[January 2018] Lead2pass New Released Cisco 300-209 Exam Questions From Cisco Exam Center 319q

Official 300-209 Exam Preparation Download From Lead2pass:

https://www.lead2pass.com/300-209.html

QUESTION 1
Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.)

A.    priority number
B.    hash algorithm
C.    encryption algorithm
D.    session lifetime
E.    PRF algorithm

Answer: BC

QUESTION 2
Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.)

A.    authentication
B.    encryption
C.    integrity
D.    lifetime

Answer: BC

QUESTION 3
In a spoke-to-spoke DMVPN topology, which type of interface does a branch router require?

A.    virtual tunnel interface
B.    multipoint GRE interface
C.    point-to-point GRE interface
D.    loopback interface

Answer: B

QUESTION 4
To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?

A.    Cisco IOS WebVPN customization template
B.    Cisco IOS WebVPN customization general
C.    web-access-hlp.inc
D.    app-access-hlp.inc

Answer: A

QUESTION 5
Which three plugins are available for clientless SSL VPN? (Choose three.)

A.    CIFS
B.    RDP2
C.    SSH
D.    VNC
E.    SQLNET
F.    ICMP

Answer: BCD

QUESTION 6
Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

A.    migrate remote-access ssl overwrite
B.    migrate remote-access ikev2
C.    migrate l2l
D.    migrate remote-access ssl

Answer: A
Explanation:
Below is a reference for this question:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113597-ptn-113597.html
If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the command line, enter the migrate command:
migrate {l2l | remote-access {ikev2 | ssl} | overwrite} Things of note:
Keyword definitions:
l2l – This converts current IKEv1 l2l tunnels to IKEv2.
remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.
overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

QUESTION 7
Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?

A.    The Cisco AnyConnect Secure Mobility Client must be installed in flash.
B.    A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway.
C.    A Cisco plug-in must be installed on a SiteMinder server.
D.    The Cisco Secure Desktop software package must be installed in flash.

Answer: C

QUESTION 8
Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.)

A.    The client initiates a VPN connection upon detection of an untrusted network.
B.    The client initiates a VPN connection upon detection of a trusted network.
C.    The always-on feature is enabled.
D.    The always-on feature is disabled.
E.    The client does not automatically initiate any VPN connection.

Answer: DE
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-vpn.html#ID-1428-00000152

QUESTION 9
Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?

A.    appl ssh putty.exe win
B.    appl ssh putty.exe windows
C.    appl ssh putty
D.    appl ssh putty.exe

Answer: B

QUESTION 10
Which three remote access VPN methods in an ASA appliance provide support for Cisco
Secure Desktop? (Choose three.)

A.    IKEv1
B.    IKEv2
C.    SSL client
D.    SSL clientless
E.    ESP
F.    L2TP

Answer: BCD

300-209 dumps full version (PDF&VCE): https://www.lead2pass.com/300-209.html

Large amount of free 300-209 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDYnF5Vk16OS1tc1E

You may also need:

300-206 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDQ0xqNGttYzZGYk0

300-208 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDMXlWOHdFVkZmREU

300-210 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDRF9kSExjc1FqREU