[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 71-80

Get Full Version of the Exam
http://www.EnsurePass.com/300-209.html

Question No.71

Which VPN solution is best for a collection of branch offices connected by MPLS that frequenty make VoIP calls between branches?

  1. GETVPN

  2. Cisco AnyConnect

  3. site-to-site

  4. DMVPN

Correct Answer: A

Question No.72

Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

  1. more system:running-config

  2. show running-config crypto

  3. show running-config tunnel-group

  4. show running-config tunnel-group-map

  5. clear config tunnel-group

  6. show ipsec policy

Correct Answer: A

Question No.73

Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN?

  1. vpn-filter none

  2. no vpn-filter

  3. filter value none

  4. filter value ACLname

Correct Answer: C

Explanation:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T- Z/cmdref4/v.html#pgfId-1842564

Question No.74

Which three configuration parameters are mandatory for an IKEv2 profile? (Choose three.)

  1. IKEv2 proposal

  2. local authentication method

  3. match identity or certificate

  4. IKEv2 policy

  5. PKI certificate authority

  6. remote authentication method

  7. IKEv2 profile description

  8. virtual template

Correct Answer: BCF

Question No.75

Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy?

  1. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download

  2. instructing users to use the corporate proxy server for all web browsing

  3. disabling split tunneling

  4. permitting local LAN access

Correct Answer: C

Question No.76

A temporary worker must use clientless SSL VPN with an SSH plug-in, in order to access the console of an internal corporate server, the projects.xyz.com server. For security reasons, the network security auditor insists that the temporary user is restricted to the one internal corporate server, 10.0.4.18. You are the network engineer who is responsible for the network access of the temporary user. What should you do to restrict SSH access to the one projects.xyz.com server?

  1. Configure access-list temp_user_acl extended permit TCP any host 10.0.4.18 eq 22.

  2. Configure access-list temp_user_acl standard permit host 10.0.4.18 eq 22.

  3. Configure access-list temp_acl webtype permit url ssh://10.0.4.18.

  4. Configure a plug-in SSH bookmark for host 10.0.4.18, and disable network browsing on the clientless SSL VPN portal of the temporary worker.

Correct Answer: C

Explanation:

Web ACLs

The Web ACLs table displays the filters configured on the security appliance applicable to Clientless SSL VPN traffic. The table shows the name of each access control list (ACL), and below and indented to the right of the ACL name, the access control entries (ACEs) assigned to the ACL. Each ACL permits or denies access permits or denies access to specific networks, subnets, hosts, and web servers. Each ACE specifies one rule that serves the function of the ACL. You can configure ACLs to apply to Clientless SSL VPN traffic. The following rules apply:

If you do not configure any filters, all connections are permitted.

The security appliance supports only an inbound ACL on an interface.

At the end of each ACL, an implicit, unwritten rule denies all traffic that is not explicitly permitted. You can use the following wildcard characters to define more than one wildcard in the Webtype access list entry:

Enter an asterisk quot;*quot; to match no characters or any number of characters. Enter a question mark quot;?quot; to match any one character exactly.

Enter square brackets quot;[]quot; to create a range operator that matches any one character in a range. The following examples show how to use wildcards in Webtype access lists.

The following example matches URLs such as http://www.cisco.com/ and http://wwz.caco.com/: access- list test webtype permit url http://ww?.c*co*/

Question No.77

Which three plugins are available for clientless SSL VPN? (Choose three.)

  1. CIFS

  2. RDP2

  3. SSH

  4. VNC

  5. SQLNET

  6. ICMP

Correct Answer: BCD

Question No.78

When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?

  1. address assignment

  2. DHCP configuration

  3. tunnel group attributes

  4. host file misconfiguration

Correct Answer: D

Question No.79

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.)

  1. The client initiates a VPN connection upon detection of an untrusted network.

  2. The client initiates a VPN connection upon detection of a trusted network.

  3. The always-on feature is enabled.

  4. The always-on feature is disabled.

  5. The client does not automatically initiate any VPN connection.

Correct Answer: AD

Question No.80

An engineer is configuring an IPsec VPN with IKEv2. Which three components are part of the IKEv2 proposal for this implementation? (Choose three.)

  1. key ring

  2. DH group

  3. integrity

  4. tunnel name

  5. encryption

Correct Answer: BCE

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

Leave a Reply