★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-209 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-209-dumps.html


Want to know Exambible 300-209 Exam practice test features? Want to lear more about Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) certification experience? Study Accurate Cisco 300-209 answers to Latest 300-209 questions at Exambible. Gat a success with an absolute guarantee to pass Cisco 300-209 (Implementing Cisco Secure Mobility Solutions (SIMOS)) test on your first attempt.

2021 Mar 300-209 practice question

Q71. Refer to the exhibit. 

An administrator had the above configuration working with SSL protocol, but as soon as the administrator specified IPsec as the primary protocol, the Cisco AnyConnect client was not able to connect. What is the problem? 

A. IPsec will not work in conjunction with a group URL. 

B. The Cisco AnyConnect implementation does not allow the two group URLs to be the same. SSL does allow this. 

C. If you specify the primary protocol as IPsec, the User Group must be the exact name of the connection profile (tunnel group). 

D. A new XML profile should be created instead of modifying the existing profile, so that the clients force the update. 

Answer:


Q72. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

Answer:

Explanation: 

The show crypto isakmp key command shows the preshared key of “cisco”. 


Q73. Which two IKEv1 policy options must match on each peer when you configure an IPsec site-to-site VPN? (Choose two.) 

A. priority number 

B. hash algorithm 

C. encryption algorithm 

D. session lifetime 

E. PRF algorithm 

Answer: B,C 


Q74. Which statement regarding GET VPN is true? 

A. TEK rekeys can be load-balanced between two key servers operating in COOP. 

B. When you implement GET VPN with VRFs, all VRFs must be defined in the GDOI group configuration on the key server. 

C. Group members must acknowledge all KEK and TEK rekeys, regardless of configuration. 

D. The configuration that defines which traffic to encrypt is present only on the key server. 

E. The pseudotime that is used for replay checking is synchronized via NTP. 

Answer:


Q75. Scenario 

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation. 

Note: Not all screens or option selections are active for this exercise. 

Topology 

Default_Home 

Which address range will be assigned to the AnyConnect users? 

A. 10.10.15.40-50/24 

B. 209.165.201.20-30/24 

C. 192.168.1.100-150/24 

D. 10.10.15.20-30/24 

Answer:

Explanation: 

First Navigate to the Configuration -> Remote Access VPN tab and then choose the “AnyConnect Connection Profile as shown below: 

C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png 

Then, clicking on the AnyConnect Profile at the bottom will bring you to the edit page shown below: 

C:\Users\danielkeller\AppData\Local\Microsoft\Windows\INetCache\Content.Word\Capture. png 

From here, click the Select button on the “VPN_Address_Pool” and you will see the following pools defined: 

Here we see that the VPN_Address_Pool contains the IP address range of 10.10.15.20-10.10.15.30/24. 


Leading 300-209 rapidshare:

Q76. A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889? 

A. auto applet download 

B. port forwarding 

C. web-type ACL 

D. HTTP proxy 

Answer:


Q77. Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) 

A. key encryption key 

B. group encryption key 

C. user encryption key 

D. traffic encryption key 

Answer: A,D 


Q78. Which.protocol must be enabled on the inside interface to use cluster encryption in SSL VPN load balancing? 

A. TLS 

B. DTLS 

C. IKEv2 

D. ISAKMP 

Answer:


Q79. As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which.technology should you use? 

A. IPsec DVTI 

B. FlexVPN 

C. DMVPN 

D. IPsec SVTI 

E. GET VPN 

Answer:


Q80. Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? 

A. The Cisco AnyConnect Secure Mobility Client must be installed in flash. 

B. A SiteMinder plug-in must be installed on the Cisco SSL VPN gateway. 

C. A Cisco plug-in must be installed on a SiteMinder server. 

D. The Cisco Secure Desktop software package must be installed in flash. 

Answer: