Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 41-50

Ensurepass

 

QUESTION 41

Which two statements are true when designing a SSL VPN solution using Cisco AnyConnect? (Choose two.)

 

A.

The VPN server must have a self-signed certificate.

B.

A SSL group pre-shared key must be configured on the server.

C.

Server side certificate is optional if using AAA for client authentication.

D.

The VPN IP address pool can overlap with the rest of the LAN networks.

E.

DTLS can be enabled for better performance.

 

Correct Answer: DE

 

 

QUESTION 42

Which two features are required when configuring a DMVPN network? (Choose two.)

 

A.

Dynamic routing protocol

B.

GRE tunnel interface

C.

Next Hop Resolution Protocol

D.

Dynamic crypto map

E.

IPsec encryption

 

Correct Answer: BC

 

 

QUESTION 43

What are two benefits of DMVPN Phase 3? (Choose two.)

 

A.

Administrators can use summarization of routing protocol updates from hub to spokes.

B.

It introduces hierarchical DMVPN deployments.

C.

It introduces non-hierarchical DMVPN deployments.

D.

It supports L2TP over IPSec as one of the VPN protocols.

 

Correct Answer: AB

 

 

QUESTION 44

Which are two main use cases for Clientless SSL VPN? (Choose two.)

 

A.

In kiosks that are part of a shared environment

B.

When the users do not have admin rights to install a new VPN client

C.

When full tunneling is needed to support applications that use TCP, UDP, and ICMP

D.

To create VPN site-to-site tunnels in combination with remote access

 

Correct Answer: AB

 

 

QUESTION 45

Which technology can rate-limit the number of tunnels on a DMVPN hub when system utilization is above a specified percentage?

 

A.

NHRP Event Publisher

B.

interface state control

C.

CAC

D.

NHRP Authentication

E.

ip nhrp connect

 

Correct Answer: C

 

 

QUESTION 46

Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?

 

A.

FlexVPN

B.

DMVPN

C.

GET VPN

D.

SSL VPN

 

Correct Answer: A

 

 

QUESTION 47

Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?

 

A.

IKEv2 Suite-B

B.

IKEv2 proposals

C.

IKEv2 profiles

D.

IKEv2 Smart Defaults

 

Correct Answer: D

 

 

QUESTION 48

When an IPsec SVTI is configured, which technology processes traffic forwarding for encryption?

 

A.

ACL

B.

IP routing

C.

RRI

D.

front door VPN routing and forwarding

 

Correct Answer: B

 

 

QUESTION 49

An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure?

 

A.

The user’s FTP application is not supported.

B.

The user is connecting to an IOS VPN gateway configured in Thin Client Mode.

C.

The user is connecting to an IOS VPN gateway configured in Tunnel Mode.

D.

The user’s operating system is not supported.

 

Correct Answer: B

Explanation:

http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html

 

Thin-Client SSL VPN (Port Forwarding)

 

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications.

 

 

QUESTION 50

A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server?

 

A.

HTTPS

B.

NetBIOS

C.

CIFS

D.

HTTP

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …