This page was exported from Quickly Pass Test With Lead2pass New Brain Dumps [ ] Export date:Sat Jan 16 9:36:50 2021 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Lead2pass Cisco 300-209 Latest Exam Dumps Download (241-260) --------------------------------------------------- 2017 November Cisco Official New Released 300-209 Dumps in! 100% Free Download! 100% Pass Guaranteed! Although the Cisco 300-209 dumps are very popular, Lead2pass offers a wide range of Cisco 300-209 exam dumps and will continue to release new study guide to meet the rapidly increasing demand of the IT industry. Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 241A network engineer is troubleshooting a site VPN tunnel configured on a Cisco ASA and wants to validate that the tunnel is sending and receiving traffic. Which command accomplishes this task? A.    show crypto ikev1 sa peerB.    show crypto ikev2 sa peerC.    show crypto ipsec sa peerD.    show crypto isakmp sa peerAnswer: C QUESTION 242When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC? A.    address assignmentB.    DHCP configurationC.    tunnel group attributesD.    host file misconfiguration Answer: DExplanation: QUESTION 243Which two commands are include in the command show dmvpn detail? (Choose two.) A.    Show ip nhrpB.    Show ip nhrp nhsC.    Show crypto ipsec sa detailD.    Show crypto session detailE.    Show crypto sockets Answer: BDExplanation:show dmvpn detail” returns the output of show ip nhrp nhs, show dmvpn,and show crypto session detail QUESTION 244An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue? A.    Change DMVPN timeout values.B.    Adjust the MTU size within the routers.C.    Replace certificate on the RDP server.D.    Add RDP port to the extended ACL. Answer: BExplanation:Answers A and C do not make sense.Answer D is valid only for split tunneling…if we want to pass the RDP traffic off tunnel. The ACL configured to establish the DMVPN tunnel only need udp 500/4500 and esp (50).Answer B should be correct because voice traffic (UDP) and ping use smaller MTU size and will not be fragmented…and thus will work. RDP uses TCP / 3389 and isn't fault tolerant. QUESTION 245Which feature is a benefit of Dynamic Multipoint VPN? A.    geographic filtering of spoke devicesB.    translation PATC.    rotating wildcard preshared keysD.    dynamic spoke-to spoke tunnel establishment Answer: D QUESTION 246An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco ISO router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message "Use a browser to gain access." Which action does the engineer take to eliminate this issue? A.    Reset user login credentials.B.    Disable the HTTP server.C.    Correct the URL address.D.    Connect using HTTPS. Answer: BExplanation: QUESTION 247Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only. Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?   A.    no inverse arpB.    neighbor (ip address)C.    no ip split-horizon egrp 1D.    redistribute static Answer: C QUESTION 248Which algorithm provides both encryption and authentication for plane communication? A.    RC4B.    SHA-384C.    AES-256D.    SHA-96E.    3DESF.    AES-GCM Answer: F QUESTION 249Refer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?   A.    same-security-traffic permit inter-interfaceB.    same-security-traffic permit intra-interfaceC.    dns-server value    split-tunnel-network list Answer: B QUESTION 250Which statement regarding GET VPN is true? A.    When you implement GET VPN with VRFs, all VHFs must be defined in the GDOI group configuration on the key server.B.    T ne pseudotime that is used for replay checking is synchronized via NTP.C.    Group members must acknowledge all KEK and TEK rekeys, regardless of configuration.D.    TEK rekesys can be load-balanced between two key servers operating in COOP.E.    The configuration that defines which traffic to encrypt is present only on the key server. Answer: E QUESTION 251Which two statements comparing ECC and RSA are true? (Choose two.) A.    Key generation in FCC is slower and more CPU intensive than RSA.B.    ECC can have the same security as RSA but with a shorter key sizeC.    Key generation in ECC is faster and less CPU intensive than RSA.D.    ECC cannot have the same security as RSA. even with an increased key size.E.    ECC lags m performance when compared with RSA. Answer: BC QUESTION 252Which two options arc purposes of the key server in Cisco IOS GETVPN? (Choose two.) A.    to define group members.B.    to distribute static routing information.C.    to distribute dynamic routing information.D.    to encrypt transit traffic. Answer: AD QUESTION 253Refer to the exhibit. An engineer is troubleshooting a new GRE over IPSEC tunnel. The tunnel is established, but the engineer cannot ping from spoke 1 to spoke 2. Which type of traffic is being blocked?   A.    ESP packets from spoke1 to spoke2B.    ISAKMP packets from spoke2 to spoke1C.    ESP packets from spoke2 to spoke1D.    ISAKMP packets from spoke1 to spoke2 Answer: C QUESTION 254A user is experiencing issues connecting to a Cisco AnyConnect VPN and receives this error message: The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again. Which option is the likely cause of this issue? A.    This Cisco ASA firewall has experienced a failure.B.    The user is entering an incorrect password.C.    The user's operating system is not supported with the ASA's current configuration.D.    The user laptop clock is not synchronized with NTP. Answer: C QUESTION 255Which two operational advantages does GetVPN offer over site-to-site IPsec tunnel in a private MPLS-based core network? (Choose two.) A.    Key servers perform encryption and decryption of all the data in the network, which allows for tight security policies.B.    Traffic uses one VRF to encrypt data and a different on to decrypt data, which allows for multicast traffic isolation.C.    GETVPN is tunnel-less, which allows any group member to perform decryption and routing around network failures.D.    Packets carry original source and destination IP addresses, which allows for optimal routing of encrypted traffic.E.    Group Domain of Interpretation protocol allows for homomorphic encryption, which allows group members to operate on messages without decrypting them Answer: CDExplanation: QUESTION 256An administrator received a report that a user cannot connect to the headquarters site using Cisco AnyConnect and receives this error. The installer was not able to start the Cisco VPN client, clientless access is not available, Which option is a possible cause for this error? A.    The client version of Cisco AnyConnect is not compatible with the Cisco ASA software image.B.    The operating system of the client machine is not supported by Cisco AnyConnect.C.    The driver for Cisco AnyConnect is outdatate.D.    The installed version of Java is not compatible with Cisco AnyConnect. Answer: A QUESTION 257Scenario:You are the senior network security administrator for your organization. Recently and juniorengineer configured a site-to-site IPsec VPN connection between your headquarters CiscoASA and a remote branch office.You are now tasked with verifying the IKEvl IPsec installation to ensure it was properlyconfigured according to designated parameters. Using the CLI on both the Cisco ASA andbranch ISR, verify the IPsec configuration is properly configured between the two sites.NOTE: the show running-config command cannot be used for this exercise. Topology:  What is being used as the authentication method on Die branch ISR? A.    CertificatesB.    Pre-shared keysC.    RSA public keysD.    Diffie-Hellman Group 2 Answer: D QUESTION 258Using the Next Generation Encryption technologies, which is the minimum acceptable encryption level to protect sensitive information? A.    AES 92 bitsB.    AES 128 bitsC.    AES 256 bitsD.    AES 512 bits Answer: B QUESTION 259An engineer is configuring an IPsec VPN with IKEv2. Which three components are part of the IKEv2 proposal for this implementation? (Choos three.) A.    key ringB.    DH groupC.    integrityD.    tunnel nameE.    encryption Answer: BCE QUESTION 260Which command can be used to troubleshoot an IPv6 FlexVPN spoke-to-hub connectivity failure? A.    show crypto lkev2 client flexvpnB.    show crypto identityC.    show crypto isakmp saD.    show crypto gkm Answer: A Lead2pass offers the latest Cisco 300-209 dumps and a good range of Cisco Certification 300-209 answers. Most of our Cisco 300-209 exam dumps are exclusively prepared by the best brains and highly skilled professionals from the IT domain to ensure 100% pass in your Cisco 300-209 Exam. More 300-209 new questions (with images) on Google Drive: 2017 Cisco 300-209 exam dumps (All 319 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-11-02 04:03:55 Post date GMT: 2017-11-02 04:03:55 Post modified date: 2017-11-02 04:03:55 Post modified date GMT: 2017-11-02 04:03:55 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from