside interfaceto permit inbound VPN trafficB.    A route to 192.168.22.0/24 will not be automatically installed in the routing tableC.    The ASA will use a window of 128 packets (64x2) to perform the anti-replay check _D.    The tunnel can also be established on TCP port 10000 Answer: CExplanation:Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets. QUESTION 52Hotspot Questions If the IKEv2 tunnel were to establish successfully, which encryption algorithm would be used to encrypt traffic? A.    DESB.    3DESC.    AESD.    AES192E.    AES256 Answer: EExplanation:Both ASA's are configured to support AES 256, so during the IPSec negotiation they will use the strongest algorithm that is supported by each peer. QUESTION 53Hotspot Questions After implementing the IKEv2 tunnel, it was observed that remote users on the 192.168.33.0/24 network are unable to access the internet. Which of the following can be done to resolve this problem? A.    Change the Diffie-Hellman group on the headquarter ASA to group5forthe dynamic crypto mapB.    Change the remote traffic selector on the remote ASA to 192.168.22.0/24C.    Change to an IKEvI configuration since IKEv2 does not support a full tunnel with static peersD.    Change the local traffic selector on the headquarter ASA to 0.0.0.0/0E.    Change the remote traffic selector on the headquarter ASA to 0.0.0.0/0 Answer: BExplanation:The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 to 192.168.22.0/24. QUESTION 54Hotspot Questions Which option shows the correct traffic selectors for the child SA on the remote ASA, when the headquarter ASA initiates the tunnel? A.    Local selector 192.168.33.0/0-192.168.33.255/65535Remote selector 192.168.20.0/0-192.168.20.255/65535B.    Local selector 192.168.33.0/0-192.168.33.255/65535Remote selector 192.168.22.0/0-192.168.22.255/65535C.     Local selector 192.168.22.0/0-192.168.22.255/65535Remote selector 192.168.33.0/0-192.168.33.255/65535D.     Local selector 192.168.33.0/0-192.168.33.255/65535Remote selector 0.0.0.0/0 - 0.0.0.0/65535E.     Local selector 0.0.0.0/0 - 0.0.0.0/65535Remote selector 192.168.22.0/0 -192.168.22.255/65535 Answer: BExplanation:The traffic selector is used to determine which traffic should be protected (encrypted over the IPSec tunnel). We want this to be specific, otherwise Internet traffic will also be sent over the tunnel and most likely dropped on the remote side. Here, we just want to protect traffic from 192.168.33.0/24 (THE LOCAL SIDE) to 192.168.22.0/24 (THE REMOTE SIDE). QUESTION 55Lab SimulationAnswer:Step 1: configure key ringcrypto ikev2 keyring mykeyspeer SiteB.cisco.comaddress 209.161.201.1pre-shared-key local SiteApre-shared key remote SiteBStep 2: Configure IKEv2 profileCrypto ikev2 profile defaultidentity local fqdn SiteA.cisco.comMatch identity remote fqdn SiteB.cisco.comAuthentication local pre-shareAuthentication remote pre-shareKeyring local mykeysStep 3: Create the GRE Tunnel and apply profilecrypto ipsec profile defaultset ikev2-profile defaultInterface tunnel 1ip address 10.1.1.1Tunnel source eth 0/0Tunnel destination 209.165.201.1tunnel protection ipsec profile defaultend QUESTION 56Which two are characteristics of GETVPN? (Choose two.) A.    The IP header of the encrypted packet is preservedB.    A key server is elected among all configured Group MembersC.    Unique encryption keys are computed for each Group MemberD.    The same key encryption and traffic encryption keys are distributed to all Group Members Answer: AD QUESTION 57A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two arevalid configuration constructs on a Cisco IOS router? (Choose two.) A.    crypto ikev2 keyring keyring-namepeer peer1address 209.165.201.1 255.255.255.255pre-shared-key local key1pre-shared-key remote key2B.    crypto ikev2 transform-set transform-set-name esp-3des esp-md5-hmacesp-aes esp-sha-hmacC.    crypto ikev2 map crypto-map-nameset crypto ikev2 tunnel-group tunnel-group-nameset crypto ikev2 transform-set transform-set-nameD.    crypto ikev2 tunnel-group tunnel-group-namematch identity remote address 209.165.201.1authentication local pre-shareauthentication remote pre-shareE.    crypto ikev2 profile profile-namematch identity remote address 209.165.201.1authentication local pre-shareauthentication remote pre-share Answer: AE QUESTION 58Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) A.    authenticates group membersB.    manages security policyC.    creates group keysD.    distributes policy/keysE.    encrypts endpoint trafficF.    receives policy/keysG.    defines group members Answer: ABCD QUESTION 59Where is split-tunneling defined for remote access clients on an ASA? A.    Group-policyB.    Tunnel-groupC.    Crypto-mapD.    Web-VPN PortalE.    ISAKMP client Answer: A QUESTION 60Which of the following could be used to configure remote access VPN Host-scan and pre- login policies? A.    ASDMB.    Connection-profile CLI commandC.    Host-scan CLI command under the VPN group policyD.    Pre-login-check CLI command Answer: A Once there are some changes on 300-209 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition. 300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00 2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass: http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: http://examgod.com/l2pimage/378999374274_C90B/501_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/502_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/503_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/511_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/512_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/513_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/521_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/522_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/523_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/531_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/532_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/533_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/541_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/542_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/543_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/551_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/552_thumb.jpg http://examgod.com/l2pimage/378999374274_C90B/553_thumb.jpg --------------------------------------------------- --------------------------------------------------- Post date: 2016-10-18 06:47:27 Post date GMT: 2016-10-18 06:47:27 Post modified date: 2016-10-18 06:47:27 Post modified date GMT: 2016-10-18 06:47:27 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com