Download New Updated (Spring 2015) Cisco 300-209 Actual Tests 21-30

By | April 22, 2015

Ensurepass

 

QUESTION 21

When Cisco ASA applies VPN permissions, what is the first set of attributes that it applies?

 

A.

dynamic access policy attributes

B.

group policy attributes

C.

connection profile attributes

D.

user attributes

 

Correct Answer: A

 

 

QUESTION 22

What are two variables for configuring clientless SSL VPN single sign-on? (Choose two.)

 

A.

CSCO_WEBVPN_OTP_PASSWORD

B.

CSCO_WEBVPN_INTERNAL_PASSWORD

C.

CSCO_WEBVPN_USERNAME

D.

CSCO_WEBVPN_RADIUS_USER

 

Correct Answer: BC

 

 

QUESTION 23

To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?

 

A.

Cisco IOS WebVPN customization template

B.

Cisco IOS WebVPN customization general

C.

web-access-hlp.inc

D.

app-access-hlp.inc

 

Correct Answer: A

 

 

QUESTION 24

Which three plugins are available for clientless SSL VPN? (Choose three.)

 

A.

CIFS

B.

RDP2

C.

SSH

D.

VNC

E.

SQLNET

F.

ICMP

 

Correct Answer: BCD

 

 

QUESTION 25

Which command simplifies the task of converting an SSL VPN to an IKEv2 VPN on a Cisco ASA appliance that has an invalid IKEv2 configuration?

 

A.

migrate remote-access ssl overwrite

B.

migrate remote-access ikev2

C.

migrate l2l

D.

migrate remote-access ssl

 

Correct Answer: A

Explanation:

Below is a reference for this question:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113597-ptn-113597.html

 

If your IKEv1, or even SSL, configuration already exists, the ASA makes the migration process simple. On the comm
and line, enter the migrate command:

 

migrate {l2l | remote-access {ikev2 | ssl} | overwrite}

 

Things of note:

 

Keyword definitions:

l2l – This converts current IKEv1 l2l tunnels to IKEv2.

 

remote access – This converts the remote access configuration. You can convert either the IKEv1 or the SSL tunnel groups to IKEv2.

 

overwrite – If you have a IKEv2 configuration that you wish to overwrite, then this keyword converts the current IKEv1 configuration and removes the superfluous IKEv2 configuration.

 

 

QUESTION 26

Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?

 

A.

The Cisco AnyConnect Secure Mobility Client must be installed in flash.

B.

A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway.

C.

A Cisco plug-in must be installed on a SiteMinder server.

D.

The Cisco Secure Desktop software package must be installed in flash.

 

Correct Answer: C

 

 

QUESTION 27

Which two statements describe effects of the DoNothing option within the untrusted network policy on a Cisco AnyConnect profile? (Choose two.)

 

A.

The client initiates a VPN connection upon detection of an untrusted network.

B.

The client initiates a VPN connection upon detection of a trusted network.

C.

The always-on feature is enabled.

D.

The always-on feature is disabled.

E.

The client does not automatically initiate any VPN connection.

 

Correct Answer: AD

 

 

QUESTION 28

Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?

 

A.

appl ssh putty.exe win

B.

appl ssh putty.exe windows

C.

appl ssh putty

D.

appl ssh putty.exe

 

Correct Answer: B

 

 

QUESTION 29

Which three remote access VPN methods in an ASA appliance provide support for Cisco Secure Desktop? (Choose three.)

 

A.

IKEv1

B.

IKEv2

C.

SSL client

D.

SSL clientless

E.

ESP

F.

L2TP

 

Correct Answer: BCD

 

 

QUESTION 30

A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)

 

A.

Client’s public IP address

B.

Client’s operating system

C.

Client’s default gateway IP address

D.

Client’s username

E.

ASA’s public IP address

 

Correct Answer: AD

 

Free VCE & PDF File for Cisco 300-209 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …