[PDF&VCE] New Released Cisco 300-209 Exam Questions From Cisco Exam Center (161-180)

2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

The 300-209 braindumps are the latest, authenticated by expert and covering each and every aspect of 300-209 exam. Comparing with others, our exam questions are rich in variety. We offer PDF dumps and 300-209 VCE dumps. Welcome to choose.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html

Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?

A.    stronger encryption methods
B.    Network Address Translation of encrypted traffic
C.    traffic management based on original source and destination addresses
D.    Tunnel Endpoint Discovery

Answer: C

Which feature is available in IKEv1 but not IKEv2?

A.    Layer 3 roaming
B.    aggressive mode
C.    EAP variants
D.    sequencing

Answer: B

Which feature is enabled by the use of NHRP in a DMVPN network?

A.    host routing with Reverse Route Injection
B.    BGP multiaccess
C.    host to NBMA resolution
D.    EIGRP redistribution

Answer: C

Which statement about the hub in a DMVPN configuration with iBGP is true?

A.    It must be a route reflector client.
B.    It must redistribute EIGRP from the spokes.
C.    It must be in a different AS.
D.    It must be a route reflector.

Answer: D

Refer to the exhibit. Which technology is represented by this configuration?

A.    AAA for FlexVPN
B.    AAA for EzVPN
C.    TACACS+ command authorization
D.    local command authorization

Answer: A

Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?

A.    show crypto ipsec sa
B.    show crypto isakmp sa
C.    show crypto ikev2 sa
D.    show ip nhrp

Answer: C

Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to- Site VPN Wizard?

A.    the local interface named "VPN_access"
B.    the local interface configured with crypto enable
C.    the local interface from which traffic originates
D.    the remote interface with security level 0

Answer: B

You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?

A.    show ip nhrp nhs detail
B.    show ip nhrp tunnel
C.    show ip nhrp incomplete
D.    show ip nhrp incomplete tunnel tunnel_interface_number

Answer: A

Refer to the exhibit. What is the purpose of the given configuration?

A.    Establishing a GRE tunnel.
B.    Enabling IPSec to decrypt fragmented packets.
C.    Resolving access issues caused by large packet sizes.
D.    Adding the spoke to the routing table.

Answer: C

Which three commands are included in the command show dmvpn detail? (Choose three.)

A.    show ip nhrp nhs
B.    show dmvpn
C.    show crypto session detail
D.    show crypto ipsec sa detail
E.    show crypto sockets
F.    show ip nhrp

Answer: ABC

Refer to the exhibit. Which action is demonstrated by this debug output? 

A.    NHRP initial registration by a spoke.
B.    NHRP registration acknowledgement by the hub.
C.    Disabling of the DMVPN tunnel interface.
D.    IPsec ISAKMP phase 1 negotiation.

Answer: A

Which option describes the purpose of the command show derived-config interface virtual-access 1?

A.    It verifies that the virtual access interface is cloned correctly with per-user attributes.
B.    It verifies that the virtual template created the tunnel interface.
C.    It verifies that the virtual access interface is of type Ethernet.
D.    It verifies that the virtual access interface is used to create the tunnel interface.

Answer: A

Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)

A.    ip:interface-config=ip unnumbered loobackn
B.    ip:interface-config=ip vrf forwarding ivrf
C.    ip:interface-config=ip src route
D.    ip:interface-config=ip next hop
E.    ip:interface-config=ip neighbor

Answer: AB

Which functionality is provided by L2TPv3 over FlexVPN?

A.    the extension of a Layer 2 domain across the FlexVPN
B.    the extension of a Layer 3 domain across the FlexVPN
C.    secure communication between servers on the FlexVPN
D.    a secure backdoor for remote access users through the FlexVPN

Answer: A

When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?

A.    Show applet Lifecycle exceptions.
B.    Disable cookies.
C.    Enable the WebVPN cache.
D.    Collect a DART bundle.

Answer: D

What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?

A.    ftp://<hostname>/capture/<capture_name>/
B.    https://<asdm_enabled _interface:port>/<capture_name>/
C.    https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap
D.    https://<hostname>/<capture_name>/pcap

Answer: C

If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?

A.    Determine whether the Cisco ASA can resolve the DNS names.
B.    Determine whether the Cisco ASA has DNS forwarders set up.
C.    Determine whether an ACL is present to permit DNS forwarding.
D.    Replace the DNS name with an IP address.

Answer: A

Which command clears all Cisco AnyConnect VPN sessions?

A.    vpn-sessiondb logoff anyconnect
B.    vpn-sessiondb logoff webvpn
C.    vpn-sessiondb logoff l2l
D.    clear crypto isakmp sa

Answer: A

Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?

A.    customization value dart
B.    file-browsing enable
C.    smart-tunnel enable dart
D.    anyconnect module value dart

Answer: D

You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?

A.    Configure start before logon in the client profile.
B.    Configure a group policy to prompt the user to download the updated module.
C.    Define the modules for download in the client profile.
D.    Define the modules for download in the group policy.

Answer: A

Cisco 300-209 is often called the hardest of all Cisco exams. Lead2pass helps you kill the Cisco 300-209 exam challenge and achieve the perfect passing score with its latest practice test, packed into the revolutionary interactive VCE. This is the best way to prepare and pass the 300-209 exam.

300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00

2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass:

http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]