Your success in Cisco 300-209 is our sole target and we develop all our 300-209 braindumps in a way that facilitates the attainment of this target. Not only is our 300-209 study material the best you can find, it is also the most detailed and the most updated. 300-209 Practice Exams for Cisco CCNP Security 300-209 are written to the highest standards of technical accuracy.

Q11. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks? 

A. site-to-site 

B. business-to-business 

C. Clientless SSL 

D. DMVPN 

Answer:


Q12. An IOS SSL VPN is configured to forward TCP ports. A remote user cannot access the corporate FTP site with a Web browser. What is a possible reason for the failure? 

A. The user's FTP application is not supported. 

B. The user is connecting to an IOS VPN gateway configured in Thin Client Mode. 

C. The user is connecting to an IOS VPN gateway configured in Tunnel Mode. 

D. The user's operating system is not supported. 

Answer:

Reference: 

http://www.cisco.com/c/en/us/support/docs/security/ssl-vpn-client/70664-IOSthinclient.html 

Thin-Client SSL VPN (Port Forwarding) 

A remote client must download a small, Java-based applet for secure access of TCP applications that use static port numbers. UDP is not supported. Examples include access to POP3, SMTP, IMAP, SSH, and Telnet. The user needs local administrative privileges because changes are made to files on the local machine. This method of SSL VPN does not work with applications that use dynamic port assignments, for example, several FTP applications. 


Q13. Refer to the exhibit. 

After the configuration is performed, which combination of devices can connect? 

A. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com" 

B. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com" 

C. a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com" 

D. a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com" 

Answer:


Q14. Which equation describes an elliptic curve? 

A. y3 = x3 + ax + b 

B. x3 = y2 + ab + x 

C. y4 = x2 + ax + b 

D. y2 = x3 + ax + b 

E. y2 = x2 + ax + b2 

Answer:


Q15. Which benefit of FlexVPN is not offered by DMVPN using IKEv1? 

A. Dynamic routing protocols can be configured. 

B. IKE implementation can install routes in routing table. 

C. GRE encapsulation allows for forwarding of non-IP traffic. 

D. NHRP authentication provides enhanced security. 

Answer:


Q16. What are two forms of SSL VPN? (Choose two.) 

A. port forwarding 

B. Full Tunnel Mode 

C. Cisco IOS WebVPN 

D. Cisco AnyConnect 

Answer: C,D 


Q17. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) 

A. key encryption key 

B. group encryption key 

C. user encryption key 

D. traffic encryption key 

Answer: A,D 


Q18. Which two parameters are configured within an IKEv2 proposal on an IOS router? (Choose two.) 

A. authentication 

B. encryption 

C. integrity 

D. lifetime 

Answer: B,C 


Q19. Which protocol supports high availability in a Cisco IOS SSL VPN environment? 

A. HSRP 

B. VRRP 

C. GLBP 

D. IRDP 

Answer:


Q20. Which two statements about the Cisco ASA Clientless SSL VPN solution are true? (Choose two.) 

A. When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution. 

B. The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default. 

C. A Cisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions. 

D. Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices. 

E. Clientless SSLVPN provides Layer 3 connectivity into the secured network. 

Answer: C,D