[PDF&VCE] 2016 100% Valid 300-209 Dumps Guarantee 100% Pass 300-209 Certification Exam (121-140)

2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Test your preparation for Cisco 300-209 with these actual 300-209 new questions below. Exam questions are a sure method to validate one’s preparation for actual certification exam.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html

QUESTION 121
Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

A.    AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
B.    IKEv2 sessions are not licensed.
C.    The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
D.    Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Answer: A

QUESTION 122
What action does the hub take when it receives a NHRP resolution request from a spoke for a network that exists behind another spoke?

A.    The hub sends back a resolution reply to the requesting spoke.
B.    The hub updates its own NHRP mapping.
C.    The hub forwards the request to the destination spoke.
D.    The hub waits for the second spoke to send a request so that it can respond to both spokes.

Answer: C

QUESTION 123
A spoke has two Internet connections for failover. How can you achieve optimum failover without affecting any other router in the DMVPN cloud?

A.    Create another DMVPN cloud by configuring another tunnel interface that is sourced from the
second ISP link.
B.    Use another router at the spoke site, because two ISP connections on the same router for the
same hub is not allowed.
C.    Configure SLA tracking, and when the primary interface goes down, manually change the tunnel
source of the tunnel interface.
D.    Create another tunnel interface with same configuration except the tunnel source, and configure
the if-state nhrp and backup interface commands on the primary tunnel interface.

Answer: D

QUESTION 124
In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to- spoke communication? (Choose two.)

A.    autosummary
B.    split horizon
C.    metric calculation using bandwidth
D.    EIGRP address family
E.    next-hop-self
F.    default administrative distance

Answer: BE

QUESTION 125
What does NHRP stand for?

A.    Next Hop Resolution Protocol
B.    Next Hop Registration Protocol
C.    Next Hub Routing Protocol
D.    Next Hop Routing Protocol

Answer: A

QUESTION 126
When troubleshooting established clientless SSL VPN issues, which three steps should be taken? (Choose three.)

A.    Clear the browser history.
B.    Clear the browser and Java cache.
C.    Collect the information from the computer event log.
D.    Enable and use HTML capture tools.
E.    Gather crypto debugs on the adaptive security appliance.
F.    Use Wireshark to capture network traffic.

Answer: BDF

QUESTION 127
A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.)

A.    debug aaa authentication
B.    debug radius
C.    debug vpn authorization error
D.    debug ssl openssl errors
E.    debug webvpn aaa
F.    debug ssl error

Answer: ABE

QUESTION 128
Which Cisco adaptive security appliance command can be used to view the count of all active VPN sessions?

A.    show vpn-sessiondb summary
B.    show crypto ikev1 sa
C.    show vpn-sessiondb ratio encryption
D.    show iskamp sa detail
E.    show crypto protocol statistics all

Answer: A
QUESTION 129
Which command is used to determine how many GMs have registered in a GETVPN environment?

A.    show crypto isakmp sa
B.    show crypto gdoi ks members
C.    show crypto gdoi gm
D.    show crypto ipsec sa
E.    show crypto isakmp sa count

Answer: B

QUESTION 130
On which Cisco platform are dynamic virtual template interfaces available?

A.    Cisco Adaptive Security Appliance 5585-X
B.    Cisco Catalyst 3750X
C.    Cisco Integrated Services Router Generation 2
D.    Cisco Nexus 7000

Answer: C

QUESTION 131
Refer to the exhibit. Which statement about the given IKE policy is true?
1311

A.    The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.
B.    It will use encrypted nonces for authentication.
C.    It has a keepalive of 60 minutes, checking every 5 minutes.
D.    It uses a 56-bit encryption algorithm.

Answer: B

QUESTION 132
Refer to the exhibit. Which two statements about the given configuration are true? (Choose two.)
1321

A.    Defined PSK can be used by any IPSec peer.
B.    Any router defined in group 2 will be allowed to connect.
C.    It can be used in a DMVPN deployment
D.    It is a LAN-to-LAN VPN ISAKMP policy.
E.    It is an AnyConnect ISAKMP policy.
F.    PSK will not work as configured

Answer: AC

QUESTION 133
Refer to the exhibit. What technology does the given configuration demonstrate?
1331

A.    Keyring used to encrypt IPSec traffic
B.    FlexVPN with IPV6
C.    FlexVPN with AnyConnect
D.    Crypto Policy to enable IKEv2

Answer: B

QUESTION 134
Which command enables the router to form EIGRP neighbor adjacencies with peers using a different subnet than the ingress interface?

A.    ip unnumbered interface
B.    eigrp router-id
C.    passive-interface interface name
D.    ip split-horizon eigrp as number

Answer: A

QUESTION 135
Which feature enforces the corporate policy for Internet access to Cisco AnyConnect VPN users?

A.    Trusted Network Detection
B.    Datagram Transport Layer Security
C.    Cisco AnyConnect Customization
D.    banner message

Answer: A

QUESTION 136
In which situation would you enable the Smart Tunnel option with clientless SSL VPN?

A.    when a user is using an outdated version of a web browser
B.    when an application is failing in the rewrite process
C.    when IPsec should be used over SSL VPN
D.    when a user has a nonsupported Java version installed
E.    when cookies are disabled

Answer: B

QUESTION 137
Refer to the exhibit. You executed the show crypto ipsec sa command to troubleshoot an IPSec issue. What problem does the given output indicate?
1371

A.    IKEv2 failed to establish a phase 2 negotiation.
B.    The Crypto ACL is different on the peer device.
C.    ISAKMP was unable to find a matching SA.
D.    IKEv2 was used in aggressive mode.

Answer: B

QUESTION 138
Which two types of authentication are supported when you use Cisco ASDM to configure site-to-site IKEv2 with IPv6? (Choose two.)

A.    preshared key
B.    webAuth
C.    digital certificates
D.    XAUTH
E.    EAP

Answer: AC

QUESTION 139
Which option describes the purpose of the shared argument in the DMVPN interface command tunnel protection IPsec profile ProfileName shared?

A.    shares a single profile between multiple tunnel interfaces
B.    allows multiple authentication types to be used on the tunnel interface
C.    shares a single profile between a tunnel interface and a crypto map
D.    shares a single profile between IKEv1 and IKEv2

Answer: A

QUESTION 140
Which type of communication in a FlexVPN implementation uses an NHRP shortcut?

A.    spoke to hub
B.    spoke to spoke
C.    hub to spoke
D.    hub to hub

Answer: B

These Cisco 300-209 exam questions are all a small selection of questions. If you want to practice more questions for actual 300-209 exam, use the links at the end of this document. Also you can find links for 300-209 VCE software that is great for preparation and self-assessment for Cisco 300-209 exam.

300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00

2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass:

http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]

Comments are closed.