The Regenerate Guide To 300-209 preparation labs Jun 2017

Act now and download your Cisco 300-209 test today! Do not waste time for the worthless Cisco 300-209 tutorials. Download Most recent Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) exam with real questions and answers and begin to learn Cisco 300-209 with a classic professional.


The article at Testaimer.com going over http://www.testaimer.com/300-209-test is very comprehensive.

Q111. Which two qualify as Next Generation Encryption integrity algorithms? (Choose two.) 

A. SHA-512 

B. SHA-256 

C. SHA-192 

D. SHA-380 

E. SHA-192 

F. SHA-196 

Answer: A,B 


Q112. Which command will prevent a group policy from inheriting a filter ACL in a clientless SSL VPN? 

A. vpn-filter none 

B. no vpn-filter 

C. filter value none 

D. filter value ACLname 

Answer:

Reference: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/v.html#pgfId-1842564 


Q113. What are two benefits of DMVPN Phase 3? (Choose two.) 

A. Administrators can use summarization of routing protocol updates from hub to spokes. 

B. It introduces hierarchical DMVPN deployments. 

C. It introduces non-hierarchical DMVPN deployments. 

D. It supports L2TP over IPSec as one of the VPN protocols. 

Answer: A,B 


Q114. Refer to the exhibit. 

The customer can establish an AnyConnect connection on the first attempt only. Subsequent attempts fail. What might be the issue? 

A. IKEv2 is blocked over the path. 

B. UserGroup must be different than the name of the connection profile. 

C. The primary protocol should be SSL. 

D. UserGroup must be the same as the name of the connection profile. 

Answer:


Q115. Refer to the exhibit. 

Which technology is represented by this configuration? 

A. AAA for FlexVPN 

B. AAA for EzVPN 

C. TACACS+ command authorization 

D. local command authorization 

Answer:


Q116. Where do you configure AnyConnect certificate-based authentication in ASDM? 

A. group policies 

B. AnyConnect Connection Profile 

C. AnyConnect Client Profile 

D. Advanced Network (Client) Access 

Answer:


Q117. A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real-Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.) 

A. Client's public IP address 

B. Client's operating system 

C. Client's default gateway IP address 

D. Client's username 

E. ASA's public IP address 

Answer: A,D 


Q118. As network security architect, you must implement secure VPN connectivity among company branches over a private IP cloud with any-to-any scalable connectivity. Which.technology should you use? 

A. IPsec DVTI 

B. FlexVPN 

C. DMVPN 

D. IPsec SVTI 

E. GET VPN 

Answer:


Q119. Which protocol supports high availability in a Cisco IOS SSL VPN environment? 

A. HSRP 

B. VRRP 

C. GLBP 

D. IRDP 

Answer:


Q120. Scenario: 

You are the senior network security administrator for your organization. Recently and junior engineer configured a site-to-site IPsec VPN connection between your headquarters Cisco ASA and a remote branch office. 

You are now tasked with verifying the IKEvl IPsec installation to ensure it was properly configured according to designated parameters. Using the CLI on both the Cisco ASA and branch ISR, verify the IPsec configuration is properly configured between the two sites. 

NOTE: the show running-config command cannot be used for this exercise. 

Topology: 

at is being used as the authentication method on the branch ISR? 

A. Certifcates 

B. Pre-shared keys 

C. RSA public keys 

D. Diffie-Hellman Group 2 

Answer:

Explanation: 

The show crypto isakmp key command shows the preshared key of “cisco”.