22 February, 2020

Implementing Cisco Secure Mobility Solutions (SIMOS) 300-209 Rapidshare

Your success in Cisco 300-209 is our sole target and we develop all our 300-209 braindumps in a way that facilitates the attainment of this target. Not only is our 300-209 study material the best you can find, it is also the most detailed and the most updated. 300-209 Practice Exams for Cisco 300-209 are written to the highest standards of technical accuracy.

Free 300-209 Demo Online For Cisco Certifitcation:

Page: 1 / 30

Total 362 questions Full Exam Access

Question 1

- (Exam Topic 2)
A user is trying to connect to a Cisco IOS device using clientless SSL VPN and cannot establish the connection. Which three commands can be used for troubleshooting of the AAA subsystem? (Choose three.)

debug aaa authentication

debug radius

debug vpn authorization error

debug ssl openssl errors

debug webvpn aaa

debug ssl error

Question 2

- (Exam Topic 1)
Which two parameters are specified in the isakmp (IKEv1) policy? (Choose two.)

the peer

the hashing algorithm

the session key

the authentication method

the transform-set

Question 3

- (Exam Topic 3)
Refer to the exhibit.
300-209 dumps exhibit

A NOC engineer is in the process of entering information into the Create New VPN Connection Entry fields. Which statement correctly describes how to do this?

In the Connection Entry field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.

In the Host field, enter the IP address of the remote client device.

In the Authentication tab, click the Group Authentication or Mutual Group Authentication radio button to enable symmetrical pre-shared key authentication.

In the Name field, enter the name of the connection profile as it is specified on the Cisco ASA appliance.

My answer: -

Reference answer: D

Reference analysis:

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client46/win/user/guide/vc4.html#
Step 1 Start the VPN Client by choosing Start > Programs > Cisco Systems VPN Client > VPN Client.
Step 2 The VPN Client application starts and displays the advanced mode main window (Figure 4-1). If you are not already there, open the Options menu in simple mode and choose Advanced Mode or press Ctrl-M.
$\"300-209$
Step 3 Select New from the toolbar or the Connection Entries menu. The VPN Client displays a form
$\"300-209$
Step 4 Enter a unique name for this new connection. You can use any name to identify this connection; for example, Engineering. This name can contain spaces, and it is not case-sensitive.
Step 5 Enter a description of this connection. This field is optional, but it helps further identify this connection. For example, Connection to Engineering remote server.
Step 6 Enter the hostname or IP address of the remote VPN device you want to access. Group Authentication
Your network administrator usually configures group authentication for you. If this is not the case, use the following procedure:
Step 1 Click the Group Authentication radio button.
Step 2 In the Name field, enter the name of the IPSec group to which you belong. This entry is case-sensitive. Step 3 In the Password field, enter the password (which is also case-sensitive) for your IPSec group. The field
displays only asterisks.
Step 4 Verify your password by entering it again in the Confirm Password field.

Question 4

- (Exam Topic 2)
Refer to the exhibit.
300-209 dumps exhibit

What technology does the given configuration demonstrate?

Keyring used to encrypt IPSec traffic

FlexVPN with IPV6

FlexVPN with AnyConnect

Crypto Policy to enable IKEv2

Question 5

- (Exam Topic 2)
Which algorithm provides both encryption and authentication for data plane communication?

SHA-96

SHA-384

3DES

AES-256

AES-GCM

RC4

Question 6

- (Exam Topic 1)
300-209 dumps exhibit

When a tunnel is initiated by the headquarter ASA, which one of the following Diffie-Hellman groups is selected by the headquarter ASA during CREATE_CHILD_SA exchange?

Question 7

- (Exam Topic 3)
300-209 dumps exhibit

Refer to the exhibit. Client 1 cannot communication with Client 2. Both clients are using Cisco AnyConnect and have established a successful SSL VPN connection to the hub ASA. Which command on the ASA is missing?

same-security-traffic permit inter-interface

same-security-traffic permit intera-interface

dns-server value 10.1.1.3

split-tunnel-network list

Question 8

- (Exam Topic 3)
Refer to the exhibit.
300-209 dumps exhibit

A junior network engineer configured the corporate Cisco ASA appliance to accommodate a new temporary worker. For security reasons, the IT department wants to restrict the internal network access of the new temporary worker to the corporate server, with an IP address of 10.0.4.10. After the junior network engineer finished the configuration, an IT security specialist tested the account of the temporary worker. The tester was able to access the URLs of additional secure servers from the WebVPN user account of the temporary worker.
What did the junior network engineer configure incorrectly?

The ACL was configured incorrectly.

The ACL was applied incorrectly or was not applied.

Network browsing was not restricted on the temporary worker group policy.

Network browsing was not restricted on the temporary worker user policy.

Question 9

- (Exam Topic 2)
Which technology is FlexVPN based on?

OER

VRF

IKEv2

an RSA nonce

Question 10

- (Exam Topic 3)
Refer to the exhibit.
300-209 dumps exhibit

What is the problem with the IKEv2 site-to-site VPN tunnel?

incorrect PSK

crypto access list mismatch

incorrect tunnel group

crypto policy mismatch

incorrect certificate

Question 11

- (Exam Topic 1)
What are two benefits of DMVPN Phase 3? (Choose two.)

Administrators can use summarization of routing protocol updates from hub to spokes.

It introduces hierarchical DMVPN deployments.

It introduces non-hierarchical DMVPN deployments.

It supports L2TP over IPSec as one of the VPN protocols.

Question 12

- (Exam Topic 1)
A private wan connection is suspected of intermittently corrupting data. Which technology can a network administrator use to detect and drop the altered data traffic?

