Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 31-40

Ensurepass

 

QUESTION 31

Which Cisco ASDM option configures forwarding syslog messages to email?

 

A.

Configuration > Device Management > Logging > E-Mail Setup

B.

Configuration > Device Management > E-Mail Setup > Logging Enable

C.

Select the syslogs to email, click Edit, and select the Forward Messages option.

D.

Select the syslogs to email, click Settings, and specify the Destination Email Address option.

 

Correct Answer: A

 

 

QUESTION 32

Which Cisco ASDM option configures WebVPN access on a Cisco ASA?

 

A.

Configuration > WebVPN > WebVPN Access

B.

Configuration > Remote Access VPN > Clientless SSL VPN Access

C.

Configuration > WebVPN > WebVPN Config

D.

Configuration > VPN > WebVPN Access

 

Correct Answer: B

 

 

QUESTION 33

A user with IP address 10.10.10.10 is unable to access a HTTP website at IP address 209.165.200.225 through a Cisco ASA. Which two features and commands will help troubleshoot the issue? (Choose two.)

 

A.

Capture user traffic using command capture capin interface inside match ip host 10.10.10.10 any

B.

After verifying that user traffic reaches the firewall using syslogs or captures, use packet tracer command packet-tracer input inside tcp 10.10.10.10 1234 209.165.200.225 80

C.

Enable logging at level 1 and check the syslogs using commands logging enable, logging buffered 1 and show logging | include 10.10.10.10

D.

Check if an access-list on the firewall is blocking the user by using command show running-config access-list | include 10.10.10.10

E.

Use packet tracer command packet-tracer input inside udp 0.10.10.10 1234 192.168.1.3 161 to see what the firewall is doing with the user’s traffic

 

Correct Answer: AB

 

 

QUESTION 34

A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks?

 

A.

Configure logging using commands “logging on”, “logging buffered 4”, and check for fan failure logs using “show logging”

B.

Configure logging using commands “logging on”, “logging buffered 6”, and check for fan failure logs using “show logging”

C.

Configure logging using commands “logging on”, “logging discriminator msglog1 console 7”, and check for fan failure logs using “show logging”

D.

Configure logging using commands “logging host 10.11.10.11”, “logging trap 2”, and check for fan failure logs at the syslog server 10.11.10.11

 

Correct Answer: A

 

 

QUESTION 35

An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application’s network requirement? (Choose two.)

 

A.

FlexVPN

B.

DMVPN

C.

Group Encrypted Transport VPN

D.

Crypto-map based Site-to-Site IPsec VPNs

E.

AnyConnect VPN

 

Correct Answer: AB

 

 

QUESTION 36

A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic?

 

A.

AES-128

B.

RSA Certificates

C.

SHA2-HMAC

D.

3DES

E.

Diffie-Helman Key Generation

 

Correct Answer: C

 

 

 

QUESTION 37

A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements?

 

A.

Clientless SSLVPN

B.

AnyConnect Client using SSLVPN

C.

AnyConnect Client using IKEv2

D.

FlexVPN Client

E.

Windows built-in PPTP client

 

Correct Answer: A

 

 

QUESTION 38

A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.)

 

A.

crypto isakmp policy 10

encryption aes 254

B.

crypto isakmp policy 10

encryption aes 192

C.

crypto isakmp policy 10

encryption aes 256

< font style="font-size: 10pt" color="#000000">D.

crypto isakmp policy 10

encryption aes 196

E.

crypto isakmp policy 10

encryption aes 199

F.

crypto isakmp policy 10

encryption aes 64

 

Correct Answer: BC

 

 

QUESTION 39

Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.)

 

A.

SHA-512

B.

SHA-256

C.

SHA-192

D.

SHA-380

E.

SHA-192

F.

SHA-196

 

Correct Answer: AB

 

 

QUESTION 40

Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?

 

A.

The router must be configured with a dynamic crypto map.

B.

Certificates are always used for phase 1 authentication.

C.

The tunnel establishment will fail if the router is configured as a responder only.

D.

The router and the peer router must have NAT traversal enabled.

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …