[Free] 2019(Nov) EnsurePass Cisco 300-209 Dumps with VCE and PDF 61-70

By | November 2, 2019

Get Full Version of the Exam

Question No.61

Refer to the exhibit. The customer needs to launch AnyConnect in the RDP machine. Which configuration is correct?


  1. crypto vpn anyconnect profile test flash:RDP.xml policy group default

    svc profile test

  2. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1

    browser-attribute import flash:/swj.xml

  3. crypto vpn anyconnect profile test flash:RDP.xml policy group default

    svc profile flash:RDP.xml

  4. crypto vpn anyconnect profile test flash:RDP.xml webvpn context GW_1

browser-attribute import test

Correct Answer: A

Question No.62

Which technology supports tunnel interfaces while remaining compatible with legacy VPN implementations?

  1. FlexVPN

  2. DMVPN

  3. GET VPN

  4. SSL VPN

Correct Answer: A

Question No.63

Which protocol supports high availability in a Cisco IOS SSL VPN environment?

  1. HSRP

  2. VRRP

  3. GLBP

  4. IRDP

Correct Answer: A

Question No.64

Which algorithm provides both encryption and authentication for data plane communication?

  1. SHA-96

  2. SHA-384

  3. 3DES

  4. AES-256

  5. AES-GCM

  6. RC4

Correct Answer: E

Question No.65

Which two commands are include in the command show dmvpn detail? (Choose two.)

  1. Show ip nhrp

  2. Show ip nhrp nhs

  3. Show crypto ipsec sa detail

  4. Show crypto session detail

  5. Show crypto sockets

Correct Answer: BD

Question No.66

An administrator received a report that a user cannot connect to the headquarters site using Cisco AnyConnect and receives this error. The installer was not able to start the Cisco VPN client, clientless access is not available, Which option is a possible cause for this error?

  1. The client version of Cisco AnyConnect is not compatible with the Cisco ASA software image.

  2. The operating system of the client machine is not supported by Cisco AnyConnect.

  3. The driver for Cisco AnyConnect is outdatate.

  4. The installed version of Java is not compatible with Cisco AnyConnect.

Correct Answer: C

Question No.67

Which statement regarding hashing is correct?

  1. MD5 produces a 64-bit message digest.

  2. SHA-1 produces a 160-bit message digest.

  3. MD5 takes more CPU cycles to compute than SHA-1.

  4. Changing 1 bit of the input to SHA-1 can change up to 5 bits in the output.

Correct Answer: B

Question No.68

Which type of NHRP packet is unique to Phase 3 DMVPN topologies?

  1. resolution request

  2. resolution reply

  3. redirect

  4. registration request

  5. registration reply

  6. error indication

Correct Answer: C

Question No.69

Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication. Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server?


  1. FTP

  2. LDAP

  3. HTTPS

  4. SCEP

  5. OCSP

Correct Answer: D



About CRLs

Certificate Revocation Lists provide the security appliance with one means of determining whether a certificate that is within its valid time range has been revoked by its issuing CA. CRL configuration is a part of the configuration of a trustpoint.

You can configure the security appliance to make CRL checks mandatory when authenticating a certificate (revocation-check crl command). You can also make the CRL check optional by adding the none argument (revocation-check crl none command), which allows the certificate authentication to succeed when the CA is unavailable to provide updated CRL data.

The security appliance can retrieve CRLs from CAs using HTTP, SCEP, or LDAP. CRLs retrieved for each trustpoint are cached for a length of time configurable for each trustpoint. When the security appliance has cached a CRL for more than the length of time it is configured to cache CRLs, the security appliance considers the CRL too old to be reliable, or quot;stalequot;. The security appliance attempts to retrieve a newer version of the CRL the next time a certificate authentication requires checking the stale CRL.

Question No.70

Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

  1. AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.

  2. IKEv2 sessions are not licensed.

  3. The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.

  4. Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Correct Answer: B

Get Full Version of the Exam
300-209 Dumps
300-209 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.