AES-128

RSACertificates

SHA2-HMAC

3DES

Diffie-Helman Key Generation

Question 13

- (Exam Topic 2)
Which two statements about the Cisco ASAClientless SSL VPN solution are true? (Choose two.)

When a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.

The rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.

ACisco ASA with an AnyConnect Premium Peers license can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.

Content rewriter functionality in the Clientless SSL VPN portal is not supported on Apple mobile devices.

Clientless SSLVPN provides Layer 3 connectivity into the secured network.

Question 14

- (Exam Topic 2)
Which cryptographic algorithms are a part of the Cisco NGE suite?

HIPPADES

AES-CBC-128

RC4-128

AES-GCM-256

Question 15

- (Exam Topic 1)
An internet-based VPN solution is being considered to replace an existing private WAN connecting remote offices. A multimedia application is used that relies on multicast for communication. Which two VPN solutions meet the application's network requirement? (Choose two.)

FlexVPN

DMVPN

Group Encrypted Transport VPN

Crypto-map based Site-to-Site IPsec VPNs

AnyConnect VPN

Question 16

- (Exam Topic 1)
Refer to the exhibit.
300-209 dumps exhibit

After the configuration is performed, which combination of devices can connect?

a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name of "cisco.com"

a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 or a certificate with subject name containing "cisco.com"

a device with an identity type of IPv4 address of both 209.165.200.225 and 209.165.202.155 and a certificate with subject name containing "cisco.com"

a device with an identity type of IPv4 address of 209.165.200.225 or 209.165.202.155 or a certificate with subject name containing "cisco.com"

Question 17

- (Exam Topic 1)
Refer to the exhibit.
300-209 dumps exhibit

An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem?

IPsec will not work in conjunction with a group URL.

The Cisco AnyConnect implementation does not allow the two group URLs to be the sam

SSL does allow this.

If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group).

A new XML profile should be created instead of modifying the existing profile, so that the clients force the update.

Question 18

- (Exam Topic 1)
What are two forms of SSL VPN? (Choose two.)

port forwarding

Full Tunnel Mode

Cisco IOS WebVPN

Cisco AnyConnect

Question 19

- (Exam Topic 3)
Which PKI enrollment method allows the user to separate authentication and enrollment actions and also provides an option to specify HTTP/TFTP commands to perform file retrieval from the server?

enrollment profile

enrollment terminal

enrollment url

enrollment selfsigned

Question 20

- (Exam Topic 1)
An administrator wishes to limit the networks reachable over the Anyconnect VPN tunnels. Which configuration on the ASA will correctly limit the networks reachable to 209.165.201.0/27 and 209.165.202.128/27?

access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224!group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list value splitlist

group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes split-tunnel-policy tunnelspecifiedsplit-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

access-list splitlist standard permit 209.165.201.0 255.255.255.224 access-list splitlist standard permit 209.165.202.128 255.255.255.224!crypto anyconnect vpn-tunnel-policy tunnelspecified crypto anyconnect vpn-tunnel-network-list splitlist

crypto anyconnect vpn-tunnel-policy tunnelspecifiedcrypto anyconnect split-tunnel-network-list ipv4 1 209.165.201.0 255.255.255.224crypto anyconnect split-tunnel-network-list ipv4 2 209.165.202.128 255.255.255.224

Question 21

- (Exam Topic 1)
A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements?

Clientless SSLVPN

AnyConnect Client using SSLVPN

AnyConnect Client using IKEv2

FlexVPN Client

Windows built-in PPTP client

Question 22

What is the name of the transform set being used on the ISR?

Default

ESP-AESESP-SHA-HMAC

SP-AES-256-MD5-TRANS

TSET

Question 23

- (Exam Topic 2)
An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA

Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM

Under the TNDPolicy XML section within the Local Preferences file on the client computer

Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Question 24

- (Exam Topic 1)
An engineer is troubleshooting DMVPN and wants to check if traffic flows in only one direction

show crypto ipsec sa

show crypto lkev2 sa

show crypto isakmp as

show crypto angina accelerator statistics

Question 25

- (Exam Topic 3)
An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL.
To get the connection to work and transfer the demonstration, what should the engineer do?

Change the MTU size on the IPsec client to account for the change from DSL to cable transmission.

Enable the local LAN access option on the IPsec client.

Enable the IPsec over TCP option on the IPsec client.

Enable the clientless SSL VPN option on the PC.

Question 26

- (Exam Topic 1)
A custom desktop application needs to access an internal server. An administrator is tasked with configuring the company's SSL VPN gateway to allow remote users to work. Which two technologies would accommodate the company's requirement? (Choose two).

AnyConnect client

Smart Tunnels

Email Proxy

Content Rewriter

Portal Customizations

Question 27

- (Exam Topic 1)
Drag and drop the debug messages on the left onto the associated function during trouble shooting on the right.
300-209 dumps exhibit

Solution:
300-209 dumps exhibit

Does this meet the goal?

Yes

Question 28

- (Exam Topic 2)
Which two are features of GETVPN but not DMVPN and FlexVPN? (Choose two.)

one IPsec SA for all encrypted traffic

no requirement for an overlay routing protocol

design for use over public or private WAN

sequence numbers that enable scalable replay checking

enabled use of ESP or AH

preservation of IP protocol in outer header

Question 29

- (Exam Topic 3)
Which DAP endpoint attribute checks for the matching MAC address of a client machine?

device

process

antispyware

BIA

Page: 1 / 30

Total 362 questions Full Exam Access