Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?
A.
more system:running-config
B.
show running-config crypto
C.
show running-config tunnel-group
D.
show running-config tunnel-group-map
E.
clear config tunnel-group
F.
show ipsec policy
Explanation:
answer is valid
hey, got some new 300-209 exam questions and wish you can help me check answers:
QUESTION 240
A network engineer must configure a now VPN tunnel Utilizing IKEv2 For with three reasons would a configuration use IKEv2 instead d KEv1? (Choose three.)
A. increased hash size
B. DOS protection
C. Preshared keys are used for authentication.
D. RSA-Sig used for authentication
E. native NAT traversal
F. asymmetric authentication
Answer: BCD
QUESTION 241
A network engineer is troubleshooting a site VPN tunnel configured on a Cisco ASA and wants to validate that the tunnel is sending and receiving traffic. Which command accomplishes this task?
A. show crypto ikev1 sa peer
B. show crypto ikev2 sa peer
C. show crypto ipsec sa peer
D. show crypto isakmp sa peer
Answer: C
QUESTION 242
When troubleshooting clientless SSL VPN connections, which option can be verified on the client PC?
A. address assignment
B. DHCP configuration
C. tunnel group attributes
D. host file misconfiguration
Answer: C
QUESTION 243
Which two commands are include in the command show dmvpn detail? (Choose two.)
A. Show ip nhrp
B. Show ip nhrp nhs
C. Show crypto ipsec sa detail
D. Show crypto session detail
E. Show crypto sockets
Answer: CE
QUESTION 244
An engineer has integrated a new DMVPN to link remote offices across the internet using Cisco IOS routers. When connecting to remote sites, pings and voice data appear to flow properly and all tunnel stats seem to show that are up. However, when trying to connect to a remote server using RDP, the connection fails. Which action resolves this issue?
A. Change DMVPN timeout values.
B. Adjust the MTU size within the routers.
C. Replace certificate on the RDP server.
D. Add RDP port to the extended ACL.
Answer: C
QUESTION 245
Which feature is a benefit of Dynamic Multipoint VPN?
A. geographic filtering of spoke devices
B. translation PAT
C. rotating wildcard preshared keys
D. dynamic spoke-to spoke tunnel establishment
Answer: D
QUESTION 246
An engineer has configured Cisco AnyConnect VPN using IKEv2 on a Cisco ISO router. The user cannot connect in the Cisco AnyConnect client, but receives an alert message “Use a browser to gain access.” Which action does the engineer take to eliminate this issue?
A. Reset user login credentials.
B. Disable the HTTP server.
C. Correct the URL address.
D. Connect using HTTPS.
Answer: C
QUESTION 247
Refer to the exhibit. A network administrator is running DMVPN with EIGRP, when the administrator looks at the routing table on spoken 1 it displays a route to the hub only.
Which command is missing on the hub router, which includes spoke 2 and spoke 3 in the spoke 1 routing table?
A. no inverse arp
B. neighbor (ip address)
C. no ip split-horizon egrp 1
D. redistribute static
Answer: A
QUESTION 248
Which algorithm provides both encryption and authentication for plane communication?
A. RC4
B. SHA-384
C. AES-256
D. SHA-96
E. 3DES
F. AES-GCM
Answer: F
i got these new questions from:https://drive.google.com/folderview?id=0B272WrTALRHcRmVtQ29JNWk3Nzg&usp=sharing
Besides, you also can get 300-209 pdf and vce dumps at:https://www.braindump2go.com/300-209.html (2017 319q&as version), this file is updated on Aug 2, 2017, can have a look.
One of the best ways to prepare Cisco 300-209 exam is with CCNP Security 300-209 braindumps questions answers with Cisco – Implementing Cisco Secure Mobility Solutions (SIMOS) practice test software. Braindumps4IT provides one of the best CCNP Security exam dumps for Cisco students. Prepare Cisco – Implementing Cisco Secure Mobility Solutions (SIMOS) exam from our 300-209 practice test and be certified. https://www.braindumps4it.com/braindumps-300-209.html