Download Implementing Cisco Secure Mobility Solutions (SIMOS).300-209.2017-09-05.1e.398q.vcex

Download Exam

File Info

Exam Implementing Cisco Secure Mobility Solutions
Number 300-209
File Name Implementing Cisco Secure Mobility Solutions (SIMOS).300-209.2017-09-05.1e.398q.vcex
Size 31.52 Mb
Posted September 05, 2017
Downloads 28
Download Implementing Cisco Secure Mobility Solutions (SIMOS).300-209.2017-09-05.1e.398q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

The following configuration steps have been completeD.
WebVPN was enabled on the ASA outside interface.
SSL VPN client software was loaded to the ASA.
A DHCP scope was configured and applied to a WebVPN Tunnel Group.
What additional step is required if the client software fails to load when connecting to the ASA SSL page?

  • A: The SSL client must be loaded to the client by an ASA administrator
  • B: The SSL client must be downloaded to the client via FTP
  • C: The SSL VPN client must be enabled on the ASA after loading
  • D: The SSL client must be enabled on the client machine before loading

Correct Answer: C




Question 2

An administrator desires that when work laptops are not connected to the corporate network, they should automatically initiate an AnyConnect VPN tunnel back to headquarters. Where does the administrator configure this?

  • A: Via the svc trusted-network command under the group-policy sub-configuration mode on the ASA
  • B: Under the "Automatic VPN Policy" section inside the Anyconnect Profile Editor within ASDM
  • C: Under the TNDPolicy XML section within the Local Preferences file on the client computer
  • D: Via the svc trusted-network command under the global webvpn sub-configuration mode on the ASA

Correct Answer: C




Question 3

Which Cisco adaptive security appliance command can be used to view the IPsec PSK of a tunnel group in cleartext?

  • A: more system:running-config
  • B: show running-config crypto
  • C: show running-config tunnel-group
  • D: show running-config tunnel-group-map
  • E: clear config tunnel-group
  • F: show ipsec policy

Correct Answer: A

answer is valid




Question 4

Regarding licensing, which option will allow IKEv2 connections on the adaptive security appliance?

  • A: AnyConnect Essentials can be used for Cisco AnyConnect IKEv2 connections.
  • B: IKEv2 sessions are not licensed.
  • C: The Advanced Endpoint Assessment license must be installed to allow Cisco AnyConnect IKEv2 sessions.
  • D: Cisco AnyConnect Mobile must be installed to allow AnyConnect IKEv2 sessions.

Correct Answer: B




Question 5

Which two troubleshooting steps should be taken when Cisco AnyConnect cannot establish an IKEv2 connection, while SSL works fine? (Choose two.)

  • A: Verify that the primary protocol on the client machine is set to IPsec.
  • B: Verify that AnyConnect is enabled on the correct interface.
  • C: Verify that the IKEv2 protocol is enabled on the group policy.
  • D: Verify that ASDM and AnyConnect are not using the same port.
  • E: Verify that SSL and IKEv2 certificates are not referencing the same trustpoint.

Correct Answer: AC




Question 6

The Cisco AnyConnect client is unable to download an updated user profile from the ASA headend using IKEv2. What is the most likely cause of this problem?

  • A: User profile updates are not allowed with IKEv2.
  • B: IKEv2 is not enabled on the group policy.
  • C: A new profile must be created so that the adaptive security appliance can push it to the client on the next connection attempt.
  • D: Client Services is not enabled on the adaptive security appliance.

Correct Answer: C

verified answer




Question 7

The Cisco AnyConnect client fails to connect via IKEv2 but works with SSL. The following error message is displayed:
"Login Denied, unauthorized connection mechanism, contact your administrator"
What is the most possible cause of this problem?

  • A: DAP is terminating the connection because IKEv2 is the protocol that is being used.
  • B: The client endpoint does not have the correct user profile to initiate an IKEv2 connection.
  • C: The AAA server that is being used does not authorize IKEv2 as the connection mechanism.
  • D: The administrator is restricting access to this specific user.
  • E: The IKEv2 protocol is not enabled in the group policy of the VPN headend.

Correct Answer: E




Question 8

Refer to the exhibit.

   
An administrator is adding IPv6 addressing to an already functioning tunnel. The administrator is unable to ping 2001:DB8:100::2 but can ping 209.165.200.226.
Which configuration needs to be added or changed?

  • A: No configuration change is necessary. Everything is working correctly.
  • B: OSPFv3 needs to be configured on the interface.
  • C: NHRP needs to be configured to provide NBMA mapping.
  • D: Tunnel mode needs to be changed to GRE IPv4.
  • E: Tunnel mode needs to be changed to GRE IPv6.

Correct Answer: E




Question 9

Refer to the exhibit.

   
An IPsec peer is exchanging routes using IKEv2, but the routes are not installed in the RIB.
Which configuration error is causing the failure?

  • A: IKEv2 routing requires certificate authentication, not pre-shared keys.
  • B: An invalid administrative distance value was configured.
  • C: The match identity command must refer to an access list of routes.
  • D: The IKEv2 authorization policy is not referenced in the IKEv2 profile.

Correct Answer: B




Question 10

Refer to the exhibit.

   
Which authentication method was used by the remote peer to prove its identity?

  • A: Extensible Authentication Protocol
  • B: certificate authentication
  • C: pre-shared key
  • D: XAUTH

Correct Answer: C










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files