2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
In recent years, many people choose to take Cisco 300-209 certification exam which can make you get the Cisco certificate and that is the passport to get a better job and get promotions. How to prepare for Cisco 300-209 exam and get the certificate? Please refer to Cisco 300-209 exam questions and answers on Lead2pass.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html
QUESTION 81
When you are configuring a DMVPN network, which tunnel mode should you use for the hub router configuration?
A. GRE multipoint
B. classic point-to-point GRE
C. IPsec multipoint
D. nonbroadcast multiaccess
Answer: A
QUESTION 82
Which Cisco IOS feature provides secure, on-demand meshed connectivity?
A. Easy VPN
B. IPsec VPN
C. mGRE
D. DMVPN
Answer: D
QUESTION 83
Which of these is true regarding tunnel configuration when deploying a Cisco ISR as a DMVPN hub router?
A. Only one tunnel can be created per tunnel source interface.
B. Only one tunnel can be created and should be associated with a loopback interface for dynamic
redundancy
C. The GRE tunnel key is used to encrypt the traffic going through the tunnel through the hub.
D. You can run multiple parallel DMVPNs on the hub router, but each tunnel requires a unique tunnel key.
Answer: D
QUESTION 84
When you are configuring a hub-and-spoke DMVPN network, which tunnel mode should you use for the spoke router configuration?
A. GRE multipoint
B. Classis point-to-point GRE
C. IPsec multipoint
D. Nonbroadcast multiaccess
Answer: A
QUESTION 85
With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: A
QUESTION 86
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)
A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside
destinations to be translated with dynamic port address transmission using the outside interface
IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL
user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA
when accessing it via ASDM
Answer: AE
QUESTION 87
Which option lists the main tasks in the correct order to configure a new Layer 3 and 4 inspection policy on the Cisco ASA appliance using the Cisco ASDM Configuration > Firewall > Service Policy Rules pane?
A. 1. Create a class map to identify which traffic to match.
2. Create a policy map and apply action(s) to the traffic class(es).
3. Apply the policy map to an interface or globally using a service policy.
B. 1. Create a service policy rule.
2. Identify which traffic to match.
3. Apply action(s) to the traffic.
C. 1. Create a Layer 3 and 4 type inspect policy map.
2. Create class map(s) within the policy map to identify which traffic to match.
3. Apply the policy map to an interface or globally using a service policy.
D. 1. Identify which traffic to match.
2. Apply action(s) to the traffic.
3. Create a policy map.
4. Apply the policy map to an interface or globally using a service policy.
Answer: B
QUESTION 88
By default, how does a Cisco ASA appliance process IP fragments?
A. Each fragment passes through the Cisco ASA appliance without any inspections.
B. Each fragment is blocked by the Cisco ASA appliance.
C. The Cisco ASA appliance verifies each fragment and performs virtual IP re-assembly before the
full IP packet is forwarded out.
D. The Cisco ASA appliance forwards the packet out as soon as all of the fragments of the packet
have been received.
Answer: C
QUESTION 89
Which other match command is used with the match flow ip destination-address command within the class map configurations of the Cisco ASA MPF?
A. match tunnel-group
B. match access-list
C. match default-inspection-traffic
D. match port
E. match dscp
Answer: A
QUESTION 90
Which Cisco ASA configuration is used to configure the TCP intercept feature?
A. a TCP map
B. an access list
C. the established command
D. the set connection command with the embryonic-conn-max option
E. a type inspect policy map
Answer: D
QUESTION 91
On which type of encrypted traffic can a Cisco ASA appliance running software version 8.4.1 perform application inspection and control?
A. IPsec
B. SSL
C. IPsec or SSL
D. Cisco Unified Communications
E. Secure FTP
Answer: D
QUESTION 92
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is
stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled
Answer: AD
QUESTION 93
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed
features until the time-based license is uninstalled.
Answer: AC
QUESTION 94
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)
A. drop
B. priority
C. log
D. pass
E. inspect
F. reset
Answer: ACF
QUESTION 95
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
A. 5540
B. 5550
C. 5580-20
D. 5580-40
Answer: B
QUESTION 96
Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSL VPN session. Which statement is correct concerning the SSL VPN authorization process?
A. Remote clients can be authorized by applying a dynamic access policy, which is configured on an
external AAA server.
B. Remote clients can be authorized externally by applying group parameters from an external database.
C. Remote client authorization is supported by RADIUS and TACACS+ protocols.
D. To configure external authorization, you must configure the Cisco ASA for cut-through proxy.
Answer: B
QUESTION 97
Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?
A. Single Sign-On
B. Certificate to Profile Mapping
C. Double Authentication
D. RSA OTP
Answer: C
QUESTION 98
Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine?
A. Verify the trusted zone and cookies settings in your browser.
B. Make sure that you specified the URL correctly.
C. Try the URL from another operating system.
D. Move to the IPsec client.
Answer: A
QUESTION 99
Which cryptographic algorithms are a part of the Cisco NGE suite?
A. HIPPA DES
B. AES-CBC-128
C. RC4-128
D. AES-GCM-256
Answer: D
QUESTION 100
Which transform set is contained in the IKEv2 default proposal?
A. aes-cbc-192, sha256, group 14
B. 3des, md5, group 7
C. 3des, sha1, group 1
D. aes-cbc-128, sha, group 5
Answer: D
Lead2pass is a good website that provides all candidates with the latest IT certification exam materials. Lead2pass will provide you with the exam questions and verified answers that reflect the actual exam. The Cisco 300-209 exam dumps are developed by experienced IT professionals. 99.9% of hit rate. Guarantee you success in your 300-209 exam with our exam materials.
300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00
2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass:
http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]