Actualtests 300-209 Questions are updated and all 300-209 answers are verified by experts. Once you have completely prepared with our 300-209 exam prep kits you will be ready for the real 300-209 exam without a problem. We have Improve Cisco 300-209 dumps study guide. PASSED 300-209 First attempt! Here What I Did.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-209 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-209-exam-dumps.html
Q81. What is the default topology type for a GET VPN?
A. point-to-point
B. hub-and-spoke
C. full mesh
D. on-demand spoke-to-spoke
Answer: C
Q82. Refer to the exhibit.
Which statement about the given IKE policy is true?
A. The tunnel will be valid for 2 days, 88 minutes, and 00 seconds.
B. It will use encrypted nonces for authentication.
C. It has a keepalive of 60 minutes, checking every 5 minutes.
D. It uses a 56-bit encryption algorithm.
Answer: B
Q83. After completing a site-to-site VPN setup between two routers, application performance over the tunnel is slow. You issue the show crypto ipsec sa command and see the following output. What does this output suggest?
interfacE. Tunnel100
Crypto map tag: Tunnel100-head-0, local addr 10.10.10.10
protected vrF. (none)
local ident (addr/mask/prot/port): (10.10.10.10/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.20.20.20/255.255.255.255/47/0)
current_peer 209.165.200.230 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 34836, #pkts encrypt: 34836, #pkts digest: 34836
#pkts decaps: 26922, #pkts decrypt: 19211, #pkts verify: 19211
#pkts compresseD. 0, #pkts decompresseD. 0
#pkts not compresseD. 0, #pkts compr. faileD. 0
#pkts not decompresseD. 0, #pkts decompress faileD. 0
#send errors 0, #recv errors 0
A. The VPN has established and is functioning normally.
B. There is an asymmetric routing issue.
C. The remote peer is not receiving encrypted traffic.
D. The remote peer is not able to decrypt traffic.
E. Packet corruption is occurring on the path between the two peers.
Answer: E
Q84. Which Cisco ASDM option configures WebVPN access on a Cisco ASA?
A. Configuration > WebVPN > WebVPN Access
B. Configuration > Remote Access VPN > Clientless SSL VPN Access
C. Configuration > WebVPN > WebVPN Config
D. Configuration > VPN > WebVPN Access
Answer: B
Q85. A customer requires all traffic to go through a VPN. However, access to the local network is also required. Which two options can enable this configuration? (Choose two.)
A. split exclude
B. use of an XML profile
C. full tunnel by default
D. split tunnel
E. split include
Answer: A,B
Q86. An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?
A. The user's FTP application is not supported.
B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode.
C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode.
D. The user's operating system is not supported.
Answer: B
Reference:
http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html
Thin-Client SSL VPN (Port Forwarding)
A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications.
Q87. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks?
A. site-to-site
B. business-to-business
C. Clientless SSL
D. DMVPN
Answer: C
Q88. Which three configurations are required for both IPsec VTI and crypto map-based VPNs? (Choose three.)
A. transform set
B. ISAKMP policy
C. ACL that defines traffic to encrypt
D. dynamic routing protocol
E. tunnel interface
F. IPsec profile
G. PSK or PKI trustpoint with certificate
Answer: A,B,G
Q89. An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?
A. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splitlist
B. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelall
split-tunnel-network-list value splitlist
C. group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
D. access-list splitlist standard permit 209.165.201.0 255.255.255.224
access-list splitlist standard permit 209.165.202.128 255.255.255.224
!
crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect vpn-tunnel-network-list splitlist
E. crypto anyconnect vpn-tunnel-policy tunnelspecified
crypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224
crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224
Answer: A
Q90. CORRECT TEXT
Scenario:
You are the network security manager for your organization. Your manager has received a request to allow an external user to access to your HQ and DM2 servers. You are given the following connection parameters for this task.
Using ASDM on the ASA, configure the parameters below and test your configuration by accessing the Guest PC. Not all AS DM screens are active for this exercise. Also, for this exercise, all changes are automatically applied to the ASA and you will not have to click APPLY to apply the changes manually.
. Enable Clientless SSL VPN on the outside interface
. Using the Guest PC, open an Internet Explorer window and test and verify the basic connection to the SSL VPN portal using address: https://vpn-secure-x.public
. a. You may notice a certificate error in the status bar, this can be ignored for this exercise
. b. Username: vpnuser
. c. Password: cisco123
. d. Logout of the portal once you have verified connectivity
. Configure two bookmarks with the following parameters:
. a. Bookmark List Name: MY-BOOKMARKS
. b. Use the: URL with GET or POST method
. c. Bookmark Title: HQ-Server
. i. http://10.10.3.20
. d. Bookmark Title: DMZ-Server-FTP
. i. ftp://172.16.1.50
. e. Assign the configured Bookmarks to:
. i. DfltGrpPolicy
. ii. DfltAccessPolicy
. iii. LOCAL User: vpnuser
. From the Guest PC, reconnect to the SSL VPN Portal
. Test both configured Bookmarks to ensure desired connectivity
You have completed this exercise when you have configured and successfully tested Clientless SSL VPN connectivity.
Topology:
Answer: Please find the solution in below explanation.
Explanation:
First, enable clientless VPN access on the outside interface by checking the box found below:
Then, log in to the given URL using the vpnuser/cisco123 credentials:
Logging in will take you to this page, which means you have now verified basic connectivity:
Now log out by hitting the logout button.
Now, go back to the ASDM and navigate to the Bookmarks portion:
Make the name MY-BOOKMARKS and use the “Add” tab and add the bookmarks per the instructions:
Ensure the “URL with GET of POST method” button is selected and hit OK:
Add the two bookmarks as given in the instructions:
You should now see the two bookmarks listed:
Hit OK and you will see this:
Select the MY-BOOKMARKS Bookmarks and click on the “Assign” button. Then, click on the appropriate check boxes as specified in the instructions and hit OK.
After hitting OK, you will now see this:
Then, go back to the Guest-PC, log back in and you should be able to test out the two new bookmarks.
