2016 October Cisco Official New Released 300-209 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
The 300-209 braindumps are the latest, authenticated by expert and covering each and every aspect of 300-209 exam. Comparing with others, our exam questions are rich in variety. We offer PDF dumps and 300-209 VCE dumps. Welcome to choose.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-209.html
QUESTION 161
Which option describes what address preservation with IPsec Tunnel Mode allows when GETVPN is used?
A. stronger encryption methods
B. Network Address Translation of encrypted traffic
C. traffic management based on original source and destination addresses
D. Tunnel Endpoint Discovery
Answer: C
QUESTION 162
Which feature is available in IKEv1 but not IKEv2?
A. Layer 3 roaming
B. aggressive mode
C. EAP variants
D. sequencing
Answer: B
QUESTION 163
Which feature is enabled by the use of NHRP in a DMVPN network?
A. host routing with Reverse Route Injection
B. BGP multiaccess
C. host to NBMA resolution
D. EIGRP redistribution
Answer: C
QUESTION 164
Which statement about the hub in a DMVPN configuration with iBGP is true?
A. It must be a route reflector client.
B. It must redistribute EIGRP from the spokes.
C. It must be in a different AS.
D. It must be a route reflector.
Answer: D
QUESTION 165
Refer to the exhibit. Which technology is represented by this configuration?
A. AAA for FlexVPN
B. AAA for EzVPN
C. TACACS+ command authorization
D. local command authorization
Answer: A
QUESTION 166
Which command can you use to monitor the phase 1 establishment of a FlexVPN tunnel?
A. show crypto ipsec sa
B. show crypto isakmp sa
C. show crypto ikev2 sa
D. show ip nhrp
Answer: C
QUESTION 167
Which interface is managed by the VPN Access Interface field in the Cisco ASDM IPsec Site-to- Site VPN Wizard?
A. the local interface named “VPN_access”
B. the local interface configured with crypto enable
C. the local interface from which traffic originates
D. the remote interface with security level 0
Answer: B
QUESTION 168
You are troubleshooting a DMVPN NHRP registration failure. Which command can you use to view request counters?
A. show ip nhrp nhs detail
B. show ip nhrp tunnel
C. show ip nhrp incomplete
D. show ip nhrp incomplete tunnel tunnel_interface_number
Answer: A
QUESTION 169
Refer to the exhibit. What is the purpose of the given configuration?
A. Establishing a GRE tunnel.
B. Enabling IPSec to decrypt fragmented packets.
C. Resolving access issues caused by large packet sizes.
D. Adding the spoke to the routing table.
Answer: C
QUESTION 170
Which three commands are included in the command show dmvpn detail? (Choose three.)
A. show ip nhrp nhs
B. show dmvpn
C. show crypto session detail
D. show crypto ipsec sa detail
E. show crypto sockets
F. show ip nhrp
Answer: ABC
QUESTION 171
Refer to the exhibit. Which action is demonstrated by this debug output?
A. NHRP initial registration by a spoke.
B. NHRP registration acknowledgement by the hub.
C. Disabling of the DMVPN tunnel interface.
D. IPsec ISAKMP phase 1 negotiation.
Answer: A
QUESTION 172
Which option describes the purpose of the command show derived-config interface virtual-access 1?
A. It verifies that the virtual access interface is cloned correctly with per-user attributes.
B. It verifies that the virtual template created the tunnel interface.
C. It verifies that the virtual access interface is of type Ethernet.
D. It verifies that the virtual access interface is used to create the tunnel interface.
Answer: A
QUESTION 173
Which two RADIUS attributes are needed for a VRF-aware FlexVPN hub? (Choose two.)
A. ip:interface-config=ip unnumbered loobackn
B. ip:interface-config=ip vrf forwarding ivrf
C. ip:interface-config=ip src route
D. ip:interface-config=ip next hop
E. ip:interface-config=ip neighbor 0.0.0.0
Answer: AB
QUESTION 174
Which functionality is provided by L2TPv3 over FlexVPN?
A. the extension of a Layer 2 domain across the FlexVPN
B. the extension of a Layer 3 domain across the FlexVPN
C. secure communication between servers on the FlexVPN
D. a secure backdoor for remote access users through the FlexVPN
Answer: A
QUESTION 175
When you troubleshoot Cisco AnyConnect, which step does Cisco recommend before you open a TAC case?
A. Show applet Lifecycle exceptions.
B. Disable cookies.
C. Enable the WebVPN cache.
D. Collect a DART bundle.
Answer: D
QUESTION 176
What URL do you use to download a packet capture file in a format which can be used by a packet analyzer?
A. ftp://<hostname>/capture/<capture_name>/
B. https://<asdm_enabled _interface:port>/<capture_name>/
C. https://<asdm_enabled_interface:port>/admin/capture/<capture_name>/pcap
D. https://<hostname>/<capture_name>/pcap
Answer: C
QUESTION 177
If Web VPN bookmarks are grayed out on the home screen, which action should you take to begin troubleshooting?
A. Determine whether the Cisco ASA can resolve the DNS names.
B. Determine whether the Cisco ASA has DNS forwarders set up.
C. Determine whether an ACL is present to permit DNS forwarding.
D. Replace the DNS name with an IP address.
Answer: A
QUESTION 178
Which command clears all Cisco AnyConnect VPN sessions?
A. vpn-sessiondb logoff anyconnect
B. vpn-sessiondb logoff webvpn
C. vpn-sessiondb logoff l2l
D. clear crypto isakmp sa
Answer: A
QUESTION 179
Which group-policy subcommand installs the Diagnostic AnyConnect Report Tool on user computers when a Cisco AnyConnect user logs in?
A. customization value dart
B. file-browsing enable
C. smart-tunnel enable dart
D. anyconnect module value dart
Answer: D
QUESTION 180
You have deployed new Cisco AnyConnect start before logon modules and set the configuration to download modules before logon, but all client connections continue to use the previous version of the module. Which action must you take to correct the problem?
A. Configure start before logon in the client profile.
B. Configure a group policy to prompt the user to download the updated module.
C. Define the modules for download in the client profile.
D. Define the modules for download in the group policy.
Answer: A
Cisco 300-209 is often called the hardest of all Cisco exams. Lead2pass helps you kill the Cisco 300-209 exam challenge and achieve the perfect passing score with its latest practice test, packed into the revolutionary interactive VCE. This is the best way to prepare and pass the 300-209 exam.
300-209 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDODI1TDlUT1lBV00
2016 Cisco 300-209 exam dumps (All 237 Q&As) from Lead2pass:
http://www.lead2pass.com/300-209.html [100% Exam Pass Guaranteed]