web analytics

100% Pass Guarantee PassLeader 300-209 Dumps with VCE and PDF for Free (Question 91 – Question 105)

New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (237 Q&As)

P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM

QUESTION 91
On which type of encrypted traffic can a Cisco ASA appliance running software version 8.4.1 perform application inspection and control?

A.    IPsec
B.    SSL
C.    IPsec or SSL
D.    Cisco Unified Communications
E.    Secure FTP

Answer: D

QUESTION 92
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)

A.    Access to the ROM monitor mode is required.
B.    The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C.    The copy tftp flash command is necessary to start the TFTP file transfer.
D.    The server command is necessary to set the TFTP server IP address.
E.    Cisco ASA password recovery must be enabled.

Answer: AD

QUESTION 93
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)

A.    Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B.    Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C.    Time-based licenses are stackable in duration but not in capacity.
D.    A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Answer: AC

QUESTION 94
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)

A.    drop
B.    priority
C.    log
D.    pass
E.    inspect
F.    reset

Answer: ACF

QUESTION 95
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?

A.    5540
B.    5550
C.    5580-20
D.    5580-40

Answer: B

QUESTION 96
Authorization of a clientless SSL VPN defines the actions that a user may perform within a clientless SSL VPN session. Which statement is correct concerning the SSL VPN authorization process?

A.    Remote clients can be authorized by applying a dynamic access policy, which is configured on an external AAA server.
B.    Remote clients can be authorized externally by applying group parameters from an external database.
C.    Remote client authorization is supported by RADIUS and TACACS+ protocols.
D.    To configure external authorization, you must configure the Cisco ASA for cut-through proxy.

Answer: B

QUESTION 97
Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page?

A.    Single Sign-On
B.    Certificate to Profile Mapping
C.    Double Authentication
D.    RSA OTP

Answer: C

QUESTION 98
Which option is a possible solution if you cannot access a URL through clientless SSL VPN with Internet Explorer, while other browsers work fine?

A.    Verify the trusted zone and cookies settings in your browser.
B.    Make sure that you specified the URL correctly.
C.    Try the URL from another operating system.
D.    Move to the IPsec client.

Answer: A

QUESTION 99
Which cryptographic algorithms are a part of the Cisco NGE suite?

A.    HIPPA DES
B.    AES-CBC-128
C.    RC4-128
D.    AES-GCM-256

Answer: D

QUESTION 100
Which transform set is contained in the IKEv2 default proposal?

A.    aes-cbc-192, sha256, group 14
B.    3des, md5, group 7
C.    3des, sha1, group 1
D.    aes-cbc-128, sha, group 5

Answer: D

QUESTION 101
Which command clears all crypto configuration from a Cisco Adaptive Security Appliance?

A.    clear configure crypto
B.    clear configure crypto ipsec
C.    clear crypto map
D.    clear crypto ikev2 sa

Answer: A

QUESTION 102
Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

A.    more system:running-config
B.    show running-config crypto
C.    show running-config tunnel-group
D.    show running-config tunnel-group-map
E.    clear config tunnel-group
F.    show ipsec policy

Answer: A

QUESTION 103
An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

A.    Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
B.    Under the “Automatic VPN Policy” section inside the Anyconnect Profile Editor within ASDM
C.    Under the TNDPolicy XML section within the Local Preferences file on the client computer
D.    Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Answer: B

QUESTION 104
The following configuration steps have been completed:
– WebVPN was enabled on the ASA outside interface.
– SSL VPN client software was loaded to the ASA.
– A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the ASA SSL page?

A.    The SSL client must be loaded to the client by an ASA administrator
B.    The SSL client must be downloaded to the client via FTP
C.    The SSL VPN client must be enabled on the ASA after loading
D.    The SSL client must be enabled on the client machine before loading

Answer: A

QUESTION 105
Remote users want to access internal servers behind an ASA using Microsoft terminal services. Which option outlines the steps required to allow users access via the ASA clientless VPN portal?

A.    1. Configure a static pat rule for TCP port 3389
2. Configure an inbound access-list to allow traffic from remote users to the servers
3. Assign this access-list rule to the group policy
B.    1. Configure a bookmark of the type http://server-IP:3389
2. Enable Smart tunnel on this bookmark
3. Assign the bookmark to the desired group policy
C.    1. Configure a Smart Tunnel application list
2. Add the rdp.exe process to this list
3. Assign the Smart Tunnel application list to the desired group policy
D.    1. Upload an RDP plugin to the ASA
2. Configure a bookmark of the type rdp://server-IP
3. Assign the bookmark list to the desired group policy

Answer: D


New 300-209 exam questions from PassLeader 300-209 dumps! Welcome to download the newest PassLeader 300-209 VCE and PDF dumps: http://www.passleader.com/300-209.html (237 Q&As)

P.S. Free 300-209 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpVTNFVTRPdC0zTnM