What Far out 300-209 Is?

Want to know Exambible 300-209 Exam practice test features? Want to lear more about Cisco Implementing Cisco Secure Mobility Solutions (SIMOS) certification experience? Study Downloadable Cisco 300-209 answers to Abreast of the times 300-209 questions at Exambible. Gat a success with an absolute guarantee to pass Cisco 300-209 (Implementing Cisco Secure Mobility Solutions (SIMOS)) test on your first attempt.


The article at Testaimer.com going over http://www.testaimer.com/300-209-test is very comprehensive.

Q81. On which Cisco platform are dynamic virtual template interfaces available? 

A. Cisco Adaptive Security Appliance 5585-X 

B. Cisco Catalyst 3750X 

C. Cisco Integrated Services Router Generation 2 

D. Cisco Nexus 7000 

Answer:


Q82. Which cryptographic algorithms are approved to protect Top Secret information? 

A. HIPPA DES 

B. AES-128 

C. RC4-128 

D. AES-256 

Answer:


Q83. In the Cisco ASDM interface, where do you enable the DTLS protocol setting? 

A. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy 

B. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit 

C. Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

D. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit 

Answer:

Reference: 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect20/admini strative/guide/admin/admin5.html 

Shows where DTLS can be configured as: 

. Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client 

. Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 

.Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client 


Q84. A company needs to provide secure access to its remote workforce. The end users use public kiosk computers and a wide range of devices. They will be accessing only an internal web application. Which VPN solution satisfies these requirements? 

A. Clientless SSLVPN 

B. AnyConnect Client using SSLVPN 

C. AnyConnect Client using IKEv2 

D. FlexVPN Client 

E. Windows built-in PPTP client 

Answer:


Q85. You are troubleshooting a site-to-site VPN issue where the tunnel is not establishing. After issuing the debug crypto ipsec command on the headend router, you see the following output. What does this output suggest? 

1d00h: IPSec (validate_proposal): transform proposal 

(port 3, trans 2, hmac_alg 2) not supported 

1d00h: ISAKMP (0:2) : atts not acceptable. Next payload is 0 

1d00h: ISAKMP (0:2) SA not acceptable 

A. Phase 1 policy does not match on both sides. 

B. The Phase 2 transform set does not match on both sides. 

C. ISAKMP is not enabled on the remote peer. 

D. The crypto map is not applied on the remote peer. 

E. The Phase 1 transform set does not match on both sides. 

Answer:


Q86. Based on the provided ASDM configuration for the remote ASA, which one of the following is correct?

A. An access-list must be configured on the outside interface to permit inbound VPN traffic 

B. A route to 192.168.22.0/24 will not be automatically installed in the routing table 

C. The ASA will use a window of 128 packets (64x2) to perform the anti-replay check _ 

D. The tunnel can also be established on TCP port 10000 

Answer:

Explanation: 

Cisco IP security (IPsec) authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. The decryptor keeps track of which packets it has seen on the basis of these numbers. Currently, the default window size is 64 packets. Generally, this number (window size) is sufficient, but there are times when you may want to expand this window size. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets. 


Q87. Which VPN type can be used to provide secure remote access from public internet cafes and airport kiosks? 

A. site-to-site 

B. business-to-business 

C. Clientless SSL 

D. DMVPN 

Answer:


Q88. Which two statements comparing.ECC and RSA are true? (Choose two.) 

A. ECC can have the same security as RSA but with a shorter key size. 

B. ECC lags in performance when compared with RSA. 

C. Key generation in ECC is slower and less CPU intensive. 

D. ECC cannot have the same security as RSA, even with an increased key size. 

E. Key generation in ECC is faster and less CPU intensive. 

Answer: A,E 


Q89. A rogue static route is installed in the routing table of a Cisco FlexVPN and is causing 

traffic to be blackholed. Which command should be used to identify the peer from which that route originated? 

A. show crypto ikev2 sa detail 

B. show crypto route 

C. show crypto ikev2 client flexvpn 

D. show ip route eigrp 

E. show crypto isakmp sa detail 

Answer:


Q90. Which NGE IKE Diffie-Hellman group identifier has the strongest cryptographic properties? 

A. group 10 

B. group 24 

C. group 5 

D. group 20 

Answer: