Want to Pass 300-209 Exam In Next HOURS? Get it now →
April 21, 2017

How Does Pass4sure Cisco 300-209 practice exam Work?

Q71. A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889? 

A. auto applet download 

B. port forwarding 

C. web-type ACL 

D. HTTP proxy 

Answer:


Q72. Which option is most effective at preventing a remote access VPN user from bypassing the corporate transparent web proxy? 

A. using the proxy-server settings of the client computer to specify a PAC file for the client computer to download 

B. instructing users to use the corporate proxy server for all web browsing 

C. disabling split tunneling 

D. permitting local LAN access 

Answer:


Q73. A Cisco router may have a fan issue that could increase its temperature and trigger a failure. What troubleshooting steps would verify the issue without causing additional risks? 

A. Configure logging using commands "logging on", "logging buffered 4", and check for fan failure logs using "show logging" 

B. Configure logging using commands "logging on", "logging buffered 6", and check for fan failure logs using "show logging" 

C. Configure logging using commands "logging on", "logging discriminator msglog1 console 7", and check for fan failure logs using "show logging" 

D. Configure logging using commands "logging host 10.11.10.11", "logging trap 2", and check for fan failure logs at the syslog server 10.11.10.11 

Answer:


Q74. In DMVPN phase 2, which two EIGRP features need to be disabled on the hub to allow spoke-to-spoke communication? (Choose two.) 

A. autosummary 

B. split horizon 

C. metric calculation using bandwidth 

D. EIGRP address family 

E. next-hop-self 

F. default administrative distance 

Answer: B,E 


Q75. Refer to the exhibit. 

Which VPN solution does this configuration represent? 

A. DMVPN 

B. GETVPN 

C. FlexVPN 

D. site-to-site 

Answer:


Q76. The following configuration steps have been completeD. 

. WebVPN was enabled on the ASA outside interface. 

. SSL VPN client software was loaded to the ASA. 

. A DHCP scope was configured and applied to a WebVPN Tunnel Group. 

What additional step is required if the client software fails to load when connecting to the ASA SSL page? 

A. The SSL client must be loaded to the client by an ASA administrator 

B. The SSL client must be downloaded to the client via FTP 

C. The SSL VPN client must be enabled on the ASA after loading 

D. The SSL client must be enabled on the client machine before loading 

Answer:


Q77. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? 

A. group 10 

B. group 24 

C. group 5 

D. group 20 

Answer:


Q78. Refer to the exhibit. 

An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226. Which configuration needs to be added or changed? 

A. No configuration change is necessary. Everything is working correctly. 

B. OSPFv3 needs to be configured on the interface. 

C. NHRP needs to be configured to provide NBMA mapping. 

D. Tunnel mode needs to be changed to GRE IPv4. 

E. Tunnel mode needs to be changed to GRE IPv6. 

Answer:


Q79. Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.) 

A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution. 

B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default. 

C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions. 

D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices. 

E. Clientless SSLVPN provides Layer 3 connectivity into the secured network. 

Answer: C,D 


Q80. A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.) 

A. crypto isakmp policy 10 

encryption aes 254 

B. crypto isakmp policy 10 

encryption aes 192 

C. crypto isakmp policy 10 

encryption aes 256 

D. crypto isakmp policy 10 

encryption aes 196 

E. crypto isakmp policy 10 

encryption aes 199 

F. crypto isakmp policy 10 

encryption aes 64 

Answer: B,C 



see more free 300-209 exam dumps